Deep Domain Adaptation With Differential Privacy

Nowadays, it usually requires a massive amount of labeled data to train a deep neural network. When no labeled data is available in some application scenarios, domain adaption can be employed to transfer a learner from one or more source domains with labeled data to a target domain with unlabeled da...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on information forensics and security 2020, Vol.15, p.3093-3106
Main Authors: Wang, Qian, Li, Zixi, Zou, Qin, Zhao, Lingchen, Wang, Song
Format: Article
Language:English
Subjects:
Adaptation
Adaptation models
Artificial neural networks
convolutional neural network
Data models
deep learning
Differential privacy
Domain adaptation
Domains
Feature maps
Machine learning
Neural networks
Privacy
privacy preservation
Training
Training data
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Nowadays, it usually requires a massive amount of labeled data to train a deep neural network. When no labeled data is available in some application scenarios, domain adaption can be employed to transfer a learner from one or more source domains with labeled data to a target domain with unlabeled data. However, due to the exposure of the trained model to the target domain, the user privacy may potentially be compromised. Nevertheless, the private information may be encoded into the representations in different stages of the deep neural networks, i.e., hierarchical convolutional feature maps, which poses a great challenge for a full-fledged privacy protection. In this paper, we propose a novel differentially private domain adaptation framework called DPDA to achieve domain adaptation with privacy assurance. Specifically, we perform domain adaptation in an adversarial-learning manner and embed the differentially private design into specific layers and learning processes. Although applying differential privacy techniques directly will undermine the performance of deep neural networks, DPDA can increase the classification accuracy for the unlabeled target data compared to the prior arts. We conduct extensive experiments on standard benchmark datasets, and the results show that our proposed DPDA can indeed achieve high accuracy in many domain adaptation tasks with only a modest privacy loss.
ISSN:1556-6013
1556-6021
DOI:10.1109/TIFS.2020.2983254