di ff erentially private empirical risk minimization with
play

Di ff erentially Private Empirical Risk Minimization with Non-convex - PowerPoint PPT Presentation

Feb 20, 2023 •264 likes •544 views

Di ff erentially Private Empirical Risk Minimization with Non-convex Loss Functions Di Wang , Changyou Chen and Jinhui Xu State University of New York at Bu ff alo International Conference on Machine Learning 2019 Di Wang Non-convex DP-ERM ICML

  1. Di ff erentially Private Empirical Risk Minimization with Non-convex Loss Functions Di Wang , Changyou Chen and Jinhui Xu State University of New York at Bu ff alo International Conference on Machine Learning 2019 Di Wang Non-convex DP-ERM ICML 2019 1 / 15

  2. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 2 / 15

  3. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 3 / 15

  4. Empirical Risk Minimization (ERM) Given: A dataset D = { ( x 1 , y 1 ) , ( x 2 , y 2 ) , · · · , ( x n , y n ) } , where each ( x i , y i ) ∈ R d × R ∼ P . Regularization r ( · ) : R d 󰀂→ R , we use ℓ 2 regularization with r ( w ) = λ 2 󰀃 w 󰀃 2 2 . For a loss function ℓ , the (regularized) Empirical Risk: n 󰁜 L r ( w ; D ) = 1 ˆ ℓ ( w ; x i , y i ) + r ( w ) . n i =1 the (regularized) Population Risk: L r P ( w ) = E ( x , y ) ∼ P [ ℓ ( w ; x , y )] + r ( w ) . Goal: Find w so as to minimize the empirical or population risk. Di Wang Non-convex DP-ERM ICML 2019 4 / 15

  5. ( 󰂄 , δ )- Di ff erential Privacy (DP) Di ff erential Privacy (DP) [Dwork et al,. 2006] We say that two datasets, D and D ′ , are neighbors if they di ff er by only one entry, denoted as D ∼ D ′ . A randomized algorithm A is ( 󰂄 , δ )-di ff erentially private if for all neighboring datasets D , D ′ , and for all events S in the output space of A , we have Pr( A ( D ) ∈ S ) ≤ e 󰂄 Pr A ( D ′ ) ∈ S ) + δ . Di Wang Non-convex DP-ERM ICML 2019 5 / 15

  6. DP-ERM DP-ERM Determine a sample complexity n = n (1 / 󰂄 , 1 / δ , p , 1 / α ) such that there is an ( 󰂄 , δ )-DP algorithm whose output w priv achieves an α -error in the expected excess empirical risk : Err r D ( w priv ) = E ˆ L ( w LDP ; D ) − min w ∈ R d ˆ L ( w ; D ) ≤ α . or in the expected excess empirical risk : Err r P ( w priv ) = E [ L r P ( w priv )] − min w ∈ R d L r P ( w ) ≤ α . Di Wang Non-convex DP-ERM ICML 2019 6 / 15

  7. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  8. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. For non-convex loss functions, [Zhang et al, 2017] and [Wang and Xu 2019] studied the problem and used, as error measurement, the ℓ 2 gradient norm of a private estimator, i.e., 󰀃∇ ˆ L r D ( w priv ) 󰀃 2 and E P 󰀃∇ ℓ ( w priv ; x , y ) 󰀃 2 Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  9. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. For non-convex loss functions, [Zhang et al, 2017] and [Wang and Xu 2019] studied the problem and used, as error measurement, the ℓ 2 gradient norm of a private estimator, i.e., 󰀃∇ ˆ L r D ( w priv ) 󰀃 2 and E P 󰀃∇ ℓ ( w priv ; x , y ) 󰀃 2 Main Question: Can the excess empirical (population) risk be used to measure the error of non-convex loss functions in the di ff erential privacy model? Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  10. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 8 / 15

  11. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  12. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). The proof is based on some recent developments in Bayesian learning and analysis of GLD. By using a finer analysis of the time-average error of some SDE, we show the following Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  13. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). The proof is based on some recent developments in Bayesian learning and analysis of GLD. By using a finer analysis of the time-average error of some SDE, we show the following Theorem 2 For the excessed empirical risk, there is an ( 󰂄 , δ )-DP algorithm which satisfies 󰀄 C 0 ( d ) log(1 / δ ) 󰀅 T →∞ Err r D ( w T ) ≤ ˜ lim O , n τ 󰂄 τ where C 0 ( d ) is a function of d and 0 < τ < 1 is some cosntant. Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  14. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 10 / 15

  15. Result 2 Are these bounds tight? Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  16. Result 2 Are these bounds tight? Based on the exponential mechanism, we have Empirical Risk For any β < 1, there is an 󰂄 -di ff erentially private algorithm whose output w priv induces an excess empirical risk Err r D ( w priv ) ≤ ˜ O ( d n 󰂄 ) with probability at least 1 − β . Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  17. Result 2 Are these bounds tight? Based on the exponential mechanism, we have Empirical Risk For any β < 1, there is an 󰂄 -di ff erentially private algorithm whose output w priv induces an excess empirical risk Err r D ( w priv ) ≤ ˜ O ( d n 󰂄 ) with probability at least 1 − β . Population Risk For Generalized Linear model and Robust Regressions (whose loss function is ℓ ( w ; x , y ) = ( σ ( 〈 w , x 〉 ) − y ) 2 and ℓ ( w ; x , y ) = Φ ( 〈 w , x 〉 − y ), respectively), under some reasonable assumptions, there is an ( 󰂄 , δ )-DP algorithm whose excess population risk is upper bounded by 󰁵 d ln 1 4 󰀄 󰀅 δ Err P ( w priv ) ≤ O √ n 󰂄 . Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  18. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 12 / 15

  19. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  20. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  21. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  22. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Fortunately, many non-convex functions are strict saddle. Thus, it is su ffi cient to find the second order stationary point (or approximate local minimum). Definition w is an α -second-order stationary point ( α -SOSP), if 󰀃∇ F ( w ) 󰀃 2 ≤ α and λ min ( ∇ 2 F ( w )) ≥ −√ ρα . (1) Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  23. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Fortunately, many non-convex functions are strict saddle. Thus, it is su ffi cient to find the second order stationary point (or approximate local minimum). Definition w is an α -second-order stationary point ( α -SOSP), if 󰀃∇ F ( w ) 󰀃 2 ≤ α and λ min ( ∇ 2 F ( w )) ≥ −√ ρα . (1) Can we find some approximate local minimum which escapes saddle points and still keeps the algorithm ( 󰂄 , δ ) -di ff erentially private? Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  24. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  25. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. On the other hand, in DP community, one popular method for ERM is called DP-SGD , which adds some Gaussian noise in each iteration. Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  26. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. On the other hand, in DP community, one popular method for ERM is called DP-SGD , which adds some Gaussian noise in each iteration. Using DP-GD, we can show Theorem 4 If the data size n is large enough such that 󰁵 log 1 δ d log 1 ξ n ≥ ˜ Ω ( ) , (2) 󰂄α 2 then with probability 1 − ζ , one of the outputs is an α -SOSP of the empirical risk ˆ L ( · , D ). Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  27. Thank you! Di Wang Non-convex DP-ERM ICML 2019 15 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical Risk Minimization Learning: Reminder Known data universe X and an unknown probability distribution D on X Known concept class C and an unknown

341 views • 17 slides
Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view

Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view

Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view Perceptron CRF Notation for Linear Models Training data: {(x 1 , y 1 ), (x 2 , y 2 ), , (x N , y N )} Testing data: {(x N+1 , y N+1 ),

418 views • 21 slides
Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e

Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e

Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e Universit e Paris 6 COLT 2007, June 13 General Framework. Aggregations Procedures. Optimality in classification. Motivation. M prior estimators

708 views • 54 slides
High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and

High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and

High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and Systems Engineering University of Pennsylvania aribeiro@seas.upenn.edu Thanks to: Aryan Mokhtari, Mark Eisen, ONR, NSF DIMACS Workshop on

775 views • 40 slides
Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data Gerome Miklau University of Massachusetts, Amherst DIMACS Workshop on Recent Work on Di ff erential Privacy across Computer Science October 2012

1.39k views • 136 slides
Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lcuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu Machine Learning (ML) introduces a dangerous double standard for data

603 views • 45 slides
WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning

WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning

WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning The model Given a set of training data in a domain Fit a function to minimize risk Empirical Risk Risk Loss Function Hinge loss

621 views • 13 slides
Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik

Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik

Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik Empirical Risk Minimization n x R d f ( x ) := 1 X min f i ( x ) n i =1 Empirical Risk Minimization n x R d f ( x ) := 1 X min f i (

1.07k views • 28 slides
Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk

Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk

Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk Minimization 2 What have we seen so far? Several algorithms that seem to work fine on training datasets: Linear regression Nave Bayes

1.13k views • 51 slides
Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk

Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk

Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk and True Risk 2 Empirical Risk Shorthand: True risk of f (deterministic) : Bayes risk : Let us use the empirical counter part: Empirical risk: 3

1.46k views • 69 slides
Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic

Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic

Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic Gradient Descent Lon Bottou, Frank E Curtis, Jorge Nocedal Optimization methods for large-scale machine learning SVRG:

738 views • 39 slides
Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know the concept of loss Understand the relationship between loss and risk Understand the relationship between risk minimization and finding the best

644 views • 10 slides
On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I.

On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I.

On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I. Jordan 1 1EECS, University of California, Berkeley. 2Duke University. 1 / 6 Chi Jin On the Local Minima of the Empirical Risk Overview Nonconvex

425 views • 14 slides
Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far?

Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far?

Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far? Several classification &amp; regression algorithms seem to work fine on training datasets: Linear regression Gaussian Processes Nave

800 views • 53 slides
Demand for hospital care and private health insurance in a mixed public-private system: empirical

Demand for hospital care and private health insurance in a mixed public-private system: empirical

Demand for hospital care and private health insurance in a mixed public-private system: empirical evidence using a simultaneous equation modeling approach. Terence Cheng 1 Farshid Vahid 2 IRDES, 25 June 2010 The 2010 IRDES WORKSHOP on Applied

511 views • 34 slides
Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water

Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water

Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water Supply Workshop October 2013 Outline Water quality standards/drivers Contaminants (pathogens, chemicals) Population at Risk Health Risk

432 views • 28 slides
Discriminative Models Joakim Nivre Uppsala University Department of Linguistics and Philology

Discriminative Models Joakim Nivre Uppsala University Department of Linguistics and Philology

Discriminative Models Joakim Nivre Uppsala University Department of Linguistics and Philology joakim.nivre@lingfil.uu.se Discriminative Models 1(11) 1. Generative and Discriminative Models 2. Log-Linear Models 3. Local Discriminative Models

278 views • 11 slides
MassiveBlack Rupert Croft Tiziana Di Matteo Yu Feng Nishikanta Khandai Colin Degraf Evan

MassiveBlack Rupert Croft Tiziana Di Matteo Yu Feng Nishikanta Khandai Colin Degraf Evan

MassiveBlack Rupert Croft Tiziana Di Matteo Yu Feng Nishikanta Khandai Colin Degraf Evan Tucker Nicholas Battaglia + Volker Springel Public data store and simulation browser: http://mbii.phys.cmu.edu where do supermassive black holes

500 views • 49 slides
Euro-Mediterranean Center on Climate Change M. Mancini 1 , A. Raolil 1 , G. Cal 1 , G. Aloisio

Euro-Mediterranean Center on Climate Change M. Mancini 1 , A. Raolil 1 , G. Cal 1 , G. Aloisio

Provisioning Flexible and High Available iRODS-based Data Services at Euro-Mediterranean Center on Climate Change M. Mancini 1 , A. Raolil 1 , G. Cal 1 , G. Aloisio 1,2 1 Fondazione Centro Euro-Mediterraneo sui Cambiamenti Climatici, Lecce,

237 views • 22 slides
New Insights into Disability Beneficiaries Pursuit of Work Presenters Michael Levere, Denise

New Insights into Disability Beneficiaries Pursuit of Work Presenters Michael Levere, Denise

New Insights into Disability Beneficiaries Pursuit of Work Presenters Michael Levere, Denise Hoffman, and Gina Livermore Mathematica Policy Research Discussant Paul OLeary Social Security Administration Center for Studying Disability

704 views • 58 slides
Your Future Why become a Registered Dietitian, Registered Dietitian Nutritionist? What are

Your Future Why become a Registered Dietitian, Registered Dietitian Nutritionist? What are

Becoming a Registered Dietitian/ Registered Dietitian Nutritionist Your Accomplishments Your Career Goals Your Future Why become a Registered Dietitian, Registered Dietitian Nutritionist? What are your options? How will you decide?

1.07k views • 51 slides
CLOSER 2019, May., 2-4, Heraklion, Greece 1 CLOSER 2019, May., 2-4, Heraklion, Greece 2 Cloud

CLOSER 2019, May., 2-4, Heraklion, Greece 1 CLOSER 2019, May., 2-4, Heraklion, Greece 2 Cloud

CLOSER 2019, May., 2-4, Heraklion, Greece 1 CLOSER 2019, May., 2-4, Heraklion, Greece 2 Cloud layer Fog layer Sensor layer CLOSER 2019, May., 2-4, Heraklion, Greece 3 CLOSER 2019, May., 2-4, Heraklion, Greece 4 CLOSER 2019, May., 2-4,

345 views • 18 slides
Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Thursday - Dydd

Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Thursday - Dydd

Web Meeting SET UP Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Thursday - Dydd Iau July 21 - UTC 13:00 [Wales 2:00pm, Argentina 10:00am, Eastern US 9:00am] Launch Meeting and Countdown Time Zone Converter

1.07k views • 62 slides
Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd

Web Meeting SET UP Cada Da - Welsh Meeting Template Social Language Learning Program - Template - Wednesday - Dydd Mercher August 3 - Wednesday UTC 15:30 [Wales 4:30pm, Argentina 12:30pm, Eastern US 11:30am] Launch Meeting and Countdown Time

1.12k views • 77 slides

More recommend