Differentially Private Learning Needs Better Features (or Much More Data)

Florian Tramer; Dan Boneh

Differentially Private Learning Needs Better Features (or Much More Data)

Florian Tramer, Dan Boneh

Published: 12 Jan 2021, Last Modified: 03 Apr 2024ICLR 2021 SpotlightReaders: Everyone

Keywords: Differential Privacy, Privacy, Deep Learning

Abstract: We demonstrate that differentially private machine learning has not yet reached its ''AlexNet moment'' on many canonical vision tasks: linear models trained on handcrafted features significantly outperform end-to-end deep neural networks for moderate privacy budgets. To exceed the performance of handcrafted features, we show that private learning requires either much more private data, or access to features learned on public data from a similar domain. Our work introduces simple yet strong baselines for differentially private learning that can inform the evaluation of future progress in this area.

One-sentence Summary: Linear models with handcrafted features outperform end-to-end CNNs for differentially private learning

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics

Code: [![github](/images/github_icon.svg) ftramer/Handcrafted-DP](https://github.com/ftramer/Handcrafted-DP) + [![Papers with Code](/images/pwc_icon.svg) 1 community implementation](https://paperswithcode.com/paper/?openreview=YTWGvpFOQD-)

Data: [CIFAR-10](https://paperswithcode.com/dataset/cifar-10), [CIFAR-100](https://paperswithcode.com/dataset/cifar-100), [Fashion-MNIST](https://paperswithcode.com/dataset/fashion-mnist), [ImageNet](https://paperswithcode.com/dataset/imagenet), [Tiny Images](https://paperswithcode.com/dataset/tiny-images)

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/arxiv:2011.11660/code)

16 Replies

Loading