di ff erentially private empirical risk minimization with
play

Di ff erentially Private Empirical Risk Minimization with Non-convex - PowerPoint PPT Presentation

Feb 20, 2023 •264 likes •544 views

Di ff erentially Private Empirical Risk Minimization with Non-convex Loss Functions Di Wang , Changyou Chen and Jinhui Xu State University of New York at Bu ff alo International Conference on Machine Learning 2019 Di Wang Non-convex DP-ERM ICML

  1. Di ff erentially Private Empirical Risk Minimization with Non-convex Loss Functions Di Wang , Changyou Chen and Jinhui Xu State University of New York at Bu ff alo International Conference on Machine Learning 2019 Di Wang Non-convex DP-ERM ICML 2019 1 / 15

  2. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 2 / 15

  3. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 3 / 15

  4. Empirical Risk Minimization (ERM) Given: A dataset D = { ( x 1 , y 1 ) , ( x 2 , y 2 ) , · · · , ( x n , y n ) } , where each ( x i , y i ) ∈ R d × R ∼ P . Regularization r ( · ) : R d 󰀂→ R , we use ℓ 2 regularization with r ( w ) = λ 2 󰀃 w 󰀃 2 2 . For a loss function ℓ , the (regularized) Empirical Risk: n 󰁜 L r ( w ; D ) = 1 ˆ ℓ ( w ; x i , y i ) + r ( w ) . n i =1 the (regularized) Population Risk: L r P ( w ) = E ( x , y ) ∼ P [ ℓ ( w ; x , y )] + r ( w ) . Goal: Find w so as to minimize the empirical or population risk. Di Wang Non-convex DP-ERM ICML 2019 4 / 15

  5. ( 󰂄 , δ )- Di ff erential Privacy (DP) Di ff erential Privacy (DP) [Dwork et al,. 2006] We say that two datasets, D and D ′ , are neighbors if they di ff er by only one entry, denoted as D ∼ D ′ . A randomized algorithm A is ( 󰂄 , δ )-di ff erentially private if for all neighboring datasets D , D ′ , and for all events S in the output space of A , we have Pr( A ( D ) ∈ S ) ≤ e 󰂄 Pr A ( D ′ ) ∈ S ) + δ . Di Wang Non-convex DP-ERM ICML 2019 5 / 15

  6. DP-ERM DP-ERM Determine a sample complexity n = n (1 / 󰂄 , 1 / δ , p , 1 / α ) such that there is an ( 󰂄 , δ )-DP algorithm whose output w priv achieves an α -error in the expected excess empirical risk : Err r D ( w priv ) = E ˆ L ( w LDP ; D ) − min w ∈ R d ˆ L ( w ; D ) ≤ α . or in the expected excess empirical risk : Err r P ( w priv ) = E [ L r P ( w priv )] − min w ∈ R d L r P ( w ) ≤ α . Di Wang Non-convex DP-ERM ICML 2019 6 / 15

  7. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  8. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. For non-convex loss functions, [Zhang et al, 2017] and [Wang and Xu 2019] studied the problem and used, as error measurement, the ℓ 2 gradient norm of a private estimator, i.e., 󰀃∇ ˆ L r D ( w priv ) 󰀃 2 and E P 󰀃∇ ℓ ( w priv ; x , y ) 󰀃 2 Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  9. Motivation Previous work on DP-ERM mainly focuses on convex loss functions. For non-convex loss functions, [Zhang et al, 2017] and [Wang and Xu 2019] studied the problem and used, as error measurement, the ℓ 2 gradient norm of a private estimator, i.e., 󰀃∇ ˆ L r D ( w priv ) 󰀃 2 and E P 󰀃∇ ℓ ( w priv ; x , y ) 󰀃 2 Main Question: Can the excess empirical (population) risk be used to measure the error of non-convex loss functions in the di ff erential privacy model? Di Wang Non-convex DP-ERM ICML 2019 7 / 15

  10. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 8 / 15

  11. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  12. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). The proof is based on some recent developments in Bayesian learning and analysis of GLD. By using a finer analysis of the time-average error of some SDE, we show the following Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  13. Result 1 Theorem 1 If the loss function is L -Lipschitz, twice di ff erentiable and M -smooth, by using the private version of Gradient Langevin Dynamics (DP-GLD) we show that the excess empirical (or population) risk is upper bounded by O ( d log(1 / δ ) ˜ log n 󰂄 2 ). The proof is based on some recent developments in Bayesian learning and analysis of GLD. By using a finer analysis of the time-average error of some SDE, we show the following Theorem 2 For the excessed empirical risk, there is an ( 󰂄 , δ )-DP algorithm which satisfies 󰀄 C 0 ( d ) log(1 / δ ) 󰀅 T →∞ Err r D ( w T ) ≤ ˜ lim O , n τ 󰂄 τ where C 0 ( d ) is a function of d and 0 < τ < 1 is some cosntant. Di Wang Non-convex DP-ERM ICML 2019 9 / 15

  14. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 10 / 15

  15. Result 2 Are these bounds tight? Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  16. Result 2 Are these bounds tight? Based on the exponential mechanism, we have Empirical Risk For any β < 1, there is an 󰂄 -di ff erentially private algorithm whose output w priv induces an excess empirical risk Err r D ( w priv ) ≤ ˜ O ( d n 󰂄 ) with probability at least 1 − β . Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  17. Result 2 Are these bounds tight? Based on the exponential mechanism, we have Empirical Risk For any β < 1, there is an 󰂄 -di ff erentially private algorithm whose output w priv induces an excess empirical risk Err r D ( w priv ) ≤ ˜ O ( d n 󰂄 ) with probability at least 1 − β . Population Risk For Generalized Linear model and Robust Regressions (whose loss function is ℓ ( w ; x , y ) = ( σ ( 〈 w , x 〉 ) − y ) 2 and ℓ ( w ; x , y ) = Φ ( 〈 w , x 〉 − y ), respectively), under some reasonable assumptions, there is an ( 󰂄 , δ )-DP algorithm whose excess population risk is upper bounded by 󰁵 d ln 1 4 󰀄 󰀅 δ Err P ( w priv ) ≤ O √ n 󰂄 . Di Wang Non-convex DP-ERM ICML 2019 11 / 15

  18. Outline Introduction 1 Problem Description Result 1 Result 2 Result 3 Di Wang Non-convex DP-ERM ICML 2019 12 / 15

  19. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  20. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  21. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  22. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Fortunately, many non-convex functions are strict saddle. Thus, it is su ffi cient to find the second order stationary point (or approximate local minimum). Definition w is an α -second-order stationary point ( α -SOSP), if 󰀃∇ F ( w ) 󰀃 2 ≤ α and λ min ( ∇ 2 F ( w )) ≥ −√ ρα . (1) Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  23. Finding Approximate Local Minimum Privately Finding global minimum of non-convex function is challenging! Recent research on Deep Learning and other non-convex problems show that local minima , but not critical points, are su ffi cient. But , finding local minima is still NP-hard. Fortunately, many non-convex functions are strict saddle. Thus, it is su ffi cient to find the second order stationary point (or approximate local minimum). Definition w is an α -second-order stationary point ( α -SOSP), if 󰀃∇ F ( w ) 󰀃 2 ≤ α and λ min ( ∇ 2 F ( w )) ≥ −√ ρα . (1) Can we find some approximate local minimum which escapes saddle points and still keeps the algorithm ( 󰂄 , δ ) -di ff erentially private? Di Wang Non-convex DP-ERM ICML 2019 13 / 15

  24. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  25. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. On the other hand, in DP community, one popular method for ERM is called DP-SGD , which adds some Gaussian noise in each iteration. Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  26. Result 3 On one hand, (Ge et al. 2015) proposed an algorithm, noisy Stochastic Gradient Descent , to find approximate local minima. On the other hand, in DP community, one popular method for ERM is called DP-SGD , which adds some Gaussian noise in each iteration. Using DP-GD, we can show Theorem 4 If the data size n is large enough such that 󰁵 log 1 δ d log 1 ξ n ≥ ˜ Ω ( ) , (2) 󰂄α 2 then with probability 1 − ζ , one of the outputs is an α -SOSP of the empirical risk ˆ L ( · , D ). Di Wang Non-convex DP-ERM ICML 2019 14 / 15

  27. Thank you! Di Wang Non-convex DP-ERM ICML 2019 15 / 15

Recommend

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical

CSC2412: Private Gradient Descent &amp; Empirical Risk Minimization Sasho Nikolov 1 Empirical Risk Minimization Learning: Reminder Known data universe X and an unknown probability distribution D on X Known concept class C and an unknown

341 views • 17 slides
Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view

Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view

Empirical Risk Minimization October 29, 2015 Outline Empirical risk minimization view Perceptron CRF Notation for Linear Models Training data: {(x 1 , y 1 ), (x 2 , y 2 ), , (x N , y N )} Testing data: {(x N+1 , y N+1 ),

418 views • 21 slides
Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e

Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e

Suboptimality of Penalized Empirical Risk Minimization in Classification. Guillaume Lecu e Universit e Paris 6 COLT 2007, June 13 General Framework. Aggregations Procedures. Optimality in classification. Motivation. M prior estimators

708 views • 54 slides
High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and

High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and

High Order Methods for Empirical Risk Minimization Alejandro Ribeiro Department of Electrical and Systems Engineering University of Pennsylvania aribeiro@seas.upenn.edu Thanks to: Aryan Mokhtari, Mark Eisen, ONR, NSF DIMACS Workshop on

775 views • 40 slides
Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data

Di ff erentially-Private Batch Query Answering Exploiting the Workload vs. Exploiting the Data Gerome Miklau University of Massachusetts, Amherst DIMACS Workshop on Recent Work on Di ff erential Privacy across Computer Science October 2012

1.39k views • 136 slides
Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lcuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu Machine Learning (ML) introduces a dangerous double standard for data

603 views • 45 slides
WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning

WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning

WEIGHTED SUMS OF RANDOM KITCHEN SINKS Replacing minimization with randomization in learning The model Given a set of training data in a domain Fit a function to minimize risk Empirical Risk Risk Loss Function Hinge loss

621 views • 13 slides
Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik

Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik

Nonconvex Variance Reduced Optimization with Arbitrary Sampling Samuel Horvth Peter Richtrik Empirical Risk Minimization n x R d f ( x ) := 1 X min f i ( x ) n i =1 Empirical Risk Minimization n x R d f ( x ) := 1 X min f i (

1.07k views • 28 slides
Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk

Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk

Introduction to Machine Learning CMU-10701 10. Risk Minimization Barnabs Pczos 10. Risk Minimization 2 What have we seen so far? Several algorithms that seem to work fine on training datasets: Linear regression Nave Bayes

1.13k views • 51 slides
Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk

Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk

Introduction to Machine Learning Vapnik Chervonenkis Theory Barnabs Pczos Empirical Risk and True Risk 2 Empirical Risk Shorthand: True risk of f (deterministic) : Bayes risk : Let us use the empirical counter part: Empirical risk: 3

1.46k views • 69 slides
Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic

Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic

Empirical Loss Minimization Traffic sign - STOP Sample i.i.d. points Stochastic Gradient Descent Lon Bottou, Frank E Curtis, Jorge Nocedal Optimization methods for large-scale machine learning SVRG:

738 views • 39 slides
Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know

Introduction to Machine Learning ML-Basics: Losses &amp; Risk Minimization Learning goals Know the concept of loss Understand the relationship between loss and risk Understand the relationship between risk minimization and finding the best

644 views • 10 slides
On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I.

On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I.

On the Local Minima of the Empirical Risk Chi Jin * 1 , Lydia T. Liu* 1 , Rong Ge 2 , Michael I. Jordan 1 1EECS, University of California, Berkeley. 2Duke University. 1 / 6 Chi Jin On the Local Minima of the Empirical Risk Overview Nonconvex

425 views • 14 slides
Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far?

Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far?

Introduction to Machine Learning Risk Minimization Barnabs Pczos What have we seen so far? Several classification &amp; regression algorithms seem to work fine on training datasets: Linear regression Gaussian Processes Nave

801 views • 53 slides
Demand for hospital care and private health insurance in a mixed public-private system: empirical

Demand for hospital care and private health insurance in a mixed public-private system: empirical

Demand for hospital care and private health insurance in a mixed public-private system: empirical evidence using a simultaneous equation modeling approach. Terence Cheng 1 Farshid Vahid 2 IRDES, 25 June 2010 The 2010 IRDES WORKSHOP on Applied

511 views • 34 slides
Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water

Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water

Risk to public health associated with private water supplies Dr Emmanuel Okpo Private Water Supply Workshop October 2013 Outline Water quality standards/drivers Contaminants (pathogens, chemicals) Population at Risk Health Risk

432 views • 28 slides
Characterizing Private Clouds: A Large-Scale Empirical Analysis of Enterprise Clusters Ignacio

Characterizing Private Clouds: A Large-Scale Empirical Analysis of Enterprise Clusters Ignacio

Characterizing Private Clouds: A Large-Scale Empirical Analysis of Enterprise Clusters Ignacio Cano, Srinivas Aiyar, Arvind Krishnamurthy University of Washington Nutanix Inc. ACM Symposium on Cloud Computing October 2016 1 Private

646 views • 43 slides
Minimization Using Descent Information we will consider the minimization of unconstrained

Minimization Using Descent Information we will consider the minimization of unconstrained

Minimization Using Descent Information we will consider the minimization of unconstrained functions of several variables where we now assume we have some derivative information such as the gradient vector or the Hessian matrix. Recall

131 views • 11 slides
An Empirical Decomposition of Risk and Liquidity in Nominal and Inf lation- Indexed

An Empirical Decomposition of Risk and Liquidity in Nominal and Inf lation- Indexed

An Empirical Decomposition of Risk and Liquidity in Nominal and Inf lation- Indexed Government Bonds Carolin Pflueger, Harvard Business School Luis Viceira, Harvard Business School November 8, 2011 Bond Risk Unlike single stocks,

949 views • 47 slides
DETERMINANTS OF PROFITABILITY OF PRIVATE COMMERCIAL BANKS IN BANGLADESH: AN EMPIRICAL STUDY

DETERMINANTS OF PROFITABILITY OF PRIVATE COMMERCIAL BANKS IN BANGLADESH: AN EMPIRICAL STUDY

DETERMINANTS OF PROFITABILITY OF PRIVATE COMMERCIAL BANKS IN BANGLADESH: AN EMPIRICAL STUDY Presented by Bhaskar Podder ST 112289 Examination Committee Dr. Sundar Venkatesh (Chairperson ) Dr. Winai Wongsurawat (Co-chair) Dr. Yousre Badir

867 views • 31 slides
Manifold Identification for Ultimately Communication-Efficient Distributed Optimization Yu-Sheng

Manifold Identification for Ultimately Communication-Efficient Distributed Optimization Yu-Sheng

Manifold Identification for Ultimately Communication-Efficient Distributed Optimization Yu-Sheng Li Joint work with Wei-Lin Chiang (NTU) and Ching-pei Lee (NUS) Outline Overview Empirical Risk Minimization The Proposed Algorithm Experiments

858 views • 49 slides
ON THE OPTIMIZATION LANDSCAPE OF NEURAL NETWORKS JOAN BRUNA , CIMS + CDS, NYU in collaboration

ON THE OPTIMIZATION LANDSCAPE OF NEURAL NETWORKS JOAN BRUNA , CIMS + CDS, NYU in collaboration

ON THE OPTIMIZATION LANDSCAPE OF NEURAL NETWORKS JOAN BRUNA , CIMS + CDS, NYU in collaboration with D.Freeman (UC Berkeley), Luca Venturi &amp; Afonso Bandeira (NYU) MOTIVATION We consider the standard Empirical Risk Minimization setup: `

683 views • 46 slides
The landscape of empirical risk for non-convex losses Song Mei ICME, Stanford December 3, 2016

The landscape of empirical risk for non-convex losses Song Mei ICME, Stanford December 3, 2016

The landscape of empirical risk for non-convex losses Song Mei ICME, Stanford December 3, 2016 Joint work with Yu Bai and Andrea Montanari Song Mei (ICME, Stanford) The landscape of empirical risk December 3, 2016 1 / 17 Binary linear

341 views • 33 slides
Risk Management in Public Private Partnerships Presentation: Public Sector Risk Management Forum

Risk Management in Public Private Partnerships Presentation: Public Sector Risk Management Forum

Risk Management in Public Private Partnerships Presentation: Public Sector Risk Management Forum Date: 06 March 2014 Public Private Partnerships Developing a Risk Matrix for PPPs Contents 1. Background on South African PPPs 2. Typical PPP

520 views • 32 slides

More recommend