Differentially-Private Neural Network Training with Private Features and Public Labels

Islam A. Monir; Gabriel Ghinita

doi:10.1007/978-3-031-68323-7_16

Differentially-Private Neural Network Training with Private Features and Public Labels

Islam A. Monir^*, Gabriel Ghinita

^*Corresponding author for this work

Hamad bin Khalifa University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Training neural networks (NN) with differential privacy (DP) protection has been extensively studied in the past decade, with the DP-SGD (stochastic gradient descent) mechanism representing the benchmark approach. Conventional DP-SGD assumes that both the features and the labels of training samples must be protected. A recent variation of DP-SGD considers training when the input sample features are non-private, and only labels must be protected, which improves accuracy by reducing the amount of noise injected by DP. We argue that in some scenarios, the converse holds, namely the labels may be publicly known, while the features themselves are sensitive. We provide a customized technique for this setting, we identify several design trade-offs, and we show how one can factor in such trade-offs to revise the architecture of the NN in order to improve accuracy. Extensive experiments on real data show that our approach significantly outperforms the DP-SGD baseline.

Original language	English
Title of host publication	Big Data Analytics And Knowledge Discovery, Dawak 2024
Editors	R Wrembel, S Chiusano, G Kotsis, AM Tjoa, I Khalil
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	208-222
Number of pages	15
Volume	14912
ISBN (Electronic)	978-3-031-68323-7
ISBN (Print)	9783031683220
DOIs	https://doi.org/10.1007/978-3-031-68323-7_16
Publication status	Published - 18 Aug 2024
Event	26th International Conference on Data Warehousing and Knowledge Discovery, DaWaK 2024 - Naples, Italy Duration: 26 Aug 2024 → 28 Aug 2024

Publication series

Name	Lecture Notes In Computer Science

Conference

Conference	26th International Conference on Data Warehousing and Knowledge Discovery, DaWaK 2024
Country/Territory	Italy
City	Naples
Period	26/08/24 → 28/08/24

Keywords

Differential Privacy
Machine Learning
Neural Networks

Access to Document

10.1007/978-3-031-68323-7_16

Cite this

Monir, I. A., & Ghinita, G. (2024). Differentially-Private Neural Network Training with Private Features and Public Labels. In R. Wrembel, S. Chiusano, G. Kotsis, AM. Tjoa, & I. Khalil (Eds.), Big Data Analytics And Knowledge Discovery, Dawak 2024 (Vol. 14912, pp. 208-222). (Lecture Notes In Computer Science). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-68323-7_16

@inproceedings{9fadb90c5ee041fabafdf0dca9615a43,

title = "Differentially-Private Neural Network Training with Private Features and Public Labels",

abstract = "Training neural networks (NN) with differential privacy (DP) protection has been extensively studied in the past decade, with the DP-SGD (stochastic gradient descent) mechanism representing the benchmark approach. Conventional DP-SGD assumes that both the features and the labels of training samples must be protected. A recent variation of DP-SGD considers training when the input sample features are non-private, and only labels must be protected, which improves accuracy by reducing the amount of noise injected by DP. We argue that in some scenarios, the converse holds, namely the labels may be publicly known, while the features themselves are sensitive. We provide a customized technique for this setting, we identify several design trade-offs, and we show how one can factor in such trade-offs to revise the architecture of the NN in order to improve accuracy. Extensive experiments on real data show that our approach significantly outperforms the DP-SGD baseline.",

keywords = "Differential Privacy, Machine Learning, Neural Networks",

author = "Monir, {Islam A.} and Gabriel Ghinita",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; 26th International Conference on Data Warehousing and Knowledge Discovery, DaWaK 2024 ; Conference date: 26-08-2024 Through 28-08-2024",

year = "2024",

month = aug,

day = "18",

doi = "10.1007/978-3-031-68323-7_16",

language = "English",

isbn = "9783031683220",

volume = "14912",

series = "Lecture Notes In Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "208--222",

editor = "R Wrembel and S Chiusano and G Kotsis and AM Tjoa and I Khalil",

booktitle = "Big Data Analytics And Knowledge Discovery, Dawak 2024",

address = "Germany",

}

Monir, IA & Ghinita, G 2024, Differentially-Private Neural Network Training with Private Features and Public Labels. in R Wrembel, S Chiusano, G Kotsis, AM Tjoa & I Khalil (eds), Big Data Analytics And Knowledge Discovery, Dawak 2024. vol. 14912, Lecture Notes In Computer Science, Springer Science and Business Media Deutschland GmbH, pp. 208-222, 26th International Conference on Data Warehousing and Knowledge Discovery, DaWaK 2024, Naples, Italy, 26/08/24. https://doi.org/10.1007/978-3-031-68323-7_16

Differentially-Private Neural Network Training with Private Features and Public Labels. / Monir, Islam A.; Ghinita, Gabriel.
Big Data Analytics And Knowledge Discovery, Dawak 2024. ed. / R Wrembel; S Chiusano; G Kotsis; AM Tjoa; I Khalil. Vol. 14912 Springer Science and Business Media Deutschland GmbH, 2024. p. 208-222 (Lecture Notes In Computer Science).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Differentially-Private Neural Network Training with Private Features and Public Labels

AU - Monir, Islam A.

AU - Ghinita, Gabriel

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024/8/18

Y1 - 2024/8/18

N2 - Training neural networks (NN) with differential privacy (DP) protection has been extensively studied in the past decade, with the DP-SGD (stochastic gradient descent) mechanism representing the benchmark approach. Conventional DP-SGD assumes that both the features and the labels of training samples must be protected. A recent variation of DP-SGD considers training when the input sample features are non-private, and only labels must be protected, which improves accuracy by reducing the amount of noise injected by DP. We argue that in some scenarios, the converse holds, namely the labels may be publicly known, while the features themselves are sensitive. We provide a customized technique for this setting, we identify several design trade-offs, and we show how one can factor in such trade-offs to revise the architecture of the NN in order to improve accuracy. Extensive experiments on real data show that our approach significantly outperforms the DP-SGD baseline.

AB - Training neural networks (NN) with differential privacy (DP) protection has been extensively studied in the past decade, with the DP-SGD (stochastic gradient descent) mechanism representing the benchmark approach. Conventional DP-SGD assumes that both the features and the labels of training samples must be protected. A recent variation of DP-SGD considers training when the input sample features are non-private, and only labels must be protected, which improves accuracy by reducing the amount of noise injected by DP. We argue that in some scenarios, the converse holds, namely the labels may be publicly known, while the features themselves are sensitive. We provide a customized technique for this setting, we identify several design trade-offs, and we show how one can factor in such trade-offs to revise the architecture of the NN in order to improve accuracy. Extensive experiments on real data show that our approach significantly outperforms the DP-SGD baseline.

KW - Differential Privacy

KW - Machine Learning

KW - Neural Networks

UR - http://www.scopus.com/inward/record.url?scp=85202192103&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-68323-7_16

DO - 10.1007/978-3-031-68323-7_16

M3 - Conference contribution

AN - SCOPUS:85202192103

SN - 9783031683220

VL - 14912

T3 - Lecture Notes In Computer Science

SP - 208

EP - 222

BT - Big Data Analytics And Knowledge Discovery, Dawak 2024

A2 - Wrembel, R

A2 - Chiusano, S

A2 - Kotsis, G

A2 - Tjoa, AM

A2 - Khalil, I

PB - Springer Science and Business Media Deutschland GmbH

T2 - 26th International Conference on Data Warehousing and Knowledge Discovery, DaWaK 2024

Y2 - 26 August 2024 through 28 August 2024

ER -

Monir IA, Ghinita G. Differentially-Private Neural Network Training with Private Features and Public Labels. In Wrembel R, Chiusano S, Kotsis G, Tjoa AM, Khalil I, editors, Big Data Analytics And Knowledge Discovery, Dawak 2024. Vol. 14912. Springer Science and Business Media Deutschland GmbH. 2024. p. 208-222. (Lecture Notes In Computer Science). doi: 10.1007/978-3-031-68323-7_16

Differentially-Private Neural Network Training with Private Features and Public Labels

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this