Differentially-Private Deep Learning from an optimization Perspective

With the amount of user data crowdsourced for data mining dramatically increasing, there is an urgent need to protect the privacy of individuals. Differential privacy mechanisms are conventionally adopted to add noise to the user data, so that an adversary is not able to gain any additional knowledge about individuals participating in the crowdsourcing, by inferring from the learned model. However, such protection is usually achieved with significantly degraded learning results. We have observed that the fundamental cause of this problem is that the relationship between model utility and data privacy is not accurately characterized, leading to privacy constraints that are overly strict. In this paper, we address this problem from an optimization perspective, and formulate the problem as one that minimizes the accuracy loss given a set of privacy constraints. We use sensitivity to describe the impact of perturbation noise to the model utility, and propose a new optimized additive noise mechanism that improves overall learning accuracy while conforming to individual privacy constraints. As a highlight of our privacy mechanism, it is highly robust in the high privacy regime (when $\epsilon \rightarrow 0$), and against any changes in the model structure and experimental settings.

[1]  Vitaly Shmatikov,et al.  Membership Inference Attacks Against Machine Learning Models , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[2]  Vitaly Shmatikov,et al.  Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[3]  Somesh Jha,et al.  Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures , 2015, CCS.

[4]  Di Wang,et al.  Differentially Private Empirical Risk Minimization Revisited: Faster and More General , 2018, NIPS.

[5]  Úlfar Erlingsson,et al.  Scalable Private Learning with PATE , 2018, ICLR.

[6]  Yan Zhang,et al.  RescueDP: Real-time spatio-temporal crowd-sourced data publishing with differential privacy , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[7]  Pramod Viswanath,et al.  The Optimal Noise-Adding Mechanism in Differential Privacy , 2012, IEEE Transactions on Information Theory.

[8]  David K. Y. Yau,et al.  Cost of differential privacy in demand reporting for smart grid economic dispatch , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[9]  Pramod Viswanath,et al.  The optimal mechanism in differential privacy , 2012, 2014 IEEE International Symposium on Information Theory.

[10]  Amos Beimel,et al.  Bounds on the Sample Complexity for Private Learning and Private Data Release , 2010, TCC.

[11]  Liwei Wang,et al.  Efficient Private ERM for Smooth Objectives , 2017, IJCAI.

[12]  Anand D. Sarwate,et al.  Differentially Private Empirical Risk Minimization , 2009, J. Mach. Learn. Res..

[13]  Martín Abadi,et al.  Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data , 2016, ICLR.

[14]  Yanjiao Chen,et al.  InPrivate Digging: Enabling Tree-based Distributed Data Mining with Differential Privacy , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[15]  Pramod Viswanath,et al.  The Composition Theorem for Differential Privacy , 2013, IEEE Transactions on Information Theory.

[16]  Pramod Viswanath,et al.  The Staircase Mechanism in Differential Privacy , 2015, IEEE Journal of Selected Topics in Signal Processing.

[17]  Yanchao Zhang,et al.  Privacy-Preserving Social Media Data Outsourcing , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[18]  R. Hardwarsing Stochastic Gradient Descent with Differentially Private Updates , 2018 .

[19]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[20]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[21]  Raef Bassily,et al.  Differentially Private Empirical Risk Minimization: Efficient Algorithms and Tight Error Bounds , 2014, 1405.7085.