• Corpus ID: 231879976

On Deep Learning with Label Differential Privacy

@inproceedings{Ghazi2021OnDL,
  title={On Deep Learning with Label Differential Privacy},
  author={Badih Ghazi and Noah Golowich and Ravi Kumar and Pasin Manurangsi and Chiyuan Zhang},
  booktitle={NeurIPS},
  year={2021}
}
The Randomized Response (RR) algorithm [96] is a classical technique to improve robustness in survey aggregation, and has been widely adopted in applications with differential privacy guarantees. We propose a novel algorithm, Randomized Response with Prior (RRWithPrior), which can provide more accurate results while maintaining the same level of privacy guaranteed by RR. We then apply RRWithPrior to learn neural networks with label differential privacy (LabelDP), and show that when only the… 

Figures and Tables from this paper

Antipodes of Label Differential Privacy: PATE and ALIBI
We consider the privacy-preserving machine learning (ML) setting where the trained model must satisfy differential privacy (DP) with respect to the labels of the training examples. We propose two
Does Label Differential Privacy Prevent Label Inference Attacks?
TLDR
It is argued that LDP merely limits the advantage of an LIA adversary compared to predicting training labels using the Bayes classifier and is independent of the training labels, and empirically demonstrates that this result closely captures the behavior of simulated attacks on both synthetic and real world datasets.
Differentially Private Label Protection in Split Learning
TLDR
This work proposes TPSL (Transcript Private Split Learning), a generic gradient perturbation based split learning framework that provides provable differential privacy guarantee and is found to have a better utility-privacy trade-off than baselines.
Practical, Label Private Deep Learning Training based on Secure Multiparty Computation and Differential Privacy
TLDR
New protocols combining differential privacy (DP) and MPC are proposed in order to privately and efficiently train a deep learning model in such scenario and can have running times that are orders of magnitude better than a straightforward use of MPC at a moderate cost in model accuracy.
ExPLoit: Extracting Private Labels in Split Learning
TLDR
ExPLoit is proposed – a label-leakage attack that allows an adversarial input-owner to extract the private labels of the label-owner during split-learning using a novel loss function that combines gradient-matching and several regularization terms developed using key properties of the dataset and models.
Gradient Inversion Attack: Leaking Private Labels in Two-Party Split Learning
TLDR
This paper proposes Gradient Inversion Attack (GIA), a label leakage attack that allows an adversarial input owner to learn the label owner’s private labels by exploiting the gradient information obtained during split learning.
Differentially Private Learning with Margin Guarantees
TLDR
A series of new differentially private (DP) algorithms with dimension-independent margin guarantees for linear hypotheses and a general label DP learning algorithm, which benefits from relative deviation margin bounds and is applicable to a broad family of hypothesis sets, including that of neural networks.
Just Fine-tune Twice: Selective Differential Privacy for Large Language Models
TLDR
This paper proposes a simple yet effective just-fine-tune-twice privacy mechanism to achieve Selective-Differential-Privacy for large Transformer-based language models, and designs explicit and contextual policy functions to provide protections at different levels.
GeoPointGAN: Synthetic Spatial Data with Local Label Differential Privacy
TLDR
This work introduces GeoPointGAN, a novel GAN-based solution for generating synthetic spatial point datasets with high utility and strong individual level privacy guarantees, and demonstrates that a strong level of privacy is achieved with little-to-no adverse utility cost.
Themes in data mining, big data, and crime analytics
  • G. Oatley
  • Law, Computer Science
    WIREs Data Mining and Knowledge Discovery
  • 2021
TLDR
Challenges for information management, and in turn law and society, include: AI‐powered predictive policing; big data for legal and adversarial decisions; bias using big data and analytics in profiling and predicting criminality; forecasting crime risk and crime rates; and, regulating AI systems.
...
1
2
...

References

SHOWING 1-10 OF 127 REFERENCES
Improving Deep Learning with Differential Privacy using Gradient Encoding and Denoising
TLDR
This paper aims at training deep learning models with DP guarantees while preserving model accuracy much better than previous works, and takes advantage of the post-processing property of differential privacy by introducing the idea of denoising, which further improves the utility of the trained models without degrading their DP guarantees.
Differentially Private Model Publishing for Deep Learning
TLDR
This work proposes a differentially private approach for training neural networks that employs a generalization of differential privacy called concentrated differential privacy (CDP), with both a formal and refined privacy loss analysis on two different data batching methods.
Antipodes of Label Differential Privacy: PATE and ALIBI
We consider the privacy-preserving machine learning (ML) setting where the trained model must satisfy differential privacy (DP) with respect to the labels of the training examples. We propose two
Differentially Private Regression and Classification with Sparse Gaussian Processes
TLDR
This paper builds on the provable privacy guarantees of differential privacy which has been combined with Gaussian processes through the previously published Cloaking method, and provides a robust toolkit for combining differential privacy and GPs in a practical manner.
Tempered Sigmoid Activations for Deep Learning with Differential Privacy
TLDR
This paper is the first to observe that the choice of activation function is central to bounding the sensitivity of privacy-preserving deep learning, and demonstrates analytically and experimentally how a general family of bounded activation functions, the tempered sigmoids, consistently outperform unbounded activation functions like ReLU.
Private Convex Empirical Risk Minimization and High-dimensional Regression
TLDR
This work significantly extends the analysis of the “objective perturbation” algorithm of Chaudhuri et al. (2011) for convex ERM problems, and gives the best known algorithms for differentially private linear regression.
Deep Learning with Differential Privacy
TLDR
This work develops new algorithmic techniques for learning and a refined analysis of privacy costs within the framework of differential privacy, and demonstrates that deep neural networks can be trained with non-convex objectives, under a modest privacy budget, and at a manageable cost in software complexity, training efficiency, and model quality.
Practical, Label Private Deep Learning Training based on Secure Multiparty Computation and Differential Privacy
TLDR
New protocols combining differential privacy (DP) and MPC are proposed in order to privately and efficiently train a deep learning model in such scenario and can have running times that are orders of magnitude better than a straightforward use of MPC at a moderate cost in model accuracy.
Label differential privacy via clustering
TLDR
It is proved that when the clusters are both large and high-quality, the model that minimizes the modified loss on the noisy training set converges to small excess risk at a rate that is comparable to the rate for non-private learning.
Differentially Private Regression with Gaussian Processes
TLDR
This cloaking method achieves the greatest accuracy, while still providing privacy guarantees, and offers practical DP for regression over multi-dimensional inputs and provides a starter toolkit for combining differential privacy and GPs.
...
1
2
3
4
5
...