Privacy-Preserving Machine Learning: Methods, Challenges and Directions
Runhua Xu, Nathalie Baracaldo, James Joshi
TL;DR
<3-5 sentence high-level summary> The paper surveys privacy-preserving machine learning (PPML) methodologies, proposing the Phase-Guarantee-Utility (PGU) framework to evaluate privacy, scope, and performance across ML pipelines. It categorizes PPML techniques into data publishing, data processing, architectural, and hybrid approaches, and analyzes their impact on utility and scalability while detailing privacy guarantees from object- and pipeline-oriented perspectives. It also highlights open challenges—such as formalizing privacy definitions, attack-defense strategies, and efficient deployment—and outlines cross-disciplinary directions to advance robust and private ML systems. By unifying disparate PPML threads, the work aims to guide future research toward comprehensive, practical privacy protections without prohibitive losses in utility.
Abstract
Machine learning (ML) is increasingly being adopted in a wide variety of application domains. Usually, a well-performing ML model relies on a large volume of training data and high-powered computational resources. Such a need for and the use of huge volumes of data raise serious privacy concerns because of the potential risks of leakage of highly privacy-sensitive information; further, the evolving regulatory environments that increasingly restrict access to and use of privacy-sensitive data add significant challenges to fully benefiting from the power of ML for data-driven applications. A trained ML model may also be vulnerable to adversarial attacks such as membership, attribute, or property inference attacks and model inversion attacks. Hence, well-designed privacy-preserving ML (PPML) solutions are critically needed for many emerging applications. Increasingly, significant research efforts from both academia and industry can be seen in PPML areas that aim toward integrating privacy-preserving techniques into ML pipeline or specific algorithms, or designing various PPML architectures. In particular, existing PPML research cross-cut ML, systems and applications design, as well as security and privacy areas; hence, there is a critical need to understand state-of-the-art research, related challenges and a research roadmap for future research in PPML area. In this paper, we systematically review and summarize existing privacy-preserving approaches and propose a Phase, Guarantee, and Utility (PGU) triad based model to understand and guide the evaluation of various PPML solutions by decomposing their privacy-preserving functionalities. We discuss the unique characteristics and challenges of PPML and outline possible research directions that leverage as well as benefit multiple research communities such as ML, distributed systems, security and privacy.