Towards Reliable and Generalizable Differentially Private Machine Learning (Extended Version)

TL;DR

This paper evaluates the reproducibility of 11 state-of-the-art differentially private machine learning techniques, revealing varied results and emphasizing the importance of rigorous validation for reliable and generalizable DPML methods.

Contribution

It provides a comprehensive reproducibility and replicability study of recent DPML techniques, highlighting challenges and proposing best practices for scientific validation.

Findings

Some methods are reproducible outside initial conditions

Others fail to replicate their original results

Challenges include additional randomness from DP noise

Abstract

There is a flurry of recent research papers proposing novel differentially private machine learning (DPML) techniques. These papers claim to achieve new state-of-the-art (SoTA) results and offer empirical results as validation. However, there is no consensus on which techniques are most effective or if they genuinely meet their stated claims. Complicating matters, heterogeneity in codebases, datasets, methodologies, and model architectures make direct comparisons of different approaches challenging. In this paper, we conduct a reproducibility and replicability (R+R) experiment on 11 different SoTA DPML techniques from the recent research literature. Results of our investigation are varied: while some methods stand up to scrutiny, others falter when tested outside their initial experimental conditions. We also discuss challenges unique to the reproducibility of DPML, including additional randomness due to DP noise, and how to address them. Finally, we derive insights and best practices to obtain scientifically valid and reliable results.