Exploring the Benefits of Visual Prompting in Differential Privacy
This work addresses improving privacy-utility trade-offs in DP for neural network classifiers, but it appears incremental as it integrates an existing technique (VP) into established DP methods.
The paper explores using Visual Prompting (VP) with differential privacy (DP) training methods, finding that combining VP with PATE achieves state-of-the-art privacy-utility trade-offs with minimal privacy budget expenditure, as validated through experiments including cross-domain image classification.
Visual Prompting (VP) is an emerging and powerful technique that allows sample-efficient adaptation to downstream tasks by engineering a well-trained frozen source model. In this work, we explore the benefits of VP in constructing compelling neural network classifiers with differential privacy (DP). We explore and integrate VP into canonical DP training methods and demonstrate its simplicity and efficiency. In particular, we discover that VP in tandem with PATE, a state-of-the-art DP training method that leverages the knowledge transfer from an ensemble of teachers, achieves the state-of-the-art privacy-utility trade-off with minimum expenditure of privacy budget. Moreover, we conduct additional experiments on cross-domain image classification with a sufficient domain gap to further unveil the advantage of VP in DP. Lastly, we also conduct extensive ablation studies to validate the effectiveness and contribution of VP under DP consideration. Our code is available at (https://github.com/EzzzLi/Prompt-PATE).