Adaptive differential privacy in vertical federated learning for mobility forecasting

Abstract

Differential privacy is the de-facto technique for protecting the individuals in the training dataset and the learning models in deep learning. However, the technique presents two limitations when applied to vertical federated learning, where several organizations collaborate to train a common global model. First, it treats all the training dataset features similarly regardless of the organizations’ heterogeneous privacy requirements. Second, most existing works distribute the privacy budget uniformly across training steps, disregarding the impact of the dynamic changes of local gradients on the model’s privacy and utility balance. This paper proposes the Adaptive differential privacy for Vertical Federated Learning (AdaVFL) protocol that tackles these limitations. We estimate the organization’s feature impact on the global model and design two weighting strategies that adaptively assign privacy budgets to each organization for heterogeneously protecting its features. Moreover, we carefully adjust the privacy budget to the model’s convergence at each training iteration using a closed feedback loop to improve the learning model’s utility. We experimentally evaluate AdaVFL on two public datasets (Bike New York and Yelp reviews) with a vertical federated learning framework for mobility forecasting in Pytorch. We show that the feature-level budget initialization improves the resiliency to a state-of-the-art feature privacy attack by up to 25%. Furthermore, the experimental evaluation demonstrates that the adaptive privacy budget increases the accuracy by up to 15% on average compared to the state-of-the-art budget allocation strategies.