Abstract
Enhancing the privacy of machine learning (ML) algorithms has become crucial with the presence of different types of attacks on AI applications. Continual learning (CL) is a branch of ML with the aim of learning a set of knowledge sequentially and continuously from a data stream. On the other hand, differential privacy (DP) has been extensively used to enhance the privacy of deep learning (DL) models. However, the task of adding DP to CL would be challenging, because on one hand the DP intrinsically adds some noise that reduce the utility, on the other hand the endless learning procedure of CL is a serious obstacle, resulting in the catastrophic forgetting (CF) of previous samples of ongoing stream. To be able to add DP to CL, we have proposed a methodology by which we cannot only strike a tradeoff between privacy and utility, but also mitigate the CF. The proposed solution presents a set of key features: (1) it guarantees theoretical privacy bounds via enforcing the DP principle; (2) we further incorporate a robust procedure into the proposed DP-CL scheme to hinder the CF; and (3) most importantly, it achieves practical continuous training for a CL process without running out of the available privacy budget. Through extensive empirical evaluation on benchmark datasets and analyses, we validate the efficacy of the proposed solution.
Highlights
Deep learning (DL) models have shown significant improvement as compared to the human decision making on different tasks [1]-[5]
EVALUATION We have carried out extensive experiments on two benchmark datasets and evaluate our proposed robust differential privacy (DP)-Continual Learning (CL) process by answering the following questions: Q1: How does the added DP mechanism affect the accuracy of the A-GEM algorithm? Q2: What is the impact of using several learners on the accuracy of the DP-CL process? Q3: How can the early starting (ES) deal with the performance degradation in the training process? Q4: How the proposed robust DP-CL acts against attacks? Q5: How much data the DP-CL process will need?
Split CIFAR (SCIFAR) [35] devides of dividing the original CIFAR-100 dataset [36] into 20 disjoint subsets, each of which is generated through random sampling of 5 classes without replacement from the total number of 100 classes
Summary
Deep learning (DL) models have shown significant improvement as compared to the human decision making on different tasks [1]-[5]. A time frame of data stream may vanish soon due to storage constraints or privacy issues, which requires a dynamic training process to begin upon receiving the new data. This gap motivates the researchers to develop DL models, able to adapt frequently and resume learning over time. CDL models cannot be applied over data streams as the training data is revisited over several computations To circumvent this issue while preventing the CF, described above, Continual Learning (CL) comes into play, aimed at gradually extending attained information to be exploited for future learning
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
