Differential Privacy and Byzantine Resilience in SGD: Do They Add Up?
- URL: http://arxiv.org/abs/2102.08166v1
- Date: Tue, 16 Feb 2021 14:10:38 GMT
- Title: Differential Privacy and Byzantine Resilience in SGD: Do They Add Up?
- Authors: Rachid Guerraoui, Nirupam Gupta, Rafa\"el Pinot, S\'ebastien Rouault,
John Stephan
- Abstract summary: We study whether a distributed implementation of the renowned Gradient Descent (SGD) learning algorithm is feasible with both differential privacy (DP) and $(alpha,f)$-Byzantine resilience.
We show that a direct composition of these techniques makes the guarantees of the resulting SGD algorithm depend unfavourably upon the number of parameters in the ML model.
- Score: 6.614755043607777
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: This paper addresses the problem of combining Byzantine resilience with
privacy in machine learning (ML). Specifically, we study whether a distributed
implementation of the renowned Stochastic Gradient Descent (SGD) learning
algorithm is feasible with both differential privacy (DP) and
$(\alpha,f)$-Byzantine resilience. To the best of our knowledge, this is the
first work to tackle this problem from a theoretical point of view. A key
finding of our analyses is that the classical approaches to these two
(seemingly) orthogonal issues are incompatible. More precisely, we show that a
direct composition of these techniques makes the guarantees of the resulting
SGD algorithm depend unfavourably upon the number of parameters in the ML
model, making the training of large models practically infeasible. We validate
our theoretical results through numerical experiments on publicly-available
datasets; showing that it is impractical to ensure DP and Byzantine resilience
simultaneously.
Related papers
- DCID: Deep Canonical Information Decomposition [84.59396326810085]
We consider the problem of identifying the signal shared between two one-dimensional target variables.
We propose ICM, an evaluation metric which can be used in the presence of ground-truth labels.
We also propose Deep Canonical Information Decomposition (DCID) - a simple, yet effective approach for learning the shared variables.
arXiv Detail & Related papers (2023-06-27T16:59:06Z) - Practical Differentially Private and Byzantine-resilient Federated
Learning [17.237219486602097]
We use our version of differentially private gradient descent (DP-SGD) algorithm to preserve privacy.
We leverage the random noise to construct an aggregation that effectively rejects many existing Byzantine attacks.
arXiv Detail & Related papers (2023-04-15T23:30:26Z) - Learning and interpreting asymmetry-labeled DAGs: a case study on
COVID-19 fear [2.3572498744567127]
Asymmetry-labeled DAGs have been proposed to both extend the class of Bayesian networks by relaxing the symmetric assumption of independence.
We introduce novel structural learning algorithms for this class of models which, whilst being efficient, allow for a straightforward interpretation of the underlying dependence structure.
A real-world data application using data from the Fear of COVID-19 Scale collected in Italy showcases their use in practice.
arXiv Detail & Related papers (2023-01-02T12:48:17Z) - MaxMatch: Semi-Supervised Learning with Worst-Case Consistency [149.03760479533855]
We propose a worst-case consistency regularization technique for semi-supervised learning (SSL)
We present a generalization bound for SSL consisting of the empirical loss terms observed on labeled and unlabeled training data separately.
Motivated by this bound, we derive an SSL objective that minimizes the largest inconsistency between an original unlabeled sample and its multiple augmented variants.
arXiv Detail & Related papers (2022-09-26T12:04:49Z) - Principled Knowledge Extrapolation with GANs [92.62635018136476]
We study counterfactual synthesis from a new perspective of knowledge extrapolation.
We show that an adversarial game with a closed-form discriminator can be used to address the knowledge extrapolation problem.
Our method enjoys both elegant theoretical guarantees and superior performance in many scenarios.
arXiv Detail & Related papers (2022-05-21T08:39:42Z) - Bridging Differential Privacy and Byzantine-Robustness via Model
Aggregation [27.518542543750367]
This paper aims at addressing conflicting issues in federated learning: differential privacy and Byzantinerobustness.
Standard mechanisms add transmitted DP, envelops entangles with robust gradient aggregation to defend against Byzantine attacks.
We show that the influence of our proposed mechanisms is deperturbed with that robust model aggregation.
arXiv Detail & Related papers (2022-04-29T23:37:46Z) - Regularizing Variational Autoencoder with Diversity and Uncertainty
Awareness [61.827054365139645]
Variational Autoencoder (VAE) approximates the posterior of latent variables based on amortized variational inference.
We propose an alternative model, DU-VAE, for learning a more Diverse and less Uncertain latent space.
arXiv Detail & Related papers (2021-10-24T07:58:13Z) - Combining Differential Privacy and Byzantine Resilience in Distributed
SGD [9.14589517827682]
This paper studies the extent to which the distributed SGD algorithm, in the standard parameter-server architecture, can learn an accurate model.
We show that many existing results on the convergence of distributed SGD under Byzantine faults, especially those relying on $(alpha,f)$-Byzantine resilience, are rendered invalid when honest workers enforce DP.
arXiv Detail & Related papers (2021-10-08T09:23:03Z) - Disentangling Observed Causal Effects from Latent Confounders using
Method of Moments [67.27068846108047]
We provide guarantees on identifiability and learnability under mild assumptions.
We develop efficient algorithms based on coupled tensor decomposition with linear constraints to obtain scalable and guaranteed solutions.
arXiv Detail & Related papers (2021-01-17T07:48:45Z) - Differentially Private (Gradient) Expectation Maximization Algorithm
with Statistical Guarantees [25.996994681543903]
(Gradient) Expectation Maximization (EM) is a widely used algorithm for estimating the maximum likelihood of mixture models or incomplete data problems.
Previous research on this problem has already lead to the discovery of some Differentially Private (DP) algorithms for (Gradient) EM.
We propose in this paper the first DP version of (Gradient) EM algorithm with statistical guarantees.
arXiv Detail & Related papers (2020-10-22T03:41:19Z) - Efficient Model-Based Reinforcement Learning through Optimistic Policy
Search and Planning [93.1435980666675]
We show how optimistic exploration can be easily combined with state-of-the-art reinforcement learning algorithms.
Our experiments demonstrate that optimistic exploration significantly speeds-up learning when there are penalties on actions.
arXiv Detail & Related papers (2020-06-15T18:37:38Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.