waypoint 03home / Research / A Survey on Privacy-Preserving Machine Learning: Toward Feature-Level Selective Protection
- status
- Completed
- year
- 2026
- type
- Survey Paper
A Survey on Privacy-Preserving Machine Learning: Toward Feature-Level Selective Protection
A survey paper reviewing major privacy risks, protection techniques, and feature-level selective protection in privacy-preserving machine learning.
Abstract
This survey paper examines privacy-preserving machine learning as a growing research area shaped by the use of sensitive data in modern machine learning systems. It begins by discussing how trained models, prediction outputs, gradients, parameters, and shared updates can expose private information, even when raw datasets are not directly released. The paper reviews major privacy attacks, including membership inference, model inversion, reconstruction attacks, gradient leakage, property inference, and white-box inference, showing that privacy risks can appear across both centralized and distributed learning settings. It then organizes existing privacy-preserving approaches into several main families: cryptographic methods, perturbation-based methods, federated learning, and hybrid or selective techniques. Cryptographic approaches such as secure multi-party computation, homomorphic encryption, fully homomorphic encryption, and multi-key homomorphic encryption are discussed as strong protection mechanisms for training or inference over private data, while also being limited by high computation, memory, communication overhead, and model adaptation requirements. Differential privacy is reviewed through methods such as DP-SGD, PATE, and label differential privacy, showing how controlled noise can limit individual-level leakage, but may also reduce model accuracy or require careful privacy-budget management. Federated learning is presented as a distributed learning approach that keeps raw data local, but the paper also explains why shared gradients and model updates can still leak sensitive information unless additional mechanisms such as secure aggregation, differential privacy, or encryption are applied. The central direction of the survey is selective and feature-level privacy protection. Instead of protecting all data, all features, or all computations uniformly, the paper argues that privacy mechanisms can be applied more strategically by considering which features are important for prediction and which features are sensitive from a privacy perspective. The survey discusses examples such as label differential privacy, feature selection before encrypted learning, and chunk-based encrypted image classification to show that selective protection can reduce unnecessary overhead while preserving useful model performance. The main research gap identified by the paper is the lack of a general framework that connects feature importance, feature sensitivity, and selective privacy protection across different data types and model families. The paper positions feature-importance-based selective protection as a promising future direction, where important and sensitive features can receive stronger protection through encryption, perturbation, masking, or hybrid methods, while the resulting system is evaluated by privacy risk, model utility, and computational cost.
Researcher
Bilal Abdulhadi
Supervisor
Prof. Dr. Guray Yilmaz
pdf.preview
Download PDF