Timezone: »

Initialization Matters: Privacy-Utility Analysis of Overparameterized Neural Networks
Jiayuan Ye · Zhenyu Zhu · Fanghui Liu · Reza Shokri · Volkan Cevher

Wed Dec 13 08:45 AM -- 10:45 AM (PST) @ Great Hall & Hall B1+B2 #1609

We analytically investigate how over-parameterization of models in randomized machine learning algorithms impacts the information leakage about their training data. Specifically, we prove a privacy bound for the KL divergence between model distributions on worst-case neighboring datasets, and explore its dependence on the initialization, width, and depth of fully connected neural networks. We find that this KL privacy bound is largely determined by the expected squared gradient norm relative to model parameters during training. Notably, for the special setting of linearized network, our analysis indicates that the squared gradient norm (and therefore the escalation of privacy loss) is tied directly to the per-layer variance of the initialization distribution. By using this analysis, we demonstrate that privacy bound improves with increasing depth under certain initializations (LeCun and Xavier), while degrades with increasing depth under other initializations (He and NTK). Our work reveals a complex interplay between privacy and depth that depends on the chosen initialization distribution. We further prove excess empirical risk bounds under a fixed KL privacy budget, and show that the interplay between privacy utility trade-off and depth is similarly affected by the initialization.

Author Information

Jiayuan Ye (National University of Singapore)
Zhenyu Zhu (EPFL)
Fanghui Liu (University of Warwick, UK)
Reza Shokri (National University of Singapore)
Volkan Cevher (EPFL)

More from the Same Authors