On Deep Learning with Label Differential Privacy
- URL: http://arxiv.org/abs/2102.06062v1
- Date: Thu, 11 Feb 2021 15:09:06 GMT
- Title: On Deep Learning with Label Differential Privacy
- Authors: Badih Ghazi, Noah Golowich, Ravi Kumar, Pasin Manurangsi, Chiyuan
Zhang
- Abstract summary: We study the multi-class classification setting where the labels are considered sensitive and ought to be protected.
We propose a new algorithm for training deep neural networks with label differential privacy, and run evaluations on several datasets.
- Score: 54.45348348861426
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: In many machine learning applications, the training data can contain highly
sensitive personal information. Training large-scale deep models that are
guaranteed not to leak sensitive information while not compromising their
accuracy has been a significant challenge. In this work, we study the
multi-class classification setting where the labels are considered sensitive
and ought to be protected. We propose a new algorithm for training deep neural
networks with label differential privacy, and run evaluations on several
datasets. For Fashion MNIST and CIFAR-10, we demonstrate that our algorithm
achieves significantly higher accuracy than the state-of-the-art, and in some
regimes comes close to the non-private baselines. We also provide non-trivial
training results for the the challenging CIFAR-100 dataset. We complement our
algorithm with theoretical findings showing that in the setting of convex
empirical risk minimization, the sample complexity of training with label
differential privacy is dimension-independent, which is in contrast to vanilla
differential privacy.
Related papers
- Locally Differentially Private Gradient Tracking for Distributed Online
Learning over Directed Graphs [2.1271873498506038]
We propose a locally differentially private gradient tracking based distributed online learning algorithm.
We prove that the proposed algorithm converges in mean square to the exact optimal solution while ensuring rigorous local differential privacy.
arXiv Detail & Related papers (2023-10-24T18:15:25Z) - Uncertainty Estimation by Fisher Information-based Evidential Deep
Learning [61.94125052118442]
Uncertainty estimation is a key factor that makes deep learning reliable in practical applications.
We propose a novel method, Fisher Information-based Evidential Deep Learning ($mathcalI$-EDL)
In particular, we introduce Fisher Information Matrix (FIM) to measure the informativeness of evidence carried by each sample, according to which we can dynamically reweight the objective loss terms to make the network more focused on the representation learning of uncertain classes.
arXiv Detail & Related papers (2023-03-03T16:12:59Z) - Reconstructing Training Data from Model Gradient, Provably [68.21082086264555]
We reconstruct the training samples from a single gradient query at a randomly chosen parameter value.
As a provable attack that reveals sensitive training data, our findings suggest potential severe threats to privacy.
arXiv Detail & Related papers (2022-12-07T15:32:22Z) - Mixed Differential Privacy in Computer Vision [133.68363478737058]
AdaMix is an adaptive differentially private algorithm for training deep neural network classifiers using both private and public image data.
A few-shot or even zero-shot learning baseline that ignores private data can outperform fine-tuning on a large private dataset.
arXiv Detail & Related papers (2022-03-22T06:15:43Z) - Efficient Encrypted Inference on Ensembles of Decision Trees [21.570003967858355]
Data privacy concerns often prevent the use of cloud-based machine learning services for sensitive personal data.
We propose a framework to transfer knowledge extracted by complex decision tree ensembles to shallow neural networks.
Our system is highly scalable and can perform efficient inference on batched encrypted (134 bits of security) data with amortized time in milliseconds.
arXiv Detail & Related papers (2021-03-05T01:06:30Z) - Quasi-Global Momentum: Accelerating Decentralized Deep Learning on
Heterogeneous Data [77.88594632644347]
Decentralized training of deep learning models is a key element for enabling data privacy and on-device learning over networks.
In realistic learning scenarios, the presence of heterogeneity across different clients' local datasets poses an optimization challenge.
We propose a novel momentum-based method to mitigate this decentralized training difficulty.
arXiv Detail & Related papers (2021-02-09T11:27:14Z) - DISCO: Dynamic and Invariant Sensitive Channel Obfuscation for deep
neural networks [19.307753802569156]
We propose DISCO which learns a dynamic and data driven pruning filter to selectively obfuscate sensitive information in the feature space.
We also release an evaluation benchmark dataset of 1 million sensitive representations to encourage rigorous exploration of novel attack schemes.
arXiv Detail & Related papers (2020-12-20T21:15:13Z) - Robustness Threats of Differential Privacy [70.818129585404]
We experimentally demonstrate that networks, trained with differential privacy, in some settings might be even more vulnerable in comparison to non-private versions.
We study how the main ingredients of differentially private neural networks training, such as gradient clipping and noise addition, affect the robustness of the model.
arXiv Detail & Related papers (2020-12-14T18:59:24Z) - Differentially Private Simple Linear Regression [2.614403183902121]
We study algorithms for simple linear regression that satisfy differential privacy.
We consider the design of differentially private algorithms for simple linear regression for small datasets.
We study the performance of a spectrum of algorithms we adapt to the setting.
arXiv Detail & Related papers (2020-07-10T04:28:43Z) - SPEED: Secure, PrivatE, and Efficient Deep learning [2.283665431721732]
We introduce a deep learning framework able to deal with strong privacy constraints.
Based on collaborative learning, differential privacy and homomorphic encryption, the proposed approach advances state-of-the-art.
arXiv Detail & Related papers (2020-06-16T19:31:52Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.