Augment then Smooth: Reconciling Differential Privacy with Certified   Robustness

Jiapeng Wu; Atiyeh Ashari Ghomi; David Glukhov; Jesse C. Cresswell,; Franziska Boenisch; Nicolas Papernot

arXiv:2306.08656·cs.LG·December 23, 2024·2 cites

Augment then Smooth: Reconciling Differential Privacy with Certified Robustness

Jiapeng Wu, Atiyeh Ashari Ghomi, David Glukhov, Jesse C. Cresswell,, Franziska Boenisch, Nicolas Papernot

PDF

Open Access 1 Repo

TL;DR

This paper introduces DP-CERT, a simple method that combines differential privacy and certified robustness by integrating randomized smoothing into private training, improving certified accuracy and reducing Lipschitz constants.

Contribution

DP-CERT is a novel, straightforward approach that effectively merges differential privacy with certified robustness, outperforming prior complex training schemes.

Findings

01

Up to 2.5% increase in certified accuracy on CIFAR10

02

Larger certifiable radii correlate with smaller local Lipschitz constants

03

DP-CERT reduces Lipschitz constants compared to other private training methods

Abstract

Machine learning models are susceptible to a variety of attacks that can erode trust, including attacks against the privacy of training data, and adversarial examples that jeopardize model accuracy. Differential privacy and certified robustness are effective frameworks for combating these two threats respectively, as they each provide future-proof guarantees. However, we show that standard differentially private model training is insufficient for providing strong certified robustness guarantees. Indeed, combining differential privacy and certified robustness in a single system is non-trivial, leading previous works to introduce complex training schemes that lack flexibility. In this work, we present DP-CERT, a simple and effective method that achieves both privacy and robustness guarantees simultaneously by integrating randomized smoothing into standard differentially private model…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

layer6ai-labs/dp-cert
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Explainable Artificial Intelligence (XAI)

MethodsRandomized Smoothing · fail