Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning?

Guy Heller; Ethan Fetaya

doi:10.1109/satml54575.2023.00015

Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning?

Guy Heller, Ethan Fetaya

Bar-Ilan University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Bayesian learning via Stochastic Gradient Langevin Dynamics (SGLD) has been suggested for differentially private learning. While previous research provides differential privacy bounds for SGLD at the initial steps of the algorithm or when close to convergence, the question of what differential privacy guarantees can be made in between remains unanswered. This interim region is of great importance, especially for Bayesian neural networks, as it is hard to guarantee convergence to the posterior. This paper shows that using SGLD might result in unbounded privacy loss for this interim region, even when sampling from the posterior is as differentially private as desired.

Original language	English
Title of host publication	Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	68-106
Number of pages	39
ISBN (Electronic)	9781665462990
DOIs	https://doi.org/10.1109/satml54575.2023.00015
State	Published - 2023
Event	2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023 - Raleigh, United States Duration: 8 Feb 2023 → 10 Feb 2023

Publication series

Name	Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023

Conference

Conference	2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023
Country/Territory	United States
City	Raleigh
Period	8/02/23 → 10/02/23

Keywords

Bayesian Inference
Deep Learning
Differential Privacy
Stochastic Gradient Langevin Dynamics

All Science Journal Classification (ASJC) codes

Computer Vision and Pattern Recognition
Safety, Risk, Reliability and Quality
Artificial Intelligence

Access to Document

10.1109/satml54575.2023.00015

Cite this

Heller, G., & Fetaya, E. (2023). Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning? In Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023 (pp. 68-106). (Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/satml54575.2023.00015

Heller, Guy ; Fetaya, Ethan. / Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning?. Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 68-106 (Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023).

@inproceedings{2136c8ed02184d0790f114e27bba678d,

title = "Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning?",

abstract = "Bayesian learning via Stochastic Gradient Langevin Dynamics (SGLD) has been suggested for differentially private learning. While previous research provides differential privacy bounds for SGLD at the initial steps of the algorithm or when close to convergence, the question of what differential privacy guarantees can be made in between remains unanswered. This interim region is of great importance, especially for Bayesian neural networks, as it is hard to guarantee convergence to the posterior. This paper shows that using SGLD might result in unbounded privacy loss for this interim region, even when sampling from the posterior is as differentially private as desired.",

keywords = "Bayesian Inference, Deep Learning, Differential Privacy, Stochastic Gradient Langevin Dynamics",

author = "Guy Heller and Ethan Fetaya",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023 ; Conference date: 08-02-2023 Through 10-02-2023",

year = "2023",

doi = "10.1109/satml54575.2023.00015",

language = "الإنجليزيّة",

series = "Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "68--106",

booktitle = "Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023",

address = "الولايات المتّحدة",

}

Heller, G & Fetaya, E 2023, Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning? in Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023. Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023, Institute of Electrical and Electronics Engineers Inc., pp. 68-106, 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023, Raleigh, United States, 8/02/23. https://doi.org/10.1109/satml54575.2023.00015

Can Stochastic Gradient Langevin Dynamics Provide Differential Privacy for Deep Learning? / Heller, Guy; Fetaya, Ethan.
Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 68-106 (Proceedings - 2023 IEEE Conference on Secure and Trustworthy Machine Learning, SaTML 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review