|
1. A system for preventing exfiltration of training data by feature reconstruction attacks on model instances trained on the training data during a training job, comprising: a privacy interface that presents a plurality of modulators for a plurality of training parameters; modulators in the plurality of modulators configured to respond to selection commands via the privacy interface to trigger procedural calls that modify corresponding training parameters in the plurality of training parameters for respective training cycles in the training job; a trainer configured to execute the training cycles in dependence on the modified training parameters, and determine a performance accuracy of the model instances for each of the executed training cycles; a differential privacy estimator configured to estimate a privacy guarantee for each of the executed training cycles in dependence on the modified training parameters; a feedback provider configured to visualize, on the privacy interface, the privacy guarantee, the performance accuracy, and the modified training parameters for each of the executed training cycles; and a susceptibility predictor that determines, in dependence on the modified training parameters, susceptibility of the model instances to the feature reconstruction attacks, including model inversion attacks, member inference attacks, and gradient leakage attacks.
|
