Adaptive Differential Privacy in Federated Learning: A Priority-Based
Approach
- URL: http://arxiv.org/abs/2401.02453v1
- Date: Thu, 4 Jan 2024 03:01:15 GMT
- Title: Adaptive Differential Privacy in Federated Learning: A Priority-Based
Approach
- Authors: Mahtab Talaei, Iman Izadi
- Abstract summary: Federated learning (FL) develops global models without direct access to local datasets.
DP offers a framework that gives a privacy guarantee by adding certain amounts of noise to parameters.
We propose adaptive noise addition in FL which decides the value of injected noise based on features' relative importance.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Federated learning (FL) as one of the novel branches of distributed machine
learning (ML), develops global models through a private procedure without
direct access to local datasets. However, access to model updates (e.g.
gradient updates in deep neural networks) transferred between clients and
servers can reveal sensitive information to adversaries. Differential privacy
(DP) offers a framework that gives a privacy guarantee by adding certain
amounts of noise to parameters. This approach, although being effective in
terms of privacy, adversely affects model performance due to noise involvement.
Hence, it is always needed to find a balance between noise injection and the
sacrificed accuracy. To address this challenge, we propose adaptive noise
addition in FL which decides the value of injected noise based on features'
relative importance. Here, we first propose two effective methods for
prioritizing features in deep neural network models and then perturb models'
weights based on this information. Specifically, we try to figure out whether
the idea of adding more noise to less important parameters and less noise to
more important parameters can effectively save the model accuracy while
preserving privacy. Our experiments confirm this statement under some
conditions. The amount of noise injected, the proportion of parameters
involved, and the number of global iterations can significantly change the
output. While a careful choice of parameters by considering the properties of
datasets can improve privacy without intense loss of accuracy, a bad choice can
make the model performance worse.
Related papers
- Fine-Tuning Language Models with Differential Privacy through Adaptive Noise Allocation [33.795122935686706]
We propose ANADP, a novel algorithm that adaptively allocates additive noise based on the importance of model parameters.
We demonstrate that ANADP narrows the performance gap between regular fine-tuning and traditional DP fine-tuning on a series of datasets.
arXiv Detail & Related papers (2024-10-03T19:02:50Z) - Enhancing Federated Learning with Adaptive Differential Privacy and Priority-Based Aggregation [0.0]
Federated learning (FL) develops global models without direct access to local datasets.
It is possible to access the model updates transferred between clients and servers, potentially revealing sensitive local information to adversaries.
Differential privacy (DP) offers a promising approach to addressing this issue by adding noise to the parameters.
We propose a personalized DP framework that injects noise based on clients' relative impact factors and aggregates parameters.
arXiv Detail & Related papers (2024-06-26T16:55:07Z) - Certification for Differentially Private Prediction in Gradient-Based Training [36.686002369773014]
We use convex relaxation and bound propagation to compute a provable upper-bound for the local and smooth sensitivity of a prediction.
This bound allows us to reduce the magnitude of noise added or improve privacy accounting in the private prediction setting.
arXiv Detail & Related papers (2024-06-19T10:47:00Z) - Noise-Aware Algorithm for Heterogeneous Differentially Private Federated Learning [21.27813247914949]
We propose Robust-HDP, which efficiently estimates the true noise level in clients model updates.
It improves utility and convergence speed, while being safe to the clients that may maliciously send falsified privacy parameter to server.
arXiv Detail & Related papers (2024-06-05T17:41:42Z) - Advancing the Robustness of Large Language Models through Self-Denoised Smoothing [50.54276872204319]
Large language models (LLMs) have achieved significant success, but their vulnerability to adversarial perturbations has raised considerable concerns.
We propose to leverage the multitasking nature of LLMs to first denoise the noisy inputs and then to make predictions based on these denoised versions.
Unlike previous denoised smoothing techniques in computer vision, which require training a separate model to enhance the robustness of LLMs, our method offers significantly better efficiency and flexibility.
arXiv Detail & Related papers (2024-04-18T15:47:00Z) - Learning with Noisy Foundation Models [95.50968225050012]
This paper is the first work to comprehensively understand and analyze the nature of noise in pre-training datasets.
We propose a tuning method (NMTune) to affine the feature space to mitigate the malignant effect of noise and improve generalization.
arXiv Detail & Related papers (2024-03-11T16:22:41Z) - Amplitude-Varying Perturbation for Balancing Privacy and Utility in
Federated Learning [86.08285033925597]
This paper presents a new DP perturbation mechanism with a time-varying noise amplitude to protect the privacy of federated learning.
We derive an online refinement of the series to prevent FL from premature convergence resulting from excessive perturbation noise.
The contribution of the new DP mechanism to the convergence and accuracy of privacy-preserving FL is corroborated, compared to the state-of-the-art Gaussian noise mechanism with a persistent noise amplitude.
arXiv Detail & Related papers (2023-03-07T22:52:40Z) - MAPS: A Noise-Robust Progressive Learning Approach for Source-Free
Domain Adaptive Keypoint Detection [76.97324120775475]
Cross-domain keypoint detection methods always require accessing the source data during adaptation.
This paper considers source-free domain adaptive keypoint detection, where only the well-trained source model is provided to the target domain.
arXiv Detail & Related papers (2023-02-09T12:06:08Z) - Just Fine-tune Twice: Selective Differential Privacy for Large Language
Models [69.66654761324702]
We propose a simple yet effective just-fine-tune-twice privacy mechanism to achieve SDP for large Transformer-based language models.
Experiments show that our models achieve strong performance while staying robust to the canary insertion attack.
arXiv Detail & Related papers (2022-04-15T22:36:55Z) - A Differentially Private Framework for Deep Learning with Convexified
Loss Functions [4.059849656394191]
Differential privacy (DP) has been applied in deep learning for preserving privacy of the underlying training sets.
Existing DP practice falls into three categories - objective perturbation, gradient perturbation and output perturbation.
We propose a novel output perturbation framework by injecting DP noise into a randomly sampled neuron.
arXiv Detail & Related papers (2022-04-03T11:10:05Z) - RDP-GAN: A R\'enyi-Differential Privacy based Generative Adversarial
Network [75.81653258081435]
Generative adversarial network (GAN) has attracted increasing attention recently owing to its impressive ability to generate realistic samples with high privacy protection.
However, when GANs are applied on sensitive or private training examples, such as medical or financial records, it is still probable to divulge individuals' sensitive and private information.
We propose a R'enyi-differentially private-GAN (RDP-GAN), which achieves differential privacy (DP) in a GAN by carefully adding random noises on the value of the loss function during training.
arXiv Detail & Related papers (2020-07-04T09:51:02Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.