Modern Privacy-preserving Machine Learning: Rigorous Approach for Data Privacy

Overview

The rapid proliferation of machine learning (ML) across diverse domains has amplified concerns over the privacy of sensitive data used in training models, necessitating robust privacy-preserving techniques. This dissertation, submitted in partial fulfillment of the requirements for a Doctor of Philosophy at King Abdullah University of Science and Technology, advances the field of privacy-preserving ML through a rigorous exploration of differential privacy (DP). Focusing on four critical areas---federated learning (FL), hyper-parameter tuning, and privacy auditing---this work addresses pressing challenges in modern ML systems. For federated learning, a novel co-design strategy integrates DP with Byzantine resilience, achieving state-of-the-art robustness against adversarial attacks while maintaining formal privacy guarantees.

The dissertation revisits hyper-parameter tuning, refining privacy bounds using the f-DP framework and demonstrating through empirical audits that existing estimates overestimate leakage, thus enhancing utility within privacy constraints. Finally, a unified information-theoretic framework for privacy auditing is proposed, improving efficiency and tightness of privacy estimates for large-scale DP systems, such as those involving large language models. Supported by theoretical proofs, extensive experiments, and practical insights, these contributions collectively establish a foundation for secure, scalable, and privacy-compliant ML. This work not only bridges theoretical and empirical privacy assessments but also paves the way for future innovations in safeguarding sensitive data in an increasingly data-driven world.