Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Differentially Private Gradient Flow based on the Sliced Wasserstein Distance (2312.08227v2)

Published 13 Dec 2023 in stat.ML, cs.CR, and cs.LG

Abstract: Safeguarding privacy in sensitive training data is paramount, particularly in the context of generative modeling. This can be achieved through either differentially private stochastic gradient descent or a differentially private metric for training models or generators. In this paper, we introduce a novel differentially private generative modeling approach based on a gradient flow in the space of probability measures. To this end, we define the gradient flow of the Gaussian-smoothed Sliced Wasserstein Distance, including the associated stochastic differential equation (SDE). By discretizing and defining a numerical scheme for solving this SDE, we demonstrate the link between smoothing and differential privacy based on a Gaussian mechanism, due to a specific form of the SDE's drift term. We then analyze the differential privacy guarantee of our gradient flow, which accounts for both the smoothing and the Wiener process introduced by the SDE itself. Experiments show that our proposed model can generate higher-fidelity data at a low privacy budget compared to a generator-based model, offering a promising alternative.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (45)
  1. Deep learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, oct 2016. doi: 10.1145/2976749.2978318. URL https://doi.org/10.1145%2F2976749.2978318.
  2. Diagnostic accuracy of deep learning in medical imaging: a systematic review and meta-analysis. NPJ digital medicine, 4(1):65, 2021.
  3. Ambrosio, L. Gradient flows in metric spaces and in the spaces of probability measures, and applications to fokker-planck equations with respect to log-concave measures. Bollettino dell’Unione Matematica Italiana, 1(1):223–240, 2 2008. URL http://eudml.org/doc/290477.
  4. Wasserstein GAN. In Proceedings of the 34th International Conference on Machine Learning, Sydney, Australia,, December 2017. URL http://arxiv.org/abs/1701.07875. arXiv: 1701.07875.
  5. A computational fluid mechanics solution to the monge-kantorovich mass transfer problem. Numerische Mathematik, 84(3):375–393, 2000.
  6. Efficient gradient flows in sliced-wasserstein space. Transactions on Machine Learning Research, 2022. ISSN 2835-8856. URL https://openreview.net/forum?id=Au1LNKmRvh.
  7. Bonnotte, N. Unidimensional and evolution methods for optimal transportation. PhD thesis, Université Paris Sud-Paris XI; Scuola normale superiore (Pise, Italie), 2013.
  8. A stochastic particle method for the mckean-vlasov and the burgers equation. Mathematics of computation, 66(217):157–192, 1997.
  9. From optimal transport to generative modeling: the vegan cookbook. arXiv preprint arXiv:1705.07642, 2017.
  10. Brenier, Y. Polar factorization and monotone rearrangement of vector-valued functions. Communications on pure and applied mathematics, 44(4):375–417, 1991.
  11. Reconstruction of the early universe as a convex optimization problem. Monthly Notices of the Royal Astronomical Society, 346(2):501–524, 2003.
  12. Don’t generate me: Training differentially private generative models with sinkhorn divergence. Advances in Neural Information Processing Systems, 34:12480–12492, 2021.
  13. Extracting training data from diffusion models. In 32nd USENIX Security Symposium (USENIX Security 23), pp. 5253–5270, Anaheim, CA, August 2023. USENIX Association. ISBN 978-1-939133-37-3. URL https://www.usenix.org/conference/usenixsecurity23/presentation/carlini.
  14. Gs-wgan: A gradient-sanitized approach for learning differentially private generators. In Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M., and Lin, H. (eds.), Advances in Neural Information Processing Systems, volume 33, pp.  12673–12684. Curran Associates, Inc., 2020a. URL https://proceedings.neurips.cc/paper_files/paper/2020/file/9547ad6b651e2087bac67651aa92cd0d-Paper.pdf.
  15. Gan-leaks: A taxonomy of membership inference attacks against generative models. In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security, pp.  343–362, 2020b.
  16. Cullen, M. J. P. A mathematical theory of large-scale atmosphere/ocean flow. World Scientific, 2006.
  17. Differentially private diffusion models. Transactions on Machine Learning Research, 2023. ISSN 2835-8856. URL https://openreview.net/forum?id=ZPpQk7FJXF.
  18. Dwork, C. A firm foundation for private data analysis. Commun. ACM, 54:86–95, 04 2011. doi: 10.1145/1866739.1866758.
  19. The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci., 9(3–4):211–407, aug 2014. ISSN 1551-305X. doi: 10.1561/0400000042. URL https://doi.org/10.1561/0400000042.
  20. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference, volume Vol. 3876, pp. 265–284, 01 2006. ISBN 978-3-540-32731-8. doi: 10.1007/11681878_14.
  21. Gan and vae from an optimal transport point of view. arXiv preprint arXiv:1706.01807, 2017.
  22. Learning generative models with sinkhorn divergences. In International Conference on Artificial Intelligence and Statistics, pp.  1608–1617. PMLR, 2018.
  23. Differentially private diffusion models generate useful synthetic images. arXiv preprint arXiv:2302.13861, 2023.
  24. DP-MERF: Differentially private mean embeddings with randomfeatures for practical privacy-preserving data generation. In Banerjee, A. and Fukumizu, K. (eds.), Proceedings of The 24th International Conference on Artificial Intelligence and Statistics, volume 130 of Proceedings of Machine Learning Research, pp. 1819–1827. PMLR, 13–15 Apr 2021. URL https://proceedings.mlr.press/v130/harder21a.html.
  25. Pre-trained perceptual features improve differentially private image generation. Transactions on Machine Learning Research, 2023. ISSN 2835-8856. URL https://openreview.net/forum?id=R6W7zkMz0P.
  26. Gans trained by a two time-scale update rule converge to a local nash equilibrium, 2018.
  27. Membership inference attacks on machine learning: A survey, 2022.
  28. The variational formulation of the Fokker-Planck equation. 1 1996. doi: 10.1184/R1/6480020.v1. URL https://kilthub.cmu.edu/articles/journal_contribution/The_variational_formulation_of_the_Fokker-Planck_equation/6480020.
  29. Improved reconstruction attacks on encrypted data using range query leakage. In 2018 IEEE Symposium on Security and Privacy (SP), pp. 297–314. IEEE, 2018.
  30. Differentially private optimal transport: Application to domain adaptation. In IJCAI, pp.  2852–2858, 2019.
  31. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, November 1998.
  32. Deep learning face attributes in the wild. In Proceedings of International Conference on Computer Vision (ICCV), December 2015.
  33. Sliced-wasserstein flows: Nonparametric generative modeling via optimal transport and diffusions. In International Conference on Machine Learning, pp. 4104–4113. PMLR, 2019.
  34. G-pate: Scalable differentially private data generator via private aggregation of teacher discriminators. In Ranzato, M., Beygelzimer, A., Dauphin, Y., Liang, P., and Vaughan, J. W. (eds.), Advances in Neural Information Processing Systems, volume 34, pp.  2965–2977. Curran Associates, Inc., 2021. URL https://proceedings.neurips.cc/paper_files/paper/2021/file/171ae1bbb81475eb96287dd78565b38b-Paper.pdf.
  35. On the reconstruction of face images from deep face templates. IEEE transactions on pattern analysis and machine intelligence, 41(5):1188–1202, 2018.
  36. Existence and uniqueness theorems for solutions of mckean–vlasov stochastic equations. Theory of Probability and Mathematical Statistics, 103:59–101, 2020.
  37. Unsupervised representation learning with deep convolutional generative adversarial networks. In International Conference on Learning Representations, 2016.
  38. Differentially private sliced wasserstein distance, 2021.
  39. Statistical and topological properties of gaussian smoothed sliced probability divergences. arXiv preprint arXiv:2110.10524, 2021.
  40. Improved Techniques for Training GANs, June 2016. URL http://arxiv.org/abs/1606.03498. arXiv:1606.03498 [cs].
  41. Santambrogio, F. Euclidean, Metric, and Wasserstein gradient flows: an overview, 2016.
  42. Deep learning in medical image analysis. Annual review of biomedical engineering, 19:221–248, 2017.
  43. Membership inference attacks against machine learning models. In 2017 IEEE Symposium on Security and Privacy (SP), pp. 3–18, 2017.
  44. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms, 2017.
  45. Differentially private generative adversarial network. arXiv preprint arXiv:1802.06739, 2018.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (7)
  1. Ilana Sebag (3 papers)
  2. Muni Sreenivas PYDI (15 papers)
  3. Jean-Yves Franceschi (13 papers)
  4. Alain Rakotomamonjy (46 papers)
  5. Mike Gartrell (18 papers)
  6. Jamal Atif (38 papers)
  7. Alexandre Allauzen (26 papers)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets