Machine learning techniques have been widely used and shown remarkable performance in various fields. Along with the widespread utilization of machine learning, concerns about privacy violations have been raised. Recently, as privacy invasion attacks on machine learning models have been reported, research on privacy-preserving machine learning has been conducted. In particular, in the field of differential privacy, which is the rigorous notion of privacy, various mechanisms have been proposed to preserve privacy of machine learning models. However, there is a lack of research that analyzes the relationship between the degree of privacy guarantee and substantial privacy breach attacks. In this paper, we analyze the relationship between differentially private models and privacy breach attacks according to the degree of privacy preservation and study how to set appropriate privacy parameters. In particular, we focus on the model inversion attack for decision trees and analyze various differentially private decision tree algorithms over the attack. Our main finding from investigating the trade-off between data privacy and model utility is that well-designed differentially private algorithms can significantly mitigate the substantial privacy invasion attack while preserving model utility.

机器学习技术已被广泛使用，并在各个领域表现出卓越的性能。随着机器学习的广泛应用，人们对侵犯隐私的担忧也被提出。最近，随着对机器学习模型的隐私入侵攻击的报道，已经进行了隐私保护机器学习的研究。特别是在差分隐私领域，这是严格的隐私概念，已经提出了各种机制来保护机器学习模型的隐私。然而，缺乏对隐私保障程度与实质性隐私泄露攻击之间关系的研究。在本文中，我们根据隐私保护程度来分析差分隐私模型与隐私泄露攻击之间的关系，并研究如何设置合适的隐私参数。特别是，我们专注于决策树的模型反演攻击，并分析了针对该攻击的各种差分私有决策树算法。通过调查数据隐私和模型效用之间的权衡，我们的主要发现是，精心设计的差异私有算法可以显着减轻实质性的隐私入侵攻击，同时保留模型效用。