Scalable Differential Privacy with Certified Robustness in Adversarial Learning
Authors: Hai Phan, My T. Thai, Han Hu, Ruoming Jin, Tong Sun, Dejing Dou
ICML 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | An end-to-end theoretical analysis and evaluations show that our mechanism notably improves the robustness and scalability of DP DNNs. Rigorous experiments conducted on MNIST, CIFAR-10 (Lecun et al., 1998; Krizhevsky & Hinton, 2009), and (Tiny Image Net) datasets show that our mechanism notably enhances the robustness and scalability of DP DNNs. |
| Researcher Affiliation | Collaboration | 1Ying Wu College of Computing, New Jersey Institute of Technology, Newark, New Jersey, USA 2Department of Computer & Information Sciences & Engineering, University of Florida, Gainesville, Florida, USA 3Computer Science Department, Kent State University, Kent, Ohio, USA 4Adobe Research, San Jose, California, USA 5Computer and Information Science Department, University of Oregon, Eugene, Oregon, USA 6(Sabbatical leave from University of Oregon to) Baidu Research, Beijing, China. |
| Pseudocode | Yes | Sto Batch is presented in Alg. 4 (Appendix D). Our DNN (Fig. 1a) is presented as: f(x) = g(a(x, θ1), θ2). At a high level, there are four key components: (...) To establish theoretical results in DP preservation and in deriving robustness bounds, let us first present our mechanism in the vanilla iterative batch-by-batch training (Alg. 1). The network f (Lines 2-3, Alg. 1) is trained over T training steps. |
| Open Source Code | Yes | The implementation of our mechanism is available in Tensor Flow1. 1https://github.com/haiphan NJIT/Sto Batch |
| Open Datasets | Yes | We have conducted an extensive experiment on the MNIST, CIFAR-10, and Tiny Image Net datasets. |
| Dataset Splits | No | The paper mentions 'Our validation focuses on shedding light into the interplay among model utility, privacy loss, and robustness bounds' but does not provide explicit percentages or counts for training, validation, and test splits, nor does it specify how validation sets were created. |
| Hardware Specification | No | The paper mentions distributed training on 'many GPUs' (e.g., '128 GPUs') but does not specify the exact models (e.g., NVIDIA A100), CPU types, or other detailed hardware specifications used for the experiments. |
| Software Dependencies | No | The paper states 'The implementation of our mechanism is available in TensorFlow1' but does not specify a version number for TensorFlow or any other software dependencies required for reproducibility. |
| Experiment Setup | Yes | Input: Database D, loss function L, parameters θ, batch size m, learning rate ϱt, privacy budgets: ϵ1 and ϵ2, robustness parameters: ϵr, x r, and h r, adversarial attack size µa, the number of invocations n, ensemble attacks A, parameters ψ and ξ, and the size |hπ| and 'the number of iterative attack steps is increased to Tµ=200 in training, and to Ta=2,000 in testing. Model Configuration (Appendix P).' |