Certification for Differentially Private Prediction in Gradient-Based Training
This work addresses privacy concerns in machine learning applications like medical image classification and natural language processing, representing an incremental improvement over existing methods.
The paper tackled the problem of sub-optimal privacy-utility trade-offs in differentially private prediction by introducing a method to compute dataset-specific upper bounds on prediction sensitivity, resulting in sensitivity bounds that are orders of magnitude tighter than global sensitivity-based approaches.
We study private prediction where differential privacy is achieved by adding noise to the outputs of a non-private model. Existing methods rely on noise proportional to the global sensitivity of the model, often resulting in sub-optimal privacy-utility trade-offs compared to private training. We introduce a novel approach for computing dataset-specific upper bounds on prediction sensitivity by leveraging convex relaxation and bound propagation techniques. By combining these bounds with the smooth sensitivity mechanism, we significantly improve the privacy analysis of private prediction compared to global sensitivity-based approaches. Experimental results across real-world datasets in medical image classification and natural language processing demonstrate that our sensitivity bounds are can be orders of magnitude tighter than global sensitivity. Our approach provides a strong basis for the development of novel privacy preserving technologies.