Differential Privacy in Adversarial Learning with Provable Robustness
NhatHai Phan, My T. Thai, Ruoming Jin, Han Hu, Dejing Dou
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
In this paper, we aim to develop a novel mechanism to preserve differential privacy (DP) in adversarial learning for deep neural networks, with provable robustness to adversarial examples. We leverage the sequential composition theory in DP, to establish a new connection between DP preservation and provable robustness. To address the trade-off among model utility, privacy loss, and robustness, we design an original, differentially private, adversarial objective function, based on the post-processing property in DP, to tighten the sensitivity of our model. An end-to-end theoretical analysis and thorough evaluations show that our mechanism notably improves the robustness of DP deep neural networks.