Private Learning with Public Features
- URL: http://arxiv.org/abs/2310.15454v1
- Date: Tue, 24 Oct 2023 01:59:28 GMT
- Title: Private Learning with Public Features
- Authors: Walid Krichene, Nicolas Mayoraz, Steffen Rendle, Shuang Song,
Abhradeep Thakurta, Li Zhang
- Abstract summary: We study a class of private learning problems in which the data is a join of private and public features.
We develop new algorithms that take advantage of this separation by only protecting certain sufficient statistics.
- Score: 18.142859808011618
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We study a class of private learning problems in which the data is a join of
private and public features. This is often the case in private personalization
tasks such as recommendation or ad prediction, in which features related to
individuals are sensitive, while features related to items (the movies or songs
to be recommended, or the ads to be shown to users) are publicly available and
do not require protection. A natural question is whether private algorithms can
achieve higher utility in the presence of public features. We give a positive
answer for multi-encoder models where one of the encoders operates on public
features. We develop new algorithms that take advantage of this separation by
only protecting certain sufficient statistics (instead of adding noise to the
gradient). This method has a guaranteed utility improvement for linear
regression, and importantly, achieves the state of the art on two standard
private recommendation benchmarks, demonstrating the importance of methods that
adapt to the private-public feature separation.
Related papers
- Machine Learning with Privacy for Protected Attributes [56.44253915927481]
We refine the definition of differential privacy (DP) to create a more general and flexible framework that we call feature differential privacy (FDP)<n>Our definition is simulation-based and allows for both addition/removal and replacement variants of privacy, and can handle arbitrary separation of protected and non-protected features.<n>We apply our framework to various machine learning tasks and show that it can significantly improve the utility of DP-trained models when public features are available.
arXiv Detail & Related papers (2025-06-24T17:53:28Z) - Differentially Private Random Feature Model [52.468511541184895]
We produce a differentially private random feature model for privacy-preserving kernel machines.
We show that our method preserves privacy and derive a generalization error bound for the method.
arXiv Detail & Related papers (2024-12-06T05:31:08Z) - Optimized Tradeoffs for Private Prediction with Majority Ensembling [59.99331405291337]
We introduce the Data-dependent Randomized Response Majority (DaRRM) algorithm.
DaRRM is parameterized by a data-dependent noise function $gamma$, and enables efficient utility optimization over the class of all private algorithms.
We show that DaRRM provably enjoys a privacy gain of a factor of 2 over common baselines, with fixed utility.
arXiv Detail & Related papers (2024-11-27T00:48:48Z) - Oracle-Efficient Differentially Private Learning with Public Data [21.771932463130252]
We present the first computationally efficient, algorithms to provably leverage public data to learn privately whenever a function class is learnable non-privately.
We provide specialized algorithms with improved sample complexities in the special cases when the function class is convex or when the task is binary classification.
arXiv Detail & Related papers (2024-02-13T23:40:50Z) - Private Matrix Factorization with Public Item Features [14.547931725603888]
Training with Differential Privacy (DP) offers strong privacy guarantees, at the expense of loss in recommendation quality.
We show that incorporating public item features during training can help mitigate this loss in quality.
arXiv Detail & Related papers (2023-09-17T11:13:52Z) - Independent Distribution Regularization for Private Graph Embedding [55.24441467292359]
Graph embeddings are susceptible to attribute inference attacks, which allow attackers to infer private node attributes from the learned graph embeddings.
To address these concerns, privacy-preserving graph embedding methods have emerged.
We propose a novel approach called Private Variational Graph AutoEncoders (PVGAE) with the aid of independent distribution penalty as a regularization term.
arXiv Detail & Related papers (2023-08-16T13:32:43Z) - Randomized algorithms for precise measurement of differentially-private,
personalized recommendations [6.793345945003182]
We propose an algorithm for personalized recommendations that facilitates both precise and differentially-private measurement.
We conduct offline experiments to quantify how the proposed privacy-preserving algorithm affects key metrics related to user experience, advertiser value, and platform revenue.
arXiv Detail & Related papers (2023-08-07T17:34:58Z) - Better Private Linear Regression Through Better Private Feature
Selection [18.884088349732973]
We introduce a differentially private feature selection method based on Kendall rank correlation.
We prove a utility guarantee for the setting where features are normally distributed.
We find that adding this private feature selection step before regression significantly broadens the applicability of plug-and-play'' private linear regression algorithms.
arXiv Detail & Related papers (2023-06-01T17:21:10Z) - Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining [75.25943383604266]
We question whether the use of large Web-scraped datasets should be viewed as differential-privacy-preserving.
We caution that publicizing these models pretrained on Web data as "private" could lead to harm and erode the public's trust in differential privacy as a meaningful definition of privacy.
We conclude by discussing potential paths forward for the field of private learning, as public pretraining becomes more popular and powerful.
arXiv Detail & Related papers (2022-12-13T10:41:12Z) - Algorithms with More Granular Differential Privacy Guarantees [65.3684804101664]
We consider partial differential privacy (DP), which allows quantifying the privacy guarantee on a per-attribute basis.
In this work, we study several basic data analysis and learning tasks, and design algorithms whose per-attribute privacy parameter is smaller that the best possible privacy parameter for the entire record of a person.
arXiv Detail & Related papers (2022-09-08T22:43:50Z) - Private Domain Adaptation from a Public Source [48.83724068578305]
We design differentially private discrepancy-based algorithms for adaptation from a source domain with public labeled data to a target domain with unlabeled private data.
Our solutions are based on private variants of Frank-Wolfe and Mirror-Descent algorithms.
arXiv Detail & Related papers (2022-08-12T06:52:55Z) - Mixed Differential Privacy in Computer Vision [133.68363478737058]
AdaMix is an adaptive differentially private algorithm for training deep neural network classifiers using both private and public image data.
A few-shot or even zero-shot learning baseline that ignores private data can outperform fine-tuning on a large private dataset.
arXiv Detail & Related papers (2022-03-22T06:15:43Z) - Private Reinforcement Learning with PAC and Regret Guarantees [69.4202374491817]
We design privacy preserving exploration policies for episodic reinforcement learning (RL)
We first provide a meaningful privacy formulation using the notion of joint differential privacy (JDP)
We then develop a private optimism-based learning algorithm that simultaneously achieves strong PAC and regret bounds, and enjoys a JDP guarantee.
arXiv Detail & Related papers (2020-09-18T20:18:35Z) - Privacy-Preserving Boosting in the Local Setting [17.375582978294105]
In machine learning, boosting is one of the most popular methods that designed to combine multiple base learners to a superior one.
In the big data era, the data held by individual and entities, like personal images, browsing history and census information, are more likely to contain sensitive information.
Local Differential Privacy is proposed as an effective privacy protection approach, which offers a strong guarantee to the data owners.
arXiv Detail & Related papers (2020-02-06T04:48:51Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.