Journal Article10.24963/ijcai.2023/243
Model Conversion via Differentially Private Data-Free Distillation
Bochao Liu,Pengju Wang,Shikun Li,Dan Zeng,Shiming Ge +4 more
- 01 Aug 2023
TL;DR: Model conversion via differentially private data-free distillation (DPDFD) converts a pretrained model into its privacy-preserving counterpart without access to training data.
read more
Abstract: While massive valuable deep models trained on large-scale data have been released to facilitate the artificial intelligence community, they may encounter attacks in deployment which leads to privacy leakage of training data. In this work, we propose a learning approach termed differentially private data-free distillation (DPDFD) for model conversion that can convert a pretrained model (teacher) into its privacy-preserving counterpart (student) via an intermediate generator without access to training data. The learning collaborates three parties in a unified way. First, massive synthetic data are generated with the generator. Then, they are fed into the teacher and student to compute differentially private gradients by normalizing the gradients and adding noise before performing descent. Finally, the student is updated with these differentially private gradients and the generator is updated by taking the student as a fixed discriminator in an alternate manner. In addition to a privacy-preserving student, the generator can generate synthetic data in a differentially private way for other down-stream tasks. We theoretically prove that our approach can guarantee differential privacy and well convergence. Extensive experiments that significantly outperform other differentially private generative approaches demonstrate the effectiveness of our approach.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Figures
Figure 1: Overview of our differentially private data-free distillation approach. The approach learns to convert a pretrained model ϕt into a privacy-preserving student ϕs via an intermediate generator ϕg . The learning is performed to collaborate three parties in a unified way. First, the generator generates massive data. Then, these data are fed into the teacher and student models to calculate the gradients gs; Finally, the student and generator are updated with differentially private gradients g̃s, which are computed by applying DP mechanismAC,σ to gs. Here, C is the norm bound and N(0, σ2) is Gaussian noise with mean 0 and variance σ2. 
Table 4: Accuracy comparisons with 3 DPSGD mechanisms on MNIST and CIFAR10 under different privacy budget ε. 
Table 3: Accuracy on ImageNet with different networks under different privacy budget ε (δ = 10−5). 
Table 2: Accuracy comparisons with 5 implicit approaches under different privacy budget ε. 
Table 1: Accuracy comparisons with 9 explicit approaches under different privacy budget ε (δ = 10−5). 
Table 5: Student accuracy under different noise scale σ
Citations
Meta-Learning without Data via Unconditional Diffusion Models
Yongxian Wei,Zixuan Hu,Li Shen,Zhenyi Wang,Lei Li,Yu Li,Chun Yuan +6 more
TL;DR: This study proposes a meta-learning framework that leverages unconditional diffusion models to generate synthetic data, enabling few-shot learning without annotated datasets, and demonstrates its effectiveness in four real-world scenarios with superior adaptability.
1
Private Gradient Estimation is Useful for Generative Modeling
Bochao Liu,Pengju Wang,Weijia Guo,Yong Li,Liansheng Zhuang,Weiping Wang,Shiming Ge +6 more
- 26 Oct 2024
References
Deep Residual Learning for Image Recognition
Kaiming He,Xiangyu Zhang,Shaoqing Ren,Jian Sun +3 more
- 27 Jun 2016
TL;DR: In this article, the authors proposed a residual learning framework to ease the training of networks that are substantially deeper than those used previously, which won the 1st place on the ILSVRC 2015 classification task.
•Proceedings Article
Very Deep Convolutional Networks for Large-Scale Image Recognition
Karen Simonyan,Andrew Zisserman +1 more
- 04 Sep 2014
TL;DR: This work investigates the effect of the convolutional network depth on its accuracy in the large-scale image recognition setting using an architecture with very small convolution filters, which shows that a significant improvement on the prior-art configurations can be achieved by pushing the depth to 16-19 weight layers.
102.6K
•Proceedings Article
ImageNet Classification with Deep Convolutional Neural Networks
Alex Krizhevsky,Ilya Sutskever,Geoffrey E. Hinton +2 more
- 03 Dec 2012
TL;DR: The state-of-the-art performance of CNNs was achieved by Deep Convolutional Neural Networks (DCNNs) as discussed by the authors, which consists of five convolutional layers, some of which are followed by max-pooling layers, and three fully-connected layers with a final 1000-way softmax.
Going deeper with convolutions
Christian Szegedy,Wei Liu,Yangqing Jia,Pierre Sermanet,Scott Reed,Dragomir Anguelov,Dumitru Erhan,Vincent Vanhoucke,Andrew Rabinovich +8 more
- 07 Jun 2015
TL;DR: Inception as mentioned in this paper is a deep convolutional neural network architecture that achieves the new state of the art for classification and detection in the ImageNet Large-Scale Visual Recognition Challenge 2014 (ILSVRC14).
Gradient-based learning applied to document recognition
Yann LeCun,Léon Bottou,Léon Bottou,Yoshua Bengio,Yoshua Bengio,Yoshua Bengio,Patrick Haffner +6 more
- 01 Jan 1998
TL;DR: In this article, a graph transformer network (GTN) is proposed for handwritten character recognition, which can be used to synthesize a complex decision surface that can classify high-dimensional patterns, such as handwritten characters.
53.5K