权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

AF: Small: Collaborative Research: Rigorous Approaches for Scalable Privacy-preserving Deep Learning

AF：小型：协作研究：可扩展的隐私保护深度学习的严格方法

基本信息

批准号：
1908281
负责人：
Raef Bassily
金额：
$ 20.87万
依托单位：
Ohio State University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2019
资助国家：
美国
起止时间：
2019-10-01 至 2023-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1908281&HistoricalAwards=false
关键词：
AF Small Collaborative Research Rigorous

项目摘要

One of the most salient features of this time is the dissemination of massive amounts of personal and sensitive data. Despite their enormous societal benefits, the powerful tools of modern machine learning, especially deep learning, can pose real threats to personal privacy. For example, over the last few years, it has become evident that deep neural networks have a remarkable power in learning even the finest details from large complex data sets. With such powerful tools, the need for robust and rigorous guarantees for privacy protection has become more crucial. The last decade has witnessed the rise of a sound mathematical theory, known as differential privacy, that enables designing data-analysis algorithms with rigorous privacy guarantees for their input data sets. Despite the noticeable success of this theory, existing tools from differential privacy are severely limited in offering acceptable utility guarantees when dealing with complex models like those arising in deep learning. This project will address those limitations by offering new principled approaches for designing differentially-private deep-learning algorithms that can scale to industrial workloads. The project will also involve collaboration with industry, which will facilitate the evaluation of the developed algorithms on real-world datasets and the development of open-source software tools. The products of this project have the potential to transform the way massive sets of sensitive data are used in modern machine-learning systems, which will impact the way these systems are designed and implemented in practice. The activities of this project will also aim at promoting diversity in computing by recruiting women and members of underrepresented groups.The investigators will develop a rigorous, multi-faceted design paradigm for scalable, practical, differentially private algorithms for modern machine learning. This paradigm is based on two general strategies: (i) exploiting realistic and useful properties of the data and the machine-learning models to circumvent existing limitations in the literature on differential privacy, and (ii) leveraging a limited amount of public data (that has no privacy constraints) to boost the utility of the algorithms. Based on these strategies, the project will pursue following directions: (1) developing a new, generic framework for utilizing public data in privacy-preserving machine learning, (2) designing improved iterative training algorithms that can bypass the standard use of the so-called "composition theorem" of differential privacy, and (3) designing new differentially private stochastic-gradient methods tuned specifically to non-convex and over-parameterized machine-learning problems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这一时期最显著的特征之一是大量个人和敏感数据的传播。尽管它们具有巨大的社会效益，但现代机器学习的强大工具，特别是深度学习，可能对个人隐私构成真实的威胁。例如，在过去的几年里，很明显，深度神经网络在从大型复杂数据集中学习最细微的细节方面具有非凡的能力。有了这些强大的工具，对隐私保护的强大而严格的保证变得更加重要。在过去的十年里，一种被称为差分隐私的可靠数学理论兴起，该理论使设计数据分析算法能够为其输入数据集提供严格的隐私保证。尽管这一理论取得了显著的成功，但现有的差分隐私工具在处理深度学习等复杂模型时，在提供可接受的效用保证方面受到严重限制。该项目将通过提供新的原则性方法来解决这些限制，以设计可扩展到工业工作负载的差异化私有深度学习算法。该项目还将涉及与工业界的合作，这将有助于对已开发的关于真实世界数据集的算法进行评价，并有助于开发开放源码软件工具。该项目的产品有可能改变大量敏感数据在现代机器学习系统中的使用方式，这将影响这些系统在实践中的设计和实现方式。该项目的活动还旨在通过招募女性和代表性不足的群体成员来促进计算的多样性。研究人员将为现代机器学习开发一个严格的、多方面的设计范式，用于可扩展的、实用的、差异化的私有算法。这种范式基于两种一般策略：（i）利用数据和机器学习模型的现实和有用属性来规避现有文献中关于差异隐私的限制，以及（ii）利用有限数量的公共数据（没有隐私约束）来提高算法的实用性。根据这些战略，该项目将朝着以下方向努力：（1）开发一种新的通用框架，用于在隐私保护机器学习中利用公共数据，（2）设计改进的迭代训练算法，可以绕过差分隐私的所谓“合成定理”的标准使用，和（3）设计新的差分私有随机梯度方法，专门针对非凸和过参数化机器-该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。