Related papers: Towards Understanding Generalization in DP-GD: A Case Study in Training Two-Layer CNNs

Towards Understanding Generalization in DP-GD: A Case Study in Training Two-Layer CNNs

URL: http://arxiv.org/abs/2511.22270v1
Date: Thu, 27 Nov 2025 09:49:45 GMT
Title: Towards Understanding Generalization in DP-GD: A Case Study in Training Two-Layer CNNs
Authors: Zhongjie Shi, Puyu Wang, Chenyang Zhang, Yuan Cao,
Abstract summary: Training datasets may include sensitive information, such as personal contact details, financial data, and medical records.<n>There is a growing emphasis on developing privacy-preserving training algorithms for neural networks.<n>In this paper, we investigate the generalization and privacy performances of the differentially private gradient descent (DP-GD) algorithm.
Score: 9.964337704028543
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Modern deep learning techniques focus on extracting intricate information from data to achieve accurate predictions. However, the training datasets may be crowdsourced and include sensitive information, such as personal contact details, financial data, and medical records. As a result, there is a growing emphasis on developing privacy-preserving training algorithms for neural networks that maintain good performance while preserving privacy. In this paper, we investigate the generalization and privacy performances of the differentially private gradient descent (DP-GD) algorithm, which is a private variant of the gradient descent (GD) by incorporating additional noise into the gradients during each iteration. Moreover, we identify a concrete learning task where DP-GD can achieve superior generalization performance compared to GD in training two-layer Huberized ReLU convolutional neural networks (CNNs). Specifically, we demonstrate that, under mild conditions, a small signal-to-noise ratio can result in GD producing training models with poor test accuracy, whereas DP-GD can yield training models with good test accuracy and privacy guarantees if the signal-to-noise ratio is not too small. This indicates that DP-GD has the potential to enhance model performance while ensuring privacy protection in certain learning tasks. Numerical simulations are further conducted to support our theoretical results.

Related papers

Understanding Private Learning From Feature Perspective [21.60795003011593]
Differentially private gradient Descent (DP-SGD) has become integral to privacy-preserving machine learning.<n>This paper presents the first theoretical framework to analyze private training through a feature learning perspective.
arXiv Detail & Related papers (2025-11-22T10:09:46Z)
Private Training & Data Generation by Clustering Embeddings [74.00687214400021]
Differential privacy (DP) provides a robust framework for protecting individual data.<n>We introduce a novel principled method for DP synthetic image embedding generation.<n> Empirically, a simple two-layer neural network trained on synthetically generated embeddings achieves state-of-the-art (SOTA) classification accuracy.
arXiv Detail & Related papers (2025-06-20T00:17:14Z)
Training with Differential Privacy: A Gradient-Preserving Noise Reduction Approach with Provable Security [19.683286866372832]
We present a more robust and provably secure approach for differentially private training called GReDP.<n>Unlike previous work, our GReDP only requires half of the noise scale compared to DPSGD.
arXiv Detail & Related papers (2024-09-18T03:01:27Z)
Revisiting Privacy-Utility Trade-off for DP Training with Pre-existing Knowledge [40.44144653519249]
We propose a generic differential privacy framework with heterogeneous noise (DP-Hero)<n>Atop DP-Hero, we instantiate a heterogeneous version of DP-SGD, and further extend it to federated training.<n>We conduct comprehensive experiments to verify and explain the effectiveness of the proposed DP-Hero, showing improved training accuracy compared with state-of-the-art works.
arXiv Detail & Related papers (2024-09-05T08:40:54Z)
Sparsity-Preserving Differentially Private Training of Large Embedding Models [67.29926605156788]
DP-SGD is a training algorithm that combines differential privacy with gradient descent. Applying DP-SGD naively to embedding models can destroy gradient sparsity, leading to reduced training efficiency. We present two new algorithms, DP-FEST and DP-AdaFEST, that preserve gradient sparsity during private training of large embedding models.
arXiv Detail & Related papers (2023-11-14T17:59:51Z)
Implicit Stochastic Gradient Descent for Training Physics-informed Neural Networks [51.92362217307946]
Physics-informed neural networks (PINNs) have effectively been demonstrated in solving forward and inverse differential equation problems. PINNs are trapped in training failures when the target functions to be approximated exhibit high-frequency or multi-scale features. In this paper, we propose to employ implicit gradient descent (ISGD) method to train PINNs for improving the stability of training process.
arXiv Detail & Related papers (2023-03-03T08:17:47Z)
NeuralDP Differentially private neural networks by design [61.675604648670095]
We propose NeuralDP, a technique for privatising activations of some layer within a neural network. We experimentally demonstrate on two datasets that our method offers substantially improved privacy-utility trade-offs compared to DP-SGD.
arXiv Detail & Related papers (2021-07-30T12:40:19Z)
An Efficient DP-SGD Mechanism for Large Scale NLP Models [28.180412581994485]
Data used to train Natural Language Understanding (NLU) models may contain private information such as addresses or phone numbers. It is desirable that underlying models do not expose private information contained in the training data. Differentially Private Gradient Descent (DP-SGD) has been proposed as a mechanism to build privacy-preserving models.
arXiv Detail & Related papers (2021-07-14T15:23:27Z)
Differentially private training of neural networks with Langevin dynamics forcalibrated predictive uncertainty [58.730520380312676]
We show that differentially private gradient descent (DP-SGD) can yield poorly calibrated, overconfident deep learning models. This represents a serious issue for safety-critical applications, e.g. in medical diagnosis.
arXiv Detail & Related papers (2021-07-09T08:14:45Z)
RDP-GAN: A R\'enyi-Differential Privacy based Generative Adversarial Network [75.81653258081435]
Generative adversarial network (GAN) has attracted increasing attention recently owing to its impressive ability to generate realistic samples with high privacy protection. However, when GANs are applied on sensitive or private training examples, such as medical or financial records, it is still probable to divulge individuals' sensitive and private information. We propose a R'enyi-differentially private-GAN (RDP-GAN), which achieves differential privacy (DP) in a GAN by carefully adding random noises on the value of the loss function during training.
arXiv Detail & Related papers (2020-07-04T09:51:02Z)
On the effect of normalization layers on Differentially Private training of deep Neural networks [19.26653302753129]
We study the effect of normalization layers on the performance of DPSGD. We propose a novel method for integrating batch normalization with DPSGD without incurring an additional privacy loss.
arXiv Detail & Related papers (2020-06-19T01:43:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.