We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.LG

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Machine Learning

Title: Robustness Threats of Differential Privacy

Abstract: Differential privacy (DP) is a gold-standard concept of measuring and guaranteeing privacy in data analysis. It is well-known that the cost of adding DP to deep learning model is its accuracy. However, it remains unclear how it affects robustness of the model. Standard neural networks are not robust to different input perturbations: either adversarial attacks or common corruptions. In this paper, we empirically observe an interesting trade-off between privacy and robustness of neural networks. We experimentally demonstrate that networks, trained with DP, in some settings might be even more vulnerable in comparison to non-private versions. To explore this, we extensively study different robustness measurements, including FGSM and PGD adversaries, distance to linear decision boundaries, curvature profile, and performance on a corrupted dataset. Finally, we study how the main ingredients of differentially private neural networks training, such as gradient clipping and noise addition, affect (decrease and increase) the robustness of the model.
Comments: NeurIPS'20 Privacy-Preserving Machine Learning Workshop
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)
Cite as: arXiv:2012.07828 [cs.LG]
  (or arXiv:2012.07828v3 [cs.LG] for this version)

Submission history

From: Nurislam Tursynbek [view email]
[v1] Mon, 14 Dec 2020 18:59:24 GMT (755kb,D)
[v2] Mon, 23 Aug 2021 02:56:38 GMT (1052kb,D)
[v3] Wed, 25 Aug 2021 09:42:30 GMT (1052kb,D)

Link back to: arXiv, form interface, contact.