Please note: The PhD seminar will take place in DC 2310 and online.
Dihong Jiang, PhD candidate
David R. Cheriton School of Computer Science
Supervisors: Professors Yaoliang Yu, Sun Sun
Privacy concerns grow with the success of modern deep learning models, especially when the training set contains sensitive data. Differentially private generative model (DPGM) can serve as a solution to circumvent such concerns by generating data that are distributionally similar to the original data yet with differential privacy (DP) guarantees. While GAN has attracted major attention, existing DPGMs based on flow generative models are limited and only developed on low-dimensional tabular datasets. The capability of exact density estimation makes the flow model exceptional when density estimation is of interest.
In this work, we will first show that it is challenging (or even infeasible) to train a DP-flow via DP-SGD, i.e. the workhorse algorithm for private deep learning, on high-dimensional image sets with acceptable utility, and then we give an effective solution by reducing the generation from the pixel space to a lower dimensional latent space. We show the effectiveness and scalability of the proposed method via extensive experiments, where the proposed method achieves a significantly better privacy-utility trade-off compared to existing alternatives. Notably, our method is the first DPGM to scale to high-resolution image sets (up to 256 × 256).
To attend this PhD seminar in person, please go to DC 2310. You can also attend online using Zoom at https://uwaterloo.zoom.us/j/8203808299.
200 University Avenue West
Waterloo, ON N2L 3G1
Canada
