Classification Under Local Differential Privacy with Model Reversal and Model Averaging

• URL: http://arxiv.org/abs/2602.05797v1
• Date: Thu, 05 Feb 2026 15:52:34 GMT
• Title: Classification Under Local Differential Privacy with Model Reversal and Model Averaging
• Authors: Caihong Qin, Yang Bai,
• Abstract summary: Local differential privacy (LDP) has become a central topic in data privacy research.<n>We propose novel techniques specifically designed for LDP to improve classification performance without compromising privacy.<n> Empirical results on both simulated and real-world datasets show substantial improvements in classification accuracy.
• Score: 5.178896452202825
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Local differential privacy (LDP) has become a central topic in data privacy research, offering strong privacy guarantees by perturbing user data at the source and removing the need for a trusted curator. However, the noise introduced by LDP often significantly reduces data utility. To address this issue, we reinterpret private learning under LDP as a transfer learning problem, where the noisy data serve as the source domain and the unobserved clean data as the target. We propose novel techniques specifically designed for LDP to improve classification performance without compromising privacy: (1) a noised binary feedback-based evaluation mechanism for estimating dataset utility; (2) model reversal, which salvages underperforming classifiers by inverting their decision boundaries; and (3) model averaging, which assigns weights to multiple reversed classifiers based on their estimated utility. We provide theoretical excess risk bounds under LDP and demonstrate how our methods reduce this risk. Empirical results on both simulated and real-world datasets show substantial improvements in classification accuracy.

Related papers

• Unified Privacy Guarantees for Decentralized Learning via Matrix Factorization [18.709549777027224]
  Decentralized Learning (DL) enables users to collaboratively train models without sharing raw data by averaging local updates with neighbors in a network graph.<n>Strong privacy guarantees in DL are typically achieved through Differential Privacy (DP), with results showing that DL can even amplify privacy by disseminating noise across peer-to-peer communications.<n>Yet in practice, the observed privacy-utility trade-off often appears worse than in centralized training, which may be due to limitations in current DP accounting methods for DL.
  arXiv  Detail & Related papers  (2025-10-20T12:24:27Z)
• Dual Utilization of Perturbation for Stream Data Publication under Local Differential Privacy [10.07017446059039]
  Local differential privacy (LDP) has emerged as a promising standard.<n>Applying LDP to stream data presents significant challenges, as stream data often involves a large or even infinite number of values.<n>We introduce the Iterative Perturbation IPP method, which utilizes current perturbed results to calibrate the subsequent perturbation process.<n>We prove that these three algorithms satisfy $w$-event differential privacy while significantly improving utility.
  arXiv  Detail & Related papers  (2025-04-21T09:51:18Z)
• Efficient Safety Alignment of Large Language Models via Preference Re-ranking and Representation-based Reward Modeling [84.00480999255628]
  Reinforcement Learning algorithms for safety alignment of Large Language Models (LLMs) encounter the challenge of distribution shift.<n>Current approaches typically address this issue through online sampling from the target policy.<n>We propose a new framework that leverages the model's intrinsic safety judgment capability to extract reward signals.
  arXiv  Detail & Related papers  (2025-03-13T06:40:34Z)
• Pseudo-Probability Unlearning: Towards Efficient and Privacy-Preserving Machine Unlearning [59.29849532966454]
  We propose PseudoProbability Unlearning (PPU), a novel method that enables models to forget data to adhere to privacy-preserving manner. Our method achieves over 20% improvements in forgetting error compared to the state-of-the-art.
  arXiv  Detail & Related papers  (2024-11-04T21:27:06Z)
• LDPKiT: Superimposing Remote Queries for Privacy-Preserving Local Model Training [9.605334766969763]
  We present LDPKiT, a framework for non-adversarial, privacy-preserving model extraction.<n>LDPKiT generates approximately in-distribution samples, enabling effective knowledge transfer under local differential privacy (LDP)<n>Experiments on Fashion-MNIST, SVHN, and PathMNIST demonstrate that LDPKiT consistently improves utility while maintaining privacy.
  arXiv  Detail & Related papers  (2024-05-25T21:53:58Z)
• Balancing Privacy Protection and Interpretability in Federated Learning [8.759803233734624]
  Federated learning (FL) aims to collaboratively train the global model in a distributed manner by sharing the model parameters from local clients to a central server. Recent studies have illustrated that FL still suffers from information leakage as adversaries try to recover the training data by analyzing shared parameters from local clients. We propose a simple yet effective adaptive differential privacy (ADP) mechanism that selectively adds noisy perturbations to the gradients of client models in FL.
  arXiv  Detail & Related papers  (2023-02-16T02:58:22Z)
• MAPS: A Noise-Robust Progressive Learning Approach for Source-Free Domain Adaptive Keypoint Detection [76.97324120775475]
  Cross-domain keypoint detection methods always require accessing the source data during adaptation. This paper considers source-free domain adaptive keypoint detection, where only the well-trained source model is provided to the target domain.
  arXiv  Detail & Related papers  (2023-02-09T12:06:08Z)
• FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations [53.268801169075836]
  We propose FedLAP-DP, a novel privacy-preserving approach for federated learning. A formal privacy analysis demonstrates that FedLAP-DP incurs the same privacy costs as typical gradient-sharing schemes. Our approach presents a faster convergence speed compared to typical gradient-sharing methods.
  arXiv  Detail & Related papers  (2023-02-02T12:56:46Z)
• Private and Utility Enhanced Recommendations with Local Differential Privacy and Gaussian Mixture Model [14.213973630742666]
  Local differential privacy (LDP) based perturbation mechanisms add noise to users data at user side before sending it to the Service Providers (SP) Although LDP protects the privacy of users from SP, it causes a substantial decline in predictive accuracy. Our proposed LDP based recommendation system improves the recommendation accuracy without violating LDP principles.
  arXiv  Detail & Related papers  (2021-02-26T13:15:23Z)
• Source Data-absent Unsupervised Domain Adaptation through Hypothesis Transfer and Labeling Transfer [137.36099660616975]
  Unsupervised adaptation adaptation (UDA) aims to transfer knowledge from a related but different well-labeled source domain to a new unlabeled target domain. Most existing UDA methods require access to the source data, and thus are not applicable when the data are confidential and not shareable due to privacy concerns. This paper aims to tackle a realistic setting with only a classification model available trained over, instead of accessing to the source data.
  arXiv  Detail & Related papers  (2020-12-14T07:28:50Z)
• Representation Learning for High-Dimensional Data Collection under Local Differential Privacy [18.98782927283319]
  Local differential privacy (LDP) offers a rigorous approach to preserving privacy. Existing LDP mechanisms have successfully been applied to low-dimensional data. In high dimensions the privacy-inducing noise largely destroys the utility of the data.
  arXiv  Detail & Related papers  (2020-10-23T15:01:19Z)
• RDP-GAN: A R\'enyi-Differential Privacy based Generative Adversarial Network [75.81653258081435]
  Generative adversarial network (GAN) has attracted increasing attention recently owing to its impressive ability to generate realistic samples with high privacy protection. However, when GANs are applied on sensitive or private training examples, such as medical or financial records, it is still probable to divulge individuals' sensitive and private information. We propose a R'enyi-differentially private-GAN (RDP-GAN), which achieves differential privacy (DP) in a GAN by carefully adding random noises on the value of the loss function during training.
  arXiv  Detail & Related papers  (2020-07-04T09:51:02Z)
• Differentially Private Federated Learning with Laplacian Smoothing [72.85272874099644]
  Federated learning aims to protect data privacy by collaboratively learning a model without sharing private data among users. An adversary may still be able to infer the private training data by attacking the released model. Differential privacy provides a statistical protection against such attacks at the price of significantly degrading the accuracy or utility of the trained models.
  arXiv  Detail & Related papers  (2020-05-01T04:28:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.