DPNAS: Neural Architecture Search for Deep Learning with Differential Privacy
This work addresses the challenge of maintaining high model accuracy while ensuring differential privacy in deep learning, which is crucial for privacy-sensitive applications, and it introduces a novel framework that could influence future model designs in this domain.
The paper tackles the problem of training deep neural networks with differential privacy, which often degrades model utility, by proposing DPNAS, a neural architecture search framework for private deep learning. The result is DPNASNet, which achieves state-of-the-art privacy/utility trade-offs, such as 98.57% accuracy on MNIST with a privacy budget of (ε, δ)=(3, 1×10^{-5}).
Training deep neural networks (DNNs) for meaningful differential privacy (DP) guarantees severely degrades model utility. In this paper, we demonstrate that the architecture of DNNs has a significant impact on model utility in the context of private deep learning, whereas its effect is largely unexplored in previous studies. In light of this missing, we propose the very first framework that employs neural architecture search to automatic model design for private deep learning, dubbed as DPNAS. To integrate private learning with architecture search, we delicately design a novel search space and propose a DP-aware method for training candidate models. We empirically certify the effectiveness of the proposed framework. The searched model DPNASNet achieves state-of-the-art privacy/utility trade-offs, e.g., for the privacy budget of $(ε, δ)=(3, 1\times10^{-5})$, our model obtains test accuracy of $98.57\%$ on MNIST, $88.09\%$ on FashionMNIST, and $68.33\%$ on CIFAR-10. Furthermore, by studying the generated architectures, we provide several intriguing findings of designing private-learning-friendly DNNs, which can shed new light on model design for deep learning with differential privacy.