Differential Privacy Mechanisms in Neural Tangent Kernel Regression

TL;DR

This paper investigates differential privacy in Neural Tangent Kernel regression, providing theoretical guarantees and experimental validation on CIFAR10, marking the first such analysis for this setting.

Contribution

It introduces the first differential privacy guarantees for NTK regression and demonstrates its effectiveness in maintaining accuracy under privacy constraints.

Findings

Provable DP guarantees for NTK regression.

NTK regression maintains good accuracy with modest privacy budgets.

Experimental validation on CIFAR10 dataset.

Abstract

Training data privacy is a fundamental problem in modern Artificial Intelligence (AI) applications, such as face recognition, recommendation systems, language generation, and many others, as it may contain sensitive user information related to legal issues. To fundamentally understand how privacy mechanisms work in AI applications, we study differential privacy (DP) in the Neural Tangent Kernel (NTK) regression setting, where DP is one of the most powerful tools for measuring privacy under statistical learning, and NTK is one of the most popular analysis frameworks for studying the learning mechanisms of deep neural networks. In our work, we can show provable guarantees for both differential privacy and test accuracy of our NTK regression. Furthermore, we conduct experiments on the basic image classification dataset CIFAR10 to demonstrate that NTK regression can preserve good accuracy under a modest privacy budget, supporting the validity of our analysis. To our knowledge, this is the first work to provide a DP guarantee for NTK regression.