55 research outputs found
Tempered Sigmoid Activations for Deep Learning with Differential Privacy
Because learning sometimes involves sensitive data, machine learning
algorithms have been extended to offer privacy for training data. In practice,
this has been mostly an afterthought, with privacy-preserving models obtained
by re-running training with a different optimizer, but using the model
architectures that already performed well in a non-privacy-preserving setting.
This approach leads to less than ideal privacy/utility tradeoffs, as we show
here. Instead, we propose that model architectures are chosen ab initio
explicitly for privacy-preserving training.
To provide guarantees under the gold standard of differential privacy, one
must bound as strictly as possible how individual training points can possibly
affect model updates. In this paper, we are the first to observe that the
choice of activation function is central to bounding the sensitivity of
privacy-preserving deep learning. We demonstrate analytically and
experimentally how a general family of bounded activation functions, the
tempered sigmoids, consistently outperform unbounded activation functions like
ReLU. Using this paradigm, we achieve new state-of-the-art accuracy on MNIST,
FashionMNIST, and CIFAR10 without any modification of the learning procedure
fundamentals or differential privacy analysis
- …