Differentially Private Generative Adversarial Networks with Model Inversion
This work addresses the challenge of generating high-quality synthetic data while preserving privacy, which is crucial for applications like medical screening, though it is incremental as it builds on existing DP-GAN methods.
The paper tackled the problem of training Generative Adversarial Networks (GANs) with differential privacy, where standard methods degrade sample quality and convergence, by proposing a Differentially Private Model Inversion (DPMI) method that maps private data to a latent space and uses a lower-dimensional DP-GAN. Experimental results on datasets like CIFAR10, SVHN, and a facial landmark dataset showed that DPMI outperforms standard DP-GAN in Inception Score, Fréchet Inception Distance, and classification accuracy under the same privacy guarantees.
To protect sensitive data in training a Generative Adversarial Network (GAN), the standard approach is to use differentially private (DP) stochastic gradient descent method in which controlled noise is added to the gradients. The quality of the output synthetic samples can be adversely affected and the training of the network may not even converge in the presence of these noises. We propose Differentially Private Model Inversion (DPMI) method where the private data is first mapped to the latent space via a public generator, followed by a lower-dimensional DP-GAN with better convergent properties. Experimental results on standard datasets CIFAR10 and SVHN as well as on a facial landmark dataset for Autism screening show that our approach outperforms the standard DP-GAN method based on Inception Score, Fréchet Inception Distance, and classification accuracy under the same privacy guarantee.