Abstract
The growing use of generative AI models for managing sensitive data presents substantial privacy risks. Differential privacy (DP) methods can mitigate such risks but approaches based on the Gaussian mechanism, such as Differentially Private Stochastic Gradient Descent (DPSGD) and Private Aggregation of Teacher Ensembles (PATE), often produce low-quality synthetic data due to the addition of noise during training. To address this issue, several approaches explored the distribution of private data in the latent space of a publicly-trained generative model, by either building a secondary DP-GAN on the latent space [1], [2] or direct sampling via exponential mechanism (EM) [3]. However, these methods still face challenges in identifying regions in the latent space that yield high-quality private images and in managing the privacy budget effectively. In this paper, we introduce DPGEM (Differentially Private Generative Model with Exponential Mechanism), which enhances the scoring function by employing a classifier trained on synthetic representations of private and public data. We propose a local differential privacy composition rule to achieve tighter privacy bounds and an Uncertainty-Based Spreader Identification Method (UBSIM) to improve privacy accounting. Experiments on MNIST and Fashion-MNIST datasets demonstrate that DPGEM generates high-quality images with competitive performance while maintaining strong privacy guarantees.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 16th IEEE International Workshop on Information Forensics and Security, WIFS 2024 |
| ISBN (Electronic) | 9798350364422 |
| DOIs | |
| State | Published - 2024 |
| Event | 16th IEEE International Workshop on Information Forensics and Security, WIFS 2024 - Rome, Italy Duration: Dec 2 2024 → Dec 5 2024 |
Publication series
| Name | Proceedings - 16th IEEE International Workshop on Information Forensics and Security, WIFS 2024 |
|---|
Conference
| Conference | 16th IEEE International Workshop on Information Forensics and Security, WIFS 2024 |
|---|---|
| Country/Territory | Italy |
| City | Rome |
| Period | 12/2/24 → 12/5/24 |
Bibliographical note
Publisher Copyright:©2024 IEEE.
Funding
This work used Delta GPU at National Center for Supercomputing Applications (NCSA) through allocation CIS230383 from the Advanced Cyberinfrastructure Coordination Ecosystem: Services & Support (ACCESS) program, which is supported by National Science Foundation grants #2138259, #2138286, #2138307, #2137603, and #2138296.
| Funders | Funder number |
|---|---|
| U.S. Department of Energy Chinese Academy of Sciences Guangzhou Municipal Science and Technology Project Oak Ridge National Laboratory Extreme Science and Engineering Discovery Environment National Science Foundation National Energy Research Scientific Computing Center National Natural Science Foundation of China | 2138286, 2138296, 2137603, 2138307, 2138259 |
| U.S. Department of Energy Chinese Academy of Sciences Guangzhou Municipal Science and Technology Project Oak Ridge National Laboratory Extreme Science and Engineering Discovery Environment National Science Foundation National Energy Research Scientific Computing Center National Natural Science Foundation of China |
Keywords
- differential privacy
- exponential mechanism
- generative adversarial models
- privacy budget
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Artificial Intelligence
- Information Systems
- Signal Processing
- Software
- Information Systems and Management
- Computer Networks and Communications