Unveiling Privacy, Memorization, and Input Curvature Links
Authors: Deepak Ravikumar, Efstathia Soufleri, Abolfazl Hashemi, Kaushik Roy
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our theoretical findings are further validated using deep models on CIFAR and Image Net datasets, showing a strong correlation between our theoretical predictions and results observed in practice. We verify the theoretical results with extensive experiments on vision classification tasks using DNNs on CIFAR100 and Image Net datasets. |
| Researcher Affiliation | Academia | Deepak Ravikumar 1 Efstathia Soufleri 1 Abolfazl Hashemi 1 Kaushik Roy 1 1Department of Electrical and Computer Engineering, Purdue University, West Lafayette, Indiana 47906. Correspondence to: Deepak Ravikumar <dravikum@purdue.edu>. |
| Pseudocode | No | The paper does not contain any sections or figures explicitly labeled 'Pseudocode' or 'Algorithm'. |
| Open Source Code | Yes | Each of the three theoretical links developed in this paper is corroborated by evidence obtained on DNNs used for vision classification tasks (code available at this github link). To improve reproducibility, we have provided the code at this github link. |
| Open Datasets | Yes | To evaluate our theory we consider the classification task using standard vision datasets as the pre-computed stability-based memorization scores from Feldman & Zhang (2020) are available for CIFAR100 (Krizhevsky et al., 2009) and Image Net (Russakovsky et al., 2015) datasets. |
| Dataset Splits | No | The paper mentions training, testing, and validation of models (e.g., 'When using pre-trained models from Feldman & Zhang (2020) we validated the accuracy of the models before performing experiments.') but does not specify the explicit percentages or counts for training/validation/test splits, nor does it cite predefined splits in a way that provides this detail. |
| Hardware Specification | No | The paper does not provide specific hardware details (e.g., GPU models, CPU types, memory amounts) used for running the experiments. It only mentions 'DNNs' in general. |
| Software Dependencies | Yes | For experiments that use private models, we use the Opacus library (Yousefpour et al., 2021) to train Res Net18 models for 20 epochs till the privacy budget is reached. We use DP-SGD (Abadi et al., 2016) with the maximum gradient norm set to 1.0 and privacy parameter = 1 10 5. |
| Experiment Setup | Yes | For experiments that use private models, we use the Opacus library (Yousefpour et al., 2021) to train Res Net18 models for 20 epochs till the privacy budget is reached. We use DP-SGD (Abadi et al., 2016) with the maximum gradient norm set to 1.0 and privacy parameter = 1 10 5. The initial learning rate was set to 0.001. The learning rate is decreased by 10 at epochs 12 and 16. When training on CIFAR10 and CIFAR100 datasets the batch size is set to 128. For both CIFAR10 and CIFAR100 datasets, we used the following sequence of data augmentations for training: resize (32 32), random crop, and random horizontal flip, this is followed by normalization. |