Differentially private training of neural networks with Langevin dynamics for calibrated predictive uncertainty

TL;DR

This paper introduces a method combining Langevin dynamics with differential privacy to train neural networks that produce better-calibrated uncertainty estimates, addressing overconfidence issues in safety-critical applications.

Contribution

The paper presents a novel approach that adapts stochastic gradient Langevin dynamics for differentially private training, improving uncertainty calibration in neural networks.

Findings

Significantly reduces calibration error in neural networks.

Provides more reliable uncertainty estimates than standard DP-SGD.

Demonstrates effectiveness on MNIST and Pediatric Pneumonia Dataset.

Abstract

We show that differentially private stochastic gradient descent (DP-SGD) can yield poorly calibrated, overconfident deep learning models. This represents a serious issue for safety-critical applications, e.g. in medical diagnosis. We highlight and exploit parallels between stochastic gradient Langevin dynamics, a scalable Bayesian inference technique for training deep neural networks, and DP-SGD, in order to train differentially private, Bayesian neural networks with minor adjustments to the original (DP-SGD) algorithm. Our approach provides considerably more reliable uncertainty estimates than DP-SGD, as demonstrated empirically by a reduction in expected calibration error (MNIST $\sim{5}$-fold, Pediatric Pneumonia Dataset $\sim{2}$-fold).