On the Importance of Architecture and Feature Selection in Differentially Private Machine Learning

• URL: http://arxiv.org/abs/2205.06720v1
• Date: Fri, 13 May 2022 15:57:34 GMT
• Title: On the Importance of Architecture and Feature Selection in Differentially Private Machine Learning
• Authors: Wenxuan Bao, Luke A. Bauer, and Vincent Bindschaedler
• Abstract summary: We study a pitfall in the typical workflow for differentially private machine learning. The use of differentially private learning algorithms in a "drop-in" fashion yields overly complex and poorly performing models.
• Score: 2.387686431425822
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We study a pitfall in the typical workflow for differentially private machine learning. The use of differentially private learning algorithms in a "drop-in" fashion -- without accounting for the impact of differential privacy (DP) noise when choosing what feature engineering operations to use, what features to select, or what neural network architecture to use -- yields overly complex and poorly performing models. In other words, by anticipating the impact of DP noise, a simpler and more accurate alternative model could have been trained for the same privacy guarantee. We systematically study this phenomenon through theory and experiments. On the theory front, we provide an explanatory framework and prove that the phenomenon arises naturally from the addition of noise to satisfy differential privacy. On the experimental front, we demonstrate how the phenomenon manifests in practice using various datasets, types of models, tasks, and neural network architectures. We also analyze the factors that contribute to the problem and distill our experimental insights into concrete takeaways that practitioners can follow when training models with differential privacy. Finally, we propose privacy-aware algorithms for feature selection and neural network architecture search. We analyze their differential privacy properties and evaluate them empirically.

Related papers

• Breaking the Curse of Dimensionality in Deep Neural Networks by Learning Invariant Representations [1.9580473532948401]
  This thesis explores the theoretical foundations of deep learning by studying the relationship between the architecture of these models and the inherent structures found within the data they process. We ask What drives the efficacy of deep learning algorithms and allows them to beat the so-called curse of dimensionality. Our methodology takes an empirical approach to deep learning, combining experimental studies with physics-inspired toy models.
  arXiv  Detail & Related papers  (2023-10-24T19:50:41Z)
• Learning Differentially Private Probabilistic Models for Privacy-Preserving Image Generation [67.47979276739144]
  We propose learning differentially private probabilistic models to generate high-resolution images with differential privacy guarantee. Our approach can generate images up to 256x256 with remarkable visual quality and data utility.
  arXiv  Detail & Related papers  (2023-05-18T02:51:17Z)
• Deep networks for system identification: a Survey [56.34005280792013]
  System identification learns mathematical descriptions of dynamic systems from input-output data. Main aim of the identified model is to predict new data from previous observations. We discuss architectures commonly adopted in the literature, like feedforward, convolutional, and recurrent networks.
  arXiv  Detail & Related papers  (2023-01-30T12:38:31Z)
• Robust Graph Representation Learning via Predictive Coding [46.22695915912123]
  Predictive coding is a message-passing framework initially developed to model information processing in the brain. In this work, we build models that rely on the message-passing rule of predictive coding. We show that the proposed models are comparable to standard ones in terms of performance in both inductive and transductive tasks.
  arXiv  Detail & Related papers  (2022-12-09T03:58:22Z)
• Model-Based Deep Learning: On the Intersection of Deep Learning and Optimization [101.32332941117271]
  Decision making algorithms are used in a multitude of different applications. Deep learning approaches that use highly parametric architectures tuned from data without relying on mathematical models are becoming increasingly popular. Model-based optimization and data-centric deep learning are often considered to be distinct disciplines.
  arXiv  Detail & Related papers  (2022-05-05T13:40:08Z)
• Differentially Private Graph Classification with GNNs [5.830410490229634]
  Graph Networks (GNNs) have established themselves as the state-of-the-art models for many machine learning applications. We introduce differential privacy for graph-level classification, one of the key applications of machine learning on graphs. We show results on a variety of synthetic and public datasets and evaluate the impact of different GNN architectures.
  arXiv  Detail & Related papers  (2022-02-05T15:16:40Z)
• Statistical Privacy Guarantees of Machine Learning Preprocessing Techniques [1.198727138090351]
  We adapt a privacy violation detection framework based on statistical methods to measure privacy levels of machine learning pipelines. We apply the newly created framework to show that resampling techniques used when dealing with imbalanced datasets cause the resultant model to leak more privacy.
  arXiv  Detail & Related papers  (2021-09-06T14:08:47Z)
• Photonic Differential Privacy with Direct Feedback Alignment [66.61196212740359]
  We show how to leverage the intrinsic noise of optical random projections to build a differentially private DFA mechanism. We conduct experiments demonstrating the ability of our learning procedure to achieve solid end-task performance.
  arXiv  Detail & Related papers  (2021-06-07T14:18:01Z)
• Robustness Threats of Differential Privacy [70.818129585404]
  We experimentally demonstrate that networks, trained with differential privacy, in some settings might be even more vulnerable in comparison to non-private versions. We study how the main ingredients of differentially private neural networks training, such as gradient clipping and noise addition, affect the robustness of the model.
  arXiv  Detail & Related papers  (2020-12-14T18:59:24Z)
• Differentially Private Synthetic Data: Applied Evaluations and Enhancements [4.749807065324706]
  Differentially private data synthesis protects personal details from exposure. We evaluate four differentially private generative adversarial networks for data synthesis. We propose QUAIL, an ensemble-based modeling approach to generating synthetic data.
  arXiv  Detail & Related papers  (2020-11-11T04:03:08Z)
• Differentially Private and Fair Deep Learning: A Lagrangian Dual Approach [54.32266555843765]
  This paper studies a model that protects the privacy of the individuals sensitive information while also allowing it to learn non-discriminatory predictors. The method relies on the notion of differential privacy and the use of Lagrangian duality to design neural networks that can accommodate fairness constraints.
  arXiv  Detail & Related papers  (2020-09-26T10:50:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.