大型变压器模型联合学习中的精度感知差分隐私

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-02-06 DOI:10.1016/j.jisa.2025.103986

Junyan Ouyang, Rui Han, Xiaojiang Zuo, Yunlai Cheng, Chi Harold Liu

{"title":"大型变压器模型联合学习中的精度感知差分隐私","authors":"Junyan Ouyang, Rui Han, Xiaojiang Zuo, Yunlai Cheng, Chi Harold Liu","doi":"10.1016/j.jisa.2025.103986","DOIUrl":null,"url":null,"abstract":"<div><div>Federated learning with Differential privacy (DP-FL) allows distributed clients to collaboratively train a model by exchanging their model parameters with injected noises. Despite the great benefits in privacy protection, DP-FL still suffers from large noise that increases linearly with model size. Hence when applying large transformers in modern AI systems, DP-FL may cause severe accuracy degradation. The prior art either injects isotropic noises to all model parameters, or relies on empirical settings to vary noises injected in different model parts. In this paper, we propose AccurateDP to systematically leverage the distinct effects of noises on every unit of model accuracy to improve DP-FL performance. The key of AccurateDP is to support noise injection at multiple granularities to minimize accuracy variations in DP. Given a granularity and a privacy budget, AccurateDP further provides an automatic means to find the optimal noise injection setting and provides theoretical proofs for our approach. We implemented AccurateDP to support prevalent transformer models. Extensive evaluation against latest techniques shows AccurateDP increases accuracy by an average of 7.69% under the same privacy budget and gains more accuracy improvement (9.23%) when applied to large models.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103986"},"PeriodicalIF":3.8000,"publicationDate":"2025-02-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Accuracy-aware differential privacy in federated learning of large transformer models\",\"authors\":\"Junyan Ouyang, Rui Han, Xiaojiang Zuo, Yunlai Cheng, Chi Harold Liu\",\"doi\":\"10.1016/j.jisa.2025.103986\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Federated learning with Differential privacy (DP-FL) allows distributed clients to collaboratively train a model by exchanging their model parameters with injected noises. Despite the great benefits in privacy protection, DP-FL still suffers from large noise that increases linearly with model size. Hence when applying large transformers in modern AI systems, DP-FL may cause severe accuracy degradation. The prior art either injects isotropic noises to all model parameters, or relies on empirical settings to vary noises injected in different model parts. In this paper, we propose AccurateDP to systematically leverage the distinct effects of noises on every unit of model accuracy to improve DP-FL performance. The key of AccurateDP is to support noise injection at multiple granularities to minimize accuracy variations in DP. Given a granularity and a privacy budget, AccurateDP further provides an automatic means to find the optimal noise injection setting and provides theoretical proofs for our approach. We implemented AccurateDP to support prevalent transformer models. Extensive evaluation against latest techniques shows AccurateDP increases accuracy by an average of 7.69% under the same privacy budget and gains more accuracy improvement (9.23%) when applied to large models.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"89 \",\"pages\":\"Article 103986\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-02-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625000249\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000249","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

使用差分隐私的联邦学习（DP-FL）允许分布式客户端通过与注入的噪声交换模型参数来协作训练模型。尽管在隐私保护方面有很大的好处，DP-FL仍然受到随着模型尺寸线性增加的大噪声的困扰。因此，在现代人工智能系统中应用大型变压器时，DP-FL可能会导致严重的精度下降。现有技术要么向所有模型参数注入各向同性噪声，要么依靠经验设置来改变注入不同模型部分的噪声。在本文中，我们提出AccurateDP系统地利用噪声对模型精度每个单元的不同影响来提高DP-FL性能。AccurateDP的关键是支持多粒度的噪声注入，以最小化DP的精度变化。在给定粒度和隐私预算的情况下，AccurateDP进一步提供了一种自动找到最佳噪声注入设置的方法，并为我们的方法提供了理论证明。我们实现了AccurateDP来支持流行的变压器模型。对最新技术的广泛评估表明，在相同的隐私预算下，AccurateDP的准确率平均提高了7.69%，当应用于大型模型时，准确率提高了9.23%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Accuracy-aware differential privacy in federated learning of large transformer models

Federated learning with Differential privacy (DP-FL) allows distributed clients to collaboratively train a model by exchanging their model parameters with injected noises. Despite the great benefits in privacy protection, DP-FL still suffers from large noise that increases linearly with model size. Hence when applying large transformers in modern AI systems, DP-FL may cause severe accuracy degradation. The prior art either injects isotropic noises to all model parameters, or relies on empirical settings to vary noises injected in different model parts. In this paper, we propose AccurateDP to systematically leverage the distinct effects of noises on every unit of model accuracy to improve DP-FL performance. The key of AccurateDP is to support noise injection at multiple granularities to minimize accuracy variations in DP. Given a granularity and a privacy budget, AccurateDP further provides an automatic means to find the optimal noise injection setting and provides theoretical proofs for our approach. We implemented AccurateDP to support prevalent transformer models. Extensive evaluation against latest techniques shows AccurateDP increases accuracy by an average of 7.69% under the same privacy budget and gains more accuracy improvement (9.23%) when applied to large models.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.