<italic>p</italic>-Power Exponential Mechanisms for Differentially Private Machine Learning

<italic>p</italic>-Power Exponential Mechanisms for Differentially Private Machine Learning

Differentially private stochastic gradient descent (DP-SGD) that perturbs the clipped gradients is a popular approach for private machine learning. Gaussian mechanism GM, combined with the moments accountant (MA), has demonstrated a much better privacy-utility tradeoff than using the advanced compos...

Description complète

Enregistré dans:
Détails bibliographiques
Auteurs principaux: Yanan Li, Xuebin Ren, Fangyuan Zhao, Shusen Yang
Format: article
Langue:EN
Publié: IEEE 2021
Sujets:
Privacy protection
privacy-utility trade-off
noise variance
Gaussian mechanism
moments accountant
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Accès en ligne:https://doaj.org/article/d91648a81c8e4395a2b8d3247e9c873c
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
Description
Résumé:Differentially private stochastic gradient descent (DP-SGD) that perturbs the clipped gradients is a popular approach for private machine learning. Gaussian mechanism GM, combined with the moments accountant (MA), has demonstrated a much better privacy-utility tradeoff than using the advanced composition theorem. However, it is unclear whether the tradeoff can be further improved by other mechanisms with different noise distributions. To this end, we extend GM (<inline-formula> <tex-math notation="LaTeX">$p=2$ </tex-math></inline-formula>) to the generalized <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>-power exponential mechanism (<inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM with <inline-formula> <tex-math notation="LaTeX">$p&gt;0$ </tex-math></inline-formula>) family and show its privacy guarantee. Straightforwardly, we can enhance the privacy-utility tradeoff of GM by searching noise distribution in the wider mechanism space. To implement <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM in practice, we design an effective sampling method and extend MA to <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM for tightly estimating privacy loss. Besides, we formally prove the non-optimality of GM based on the variation method. Numerical experiments validate the properties of <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM and illustrate a comprehensive comparison between <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM and the other two state-of-the-art methods. Experimental results show that <inline-formula> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula>EM is preferred when the noise variance is relatively small to the signal and the dimension is not too high.

Documents similaires