Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise
Deep Neural Networks, despite their success in diverse domains, are provably sensitive to small perturbations which cause the models to return erroneous predictions to minor transformations. Recently, it was proposed that this effect can be addressed in the text domain by optimizing for the worst ca...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
LibraryPress@UF
2021-04-01
|
| Series: | Proceedings of the International Florida Artificial Intelligence Research Society Conference |
| Online Access: | https://journals.flvc.org/FLAIRS/article/view/128463 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849762067918094336 |
|---|---|
| author | Nan Xu Oluwaseyi Feyisetan Abhinav Aggarwal Zekun Xu Nathanael Teissier |
| author_facet | Nan Xu Oluwaseyi Feyisetan Abhinav Aggarwal Zekun Xu Nathanael Teissier |
| author_sort | Nan Xu |
| collection | DOAJ |
| description | Deep Neural Networks, despite their success in diverse domains, are provably sensitive to small perturbations which cause the models to return erroneous predictions to minor transformations. Recently, it was proposed that this effect can be addressed in the text domain by optimizing for the worst case loss function over all possible word substitutions within the training examples. However, this approach is prone to weighing semantically unlikely word replacements higher, resulting in accuracy loss. In this paper, we study robustness to adversarial perturbations by using differentially private randomized substitutions while training the model. This approach has two immediate advantages: (1) by ensuring that the word replacement likelihood is weighted by its proximity to the original word in a metric space, we circumvent optimizing for worst case guarantees thereby achieve performance gains; and (2) the calibrated randomness results in training a privacy preserving model, while also guaranteeing robustness against adversarial attacks on the model outputs. Our approach uses a novel density-based differentially private mechanism based on truncated Gumbel noise. This ensures training on substitutions of words in dense and sparse regions of a metric space while maintaining semantic similarity for model robustness. Our experiments on two datasets suggest an improvement of up to 10% on the accuracy metrics. |
| format | Article |
| id | doaj-art-e1b5cf9819ff450d87d4812938c4bbb0 |
| institution | DOAJ |
| issn | 2334-0754 2334-0762 |
| language | English |
| publishDate | 2021-04-01 |
| publisher | LibraryPress@UF |
| record_format | Article |
| series | Proceedings of the International Florida Artificial Intelligence Research Society Conference |
| spelling | doaj-art-e1b5cf9819ff450d87d4812938c4bbb02025-08-20T03:05:50ZengLibraryPress@UFProceedings of the International Florida Artificial Intelligence Research Society Conference2334-07542334-07622021-04-013410.32473/flairs.v34i1.12846362857Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel NoiseNan Xu0Oluwaseyi Feyisetan1Abhinav Aggarwal2Zekun Xu3Nathanael Teissier4AmazonAmazonAmazonAmazonAmazonDeep Neural Networks, despite their success in diverse domains, are provably sensitive to small perturbations which cause the models to return erroneous predictions to minor transformations. Recently, it was proposed that this effect can be addressed in the text domain by optimizing for the worst case loss function over all possible word substitutions within the training examples. However, this approach is prone to weighing semantically unlikely word replacements higher, resulting in accuracy loss. In this paper, we study robustness to adversarial perturbations by using differentially private randomized substitutions while training the model. This approach has two immediate advantages: (1) by ensuring that the word replacement likelihood is weighted by its proximity to the original word in a metric space, we circumvent optimizing for worst case guarantees thereby achieve performance gains; and (2) the calibrated randomness results in training a privacy preserving model, while also guaranteeing robustness against adversarial attacks on the model outputs. Our approach uses a novel density-based differentially private mechanism based on truncated Gumbel noise. This ensures training on substitutions of words in dense and sparse regions of a metric space while maintaining semantic similarity for model robustness. Our experiments on two datasets suggest an improvement of up to 10% on the accuracy metrics.https://journals.flvc.org/FLAIRS/article/view/128463 |
| spellingShingle | Nan Xu Oluwaseyi Feyisetan Abhinav Aggarwal Zekun Xu Nathanael Teissier Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise Proceedings of the International Florida Artificial Intelligence Research Society Conference |
| title | Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise |
| title_full | Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise |
| title_fullStr | Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise |
| title_full_unstemmed | Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise |
| title_short | Density-Aware Differentially Private Textual Perturbations Using Truncated Gumbel Noise |
| title_sort | density aware differentially private textual perturbations using truncated gumbel noise |
| url | https://journals.flvc.org/FLAIRS/article/view/128463 |
| work_keys_str_mv | AT nanxu densityawaredifferentiallyprivatetextualperturbationsusingtruncatedgumbelnoise AT oluwaseyifeyisetan densityawaredifferentiallyprivatetextualperturbationsusingtruncatedgumbelnoise AT abhinavaggarwal densityawaredifferentiallyprivatetextualperturbationsusingtruncatedgumbelnoise AT zekunxu densityawaredifferentiallyprivatetextualperturbationsusingtruncatedgumbelnoise AT nathanaelteissier densityawaredifferentiallyprivatetextualperturbationsusingtruncatedgumbelnoise |