Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness

Phan, Nhat Hai; Vu, Minh N.; Liu, Yang; Jin, Ruoming; Dou, Dejing; Wu, Xintao; Thai, My T.

doi:10.24963/ijcai.2019/660

Cited by 41 publications

(20 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…PixelDP cannot effectively preserve privacy in the training set as the input changes are restricted to "a small number of pixels" [74]. Phan et al [125] proposed a heterogeneous Gaussian Mechanism (HGM) that can preserve DP in training data and provide provable robustness against adversarial examples at the same time. They further proposed the stochastic batch mechanism in [123] that can retain higher model utility and is more scalable to large DNNs and datasets, compared with HGM.…”

Section: Defending Ml-based Privacy Attack: Adversarial Examplesmentioning

confidence: 99%

When Machine Learning Meets Privacy

et al. 2021

View full text Add to dashboard Cite

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning are still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This article surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning-aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

show abstract

Section: Defending Ml-based Privacy Attack: Adversarial Examplesmentioning

confidence: 99%

When Machine Learning Meets Privacy

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Noise could be added to the weights in each iteration of training. However, this method might [67] strong low Gradient [65], [68], [69] strong low Weights [70], [71] very strong very high Classes [72], [73], [74] very strong low affect convergence, since the output of the algorithm is computed based on the weights. Hence, if noise is added to each weight, the total amount of noise might become large enough to make the loss never convergent.…”

Section: Differential Privacy In Deep Neural Networkmentioning

confidence: 99%

“…Phan et al [71] proposed a heterogeneous Gaussian mechanism to preserve privacy in deep neural networks. Unlike a regular Gaussian mechanism, this heterogeneous Gaussian mechanism can arbitrarily redistribute noise from the first hidden layer and the gradient of the model to achieve an ideal trade-off between model utility and privacy loss.…”

Section: Differential Privacy In Deep Neural Networkmentioning

confidence: 99%

More Than Privacy: Applying Differential Privacy in Key Areas of Artificial Intelligence

Zhu¹,

Ye²,

Wang³

et al. 2022

IEEE Trans. Knowl. Data Eng.

105

View full text Add to dashboard Cite

Artificial Intelligence (AI) has attracted a great deal of attention in recent years. However, alongside all its advancements, problems have also emerged, such as privacy violations, security issues and model fairness. Differential privacy, as a promising mathematical model, has several attractive properties that can help solve these problems, making it quite a valuable tool. For this reason, differential privacy has been broadly applied in AI but to date, no study has documented which differential privacy mechanisms can or have been leveraged to overcome its issues or the properties that make this possible. In this paper, we show that differential privacy can do more than just privacy preservation. It can also be used to improve security, stabilize learning, build fair models, and impose composition in selected areas of AI. With a focus on regular machine learning, distributed machine learning, deep learning, and multi-agent systems, the purpose of this article is to deliver a new view on many possibilities for improving AI performance with differential privacy techniques.

show abstract

“…Laplace mechanism (Dwork and Roth 2014) and Extended Gaussian mechanism (Phan et al 2019) are common techniques for achieving differential privacy, both of which add random noise calibrated to the sensitivity of the query function q.…”

Section: Definition 2 (( δ)-Differential Privacy) a Randomizedmentioning

confidence: 99%

Differentially Private and Fair Classification via Calibrated Functional Mechanism

Ding

Zhang

et al. 2020

AAAI

View full text Add to dashboard Cite

Machine learning is increasingly becoming a powerful tool to make decisions in a wide variety of applications, such as medical diagnosis and autonomous driving. Privacy concerns related to the training data and unfair behaviors of some decisions with regard to certain attributes (e.g., sex, race) are becoming more critical. Thus, constructing a fair machine learning model while simultaneously providing privacy protection becomes a challenging problem. In this paper, we focus on the design of classification model with fairness and differential privacy guarantees by jointly combining functional mechanism and decision boundary fairness. In order to enforce ϵ-differential privacy and fairness, we leverage the functional mechanism to add different amounts of Laplace noise regarding different attributes to the polynomial coefficients of the objective function in consideration of fairness constraint. We further propose an utility-enhancement scheme, called relaxed functional mechanism by adding Gaussian noise instead of Laplace noise, hence achieving (ϵ, δ)-differential privacy. Based on the relaxed functional mechanism, we can design (ϵ, δ)-differentially private and fair classification model. Moreover, our theoretical analysis and empirical results demonstrate that our two approaches achieve both fairness and differential privacy while preserving good utility and outperform the state-of-the-art algorithms.

show abstract

Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness

Cited by 41 publications

References 27 publications

When Machine Learning Meets Privacy

When Machine Learning Meets Privacy

More Than Privacy: Applying Differential Privacy in Key Areas of Artificial Intelligence

Differentially Private and Fair Classification via Calibrated Functional Mechanism

Contact Info

Product

Resources

About