差分隐私对模型准确性影响不一

May, 2019

Differential Privacy Has Disparate Impact on Model Accuracy

Eugene Bagdasaryan, Vitaly Shmatikov

TL;DR本文研究的DP-SGD算法在训练神经网络时，由于梯度裁剪和噪声加法等机制对复杂和少数类样本的影响更大，造成训练模型的准确率不公平，使DP-SGD算法不适用于存在不平衡类别数据的训练任务。

Abstract

differential privacy (DP) is a popular mechanism for training machine learning models with bounded leakage about the presence of specific points in the training data. The cost of →