Scalable Differential Privacy with Certified Robustness in Adversarial Learning
This addresses the problem of balancing privacy, utility, and robustness in machine learning for applications requiring data protection and security.
The paper tackles the challenge of preserving differential privacy in adversarial learning for deep neural networks while ensuring certified robustness against adversarial examples, resulting in notable improvements in robustness and scalability.
In this paper, we aim to develop a scalable algorithm to preserve differential privacy (DP) in adversarial learning for deep neural networks (DNNs), with certified robustness to adversarial examples. By leveraging the sequential composition theory in DP, we randomize both input and latent spaces to strengthen our certified robustness bounds. To address the trade-off among model utility, privacy loss, and robustness, we design an original adversarial objective function, based on the post-processing property in DP, to tighten the sensitivity of our model. A new stochastic batch training is proposed to apply our mechanism on large DNNs and datasets, by bypassing the vanilla iterative batch-by-batch training in DP DNNs. An end-to-end theoretical analysis and evaluations show that our mechanism notably improves the robustness and scalability of DP DNNs.