Architecture Matters: Investigating the Influence of Differential Privacy on Neural Network Design
Abstract:
One barrier to more widespread adoption of differentially private neural networks is the entailed accuracy loss. To address this issue, the relationship between neural network architectures and model accuracy under differential privacy constraints needs to be better understood. As a first step, we test whether extant knowledge on architecture design also holds in the differentially private setting. Our findings show that it does not; architectures that perform well without differential privacy, do not necessarily do so with differential privacy. Consequently, extant knowledge on neural network architecture design cannot be seamlessly translated into the differential privacy context. Future research is required to better understand the relationship between neural network architectures and model accuracy to enable better architecture design choices under differential privacy constraints.
| Zugehörige Institution(en) am KIT | Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 14.12.2021 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000140769 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | Presented at NeurIPS 2021 Workshop on Privacy in Machine Learning (PriML 2021), 14.12.2021 |
| Schlagwörter | neural networks, neural network architecture, differential privacy, privacy-preserving machine learning |
| Nachgewiesen in | arXiv Dimensions |