Differentially private training of neural networks with Langevin dynamics for calibrated predictive uncertainty
This addresses the issue of overconfident models in privacy-sensitive domains, offering a solution for improved safety, though it is incremental as it builds on existing DP-SGD and Bayesian techniques.
The paper tackles the problem of poorly calibrated predictive uncertainty in differentially private neural networks trained with DP-SGD, which is critical for safety-critical applications like medical diagnosis. The result is a method that provides more reliable uncertainty estimates, reducing expected calibration error by approximately 5-fold on MNIST and 2-fold on a pediatric pneumonia dataset.
We show that differentially private stochastic gradient descent (DP-SGD) can yield poorly calibrated, overconfident deep learning models. This represents a serious issue for safety-critical applications, e.g. in medical diagnosis. We highlight and exploit parallels between stochastic gradient Langevin dynamics, a scalable Bayesian inference technique for training deep neural networks, and DP-SGD, in order to train differentially private, Bayesian neural networks with minor adjustments to the original (DP-SGD) algorithm. Our approach provides considerably more reliable uncertainty estimates than DP-SGD, as demonstrated empirically by a reduction in expected calibration error (MNIST $\sim{5}$-fold, Pediatric Pneumonia Dataset $\sim{2}$-fold).