TY - GEN
T1 - Differentially Private Generative Adversarial Networks with Model Inversion
AU - Chen, Dongjie
AU - Cheung, Sen Ching Samson
AU - Chuah, Chen Nee
AU - Ozonoff, Sally
N1 - Funding Information:
VI. ACKNOWLEDGEMENTS Research reported in this publication was supported by the National Institutes of Health, United States of America under award number R01MH121344-01 and the Child Family Endowed Professorship.
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - To protect sensitive data in training a Generative Adversarial Network (GAN), the standard approach is to use differentially private (DP) stochastic gradient descent method in which controlled noise is added to the gradients. The quality of the output synthetic samples can be adversely affected and the training of the network may not even converge in the presence of these noises. We propose Differentially Private Model Inversion (DPMI) method where the private data is first mapped to the latent space via a public generator, followed by a lower-dimensional DP-GAN with better convergent properties. Experimental results on standard datasets CIFAR10 and SVHN as well as on a facial landmark dataset for Autism screening show that our approach outperforms the standard DP-GAN method based on Inception Score, Frechet Inception Distance, and classification accuracy under the same privacy guarantee.
AB - To protect sensitive data in training a Generative Adversarial Network (GAN), the standard approach is to use differentially private (DP) stochastic gradient descent method in which controlled noise is added to the gradients. The quality of the output synthetic samples can be adversely affected and the training of the network may not even converge in the presence of these noises. We propose Differentially Private Model Inversion (DPMI) method where the private data is first mapped to the latent space via a public generator, followed by a lower-dimensional DP-GAN with better convergent properties. Experimental results on standard datasets CIFAR10 and SVHN as well as on a facial landmark dataset for Autism screening show that our approach outperforms the standard DP-GAN method based on Inception Score, Frechet Inception Distance, and classification accuracy under the same privacy guarantee.
KW - differential privacy
KW - Generative adversarial networks
KW - model inversion
UR - http://www.scopus.com/inward/record.url?scp=85124132323&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85124132323&partnerID=8YFLogxK
U2 - 10.1109/WIFS53200.2021.9648378
DO - 10.1109/WIFS53200.2021.9648378
M3 - Conference contribution
AN - SCOPUS:85124132323
T3 - 2021 IEEE International Workshop on Information Forensics and Security, WIFS 2021
BT - 2021 IEEE International Workshop on Information Forensics and Security, WIFS 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE International Workshop on Information Forensics and Security, WIFS 2021
Y2 - 7 December 2021 through 10 December 2021
ER -