The Library
Initialization matters : privacy-utility analysis of overparameterized neural networks
Tools
Ye, Jiayuan, Zhu, Zhenyu, Liu, Fanghui, Shokri, Reza and Cevher, Volkan (2023) Initialization matters : privacy-utility analysis of overparameterized neural networks. In: Thirty-seventh Conference on Neural Information Processing Systems, New Orleans, USA, 10-16 Dec 2023
|
PDF
WRAP-Initialization-matters-privacy-utility-analysis-overparameterized-neural-networks-23.pdf - Accepted Version - Requires a PDF viewer. Download (718Kb) | Preview |
Official URL: https://openreview.net/forum?id=IKvxmnHjkL
Abstract
We analytically investigate how over-parameterization of models in randomized machine learning algorithms impacts the information leakage about their training data. Specifically, we prove a privacy bound for the KL divergence between model distributions on worst-case neighboring datasets, and explore its dependence on the initialization, width, and depth of fully connected neural networks. We find that this KL privacy bound is largely determined by the expected squared gradient norm relative to model parameters during training. Notably, for the special setting of linearized network, our analysis indicates that the squared gradient norm (and therefore the escalation of privacy loss) is tied directly to the per-layer variance of the initialization distribution. By using this analysis, we demonstrate that privacy bound improves with increasing depth under certain initializations (LeCun and Xavier), while degrades with increasing depth under other initializations (He and NTK). Our work reveals a complex interplay between privacy and depth that depends on the chosen initialization distribution. We further prove excess empirical risk bounds under a fixed KL privacy budget, and show that the interplay between privacy utility trade-off and depth is similarly affected by the initialization.
Item Type: | Conference Item (Paper) | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Subjects: | Q Science > QA Mathematics Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software |
||||||||||||||||||||||||
Divisions: | Faculty of Science, Engineering and Medicine > Science > Computer Science | ||||||||||||||||||||||||
Library of Congress Subject Headings (LCSH): | Neural networks (Computer science), Computer security, Data privacy, Machine learning -- Mathematics , Computer algorithms | ||||||||||||||||||||||||
Official Date: | 10 December 2023 | ||||||||||||||||||||||||
Dates: |
|
||||||||||||||||||||||||
Status: | Peer Reviewed | ||||||||||||||||||||||||
Publication Status: | Published | ||||||||||||||||||||||||
Date of first compliant deposit: | 8 November 2023 | ||||||||||||||||||||||||
Date of first compliant Open Access: | 8 November 2023 | ||||||||||||||||||||||||
RIOXX Funder/Project Grant: |
|
||||||||||||||||||||||||
Conference Paper Type: | Paper | ||||||||||||||||||||||||
Title of Event: | Thirty-seventh Conference on Neural Information Processing Systems | ||||||||||||||||||||||||
Type of Event: | Conference | ||||||||||||||||||||||||
Location of Event: | New Orleans, USA | ||||||||||||||||||||||||
Date(s) of Event: | 10-16 Dec 2023 | ||||||||||||||||||||||||
Related URLs: |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year