Subscribe to the gold package and get unlimited access to Shamra Academy
Register a new userImproving Privacy Guarantee and Efficiency of Latent Dirichlet Allocation Model Training Under Differential Privacy
تحسين ضمان الخصوصية وكفاءة تدريب نموذج تخصيص Dirichlet الكامن تحت الخصوصية التفاضلية
619
0 0
0.0
(
0
)
Created by
Shamra Editor
Ask ChatGPT about the research
غالبا ما يتم استخدام مخصصات Dirichlet الكامنة (LDA)، وهو نموذج موضوع يستخدم على نطاق واسع كأداة أساسية لتحليل النص في التطبيقات المختلفة. ومع ذلك، فإن عملية التدريب لنموذج LDA عادة ما تتطلب بيانات كوربوس نصية ضخمة. من ناحية، قد تعرض هذه البيانات الضخمة معلومات خاصة في بيانات التدريب، وبالتالي تكبد شواغل الخصوصية الهامة. من ناحية أخرى، قد تتأثر كفاءة التدريب لنموذج LDA، لأن تدريب LDA يحتاج غالبا إلى التعامل مع بيانات كوربوس النص الضخمة. لمعالجة مشكلات الخصوصية في التدريب النموذجي LDA، جمعت بعض الأعمال الحديثة خوارزميات تدريب LDA التي تستند إلى أخذ عينات Gibbs المنهارة (CGS) مع خصوصية تفاضلية. ومع ذلك، فإن هذه الأعمال عادة ما يكون لها ميزانية خصوصية تراكمية عالية بسبب التكرارات الشاسعة في CGS. علاوة على ذلك، فإن هذه الأعمال لديها دائما كفاءة منخفضة بسبب التعامل مع بيانات Corpus النص الضخمة. لتحسين ضمان الخصوصية والكفاءة، نجمع بين طريقة فرعية مع CGS واقتراح خوارزمية تدريب LDA الجديدة مع خصوصية تفاضلية، فرعية LDA. نجد أن التعيين في CGS يحسن بشكل طبيعي الكفاءة أثناء تضخيم الخصوصية. نقترح أداة متري جديدة، وكفاءة - وظيفة الخصوصية، لتقييم تحسينات ضمان الخصوصية والكفاءة. استنادا إلى طريقة فرعية تقليدية، نقترح طريقة عمل قضائية على التكيف لتحسين فائدة النموذج التي تنتجها فرعية LDA عندما تكون النسبة الفرعية صغيرة. نحن نقدم تحليلا شاملا ل Sub-LDA، وتقييم نتائج التجربة تحسيناتها وضمان خصوصيتها.
Latent Dirichlet allocation (LDA), a widely used topic model, is often employed as a fundamental tool for text analysis in various applications. However, the training process of the LDA model typically requires massive text corpus data. On one hand, such massive data may expose private information in the training data, thereby incurring significant privacy concerns. On the other hand, the efficiency of the LDA model training may be impacted, since LDA training often needs to handle these massive text corpus data. To address the privacy issues in LDA model training, some recent works have combined LDA training algorithms that are based on collapsed Gibbs sampling (CGS) with differential privacy. Nevertheless, these works usually have a high accumulative privacy budget due to vast iterations in CGS. Moreover, these works always have low efficiency due to handling massive text corpus data. To improve the privacy guarantee and efficiency, we combine a subsampling method with CGS and propose a novel LDA training algorithm with differential privacy, SUB-LDA. We find that subsampling in CGS naturally improves efficiency while amplifying privacy. We propose a novel metric, the efficiency--privacy function, to evaluate improvements of the privacy guarantee and efficiency. Based on a conventional subsampling method, we propose an adaptive subsampling method to improve the model's utility produced by SUB-LDA when the subsampling ratio is small. We provide a comprehensive analysis of SUB-LDA, and the experiment results validate its efficiency and privacy guarantee improvements.
References used
https://aclanthology.org/
rate research
Read More
Neural language models are known to have a high capacity for memorization of training samples. This may have serious privacy im- plications when training models on user content such as email correspondence. Differential privacy (DP), a popular choice
to train models with privacy guarantees, comes with significant costs in terms of utility degradation and disparate impact on subgroups of users. In this work, we introduce two privacy-preserving regularization methods for training language models that enable joint optimization of utility and privacy through (1) the use of a discriminator and (2) the inclusion of a novel triplet-loss term. We compare our methods with DP through extensive evaluation. We show the advantages of our regularizers with favorable utility-privacy trade-off, faster training with the ability to tap into existing optimization approaches, and ensuring uniform treatment of under-represented subgroups.
The robustness and security of natural language processing (NLP) models are significantly important in real-world applications. In the context of text classification tasks, adversarial examples can be designed by substituting words with synonyms unde
r certain semantic and syntactic constraints, such that a well-trained model will give a wrong prediction. Therefore, it is crucial to develop techniques to provide a rigorous and provable robustness guarantee against such attacks. In this paper, we propose WordDP to achieve certified robustness against word substitution at- tacks in text classification via differential privacy (DP). We establish the connection between DP and adversarial robustness for the first time in the text domain and propose a conceptual exponential mechanism-based algorithm to formally achieve the robustness. We further present a practical simulated exponential mechanism that has efficient inference with certified robustness. We not only provide a rigorous analytic derivation of the certified condition but also experimentally compare the utility of WordDP with existing defense algorithms. The results show that WordDP achieves higher accuracy and more than 30X efficiency improvement over the state-of-the-art certified robustness mechanism in typical text classification tasks.
NLP models are vulnerable to data poisoning attacks. One type of attack can plant a backdoor in a model by injecting poisoned examples in training, causing the victim model to misclassify test instances which include a specific pattern. Although defe
nces exist to counter these attacks, they are specific to an attack type or pattern. In this paper, we propose a generic defence mechanism by making the training process robust to poisoning attacks through gradient shaping methods, based on differentially private training. We show that our method is highly effective in mitigating, or even eliminating, poisoning attacks on text classification, with only a small cost in predictive accuracy.
Modern deep learning models for natural language processing rely heavily on large amounts of annotated texts. However, obtaining such texts may be difficult when they contain personal or confidential information, for example, in health or legal domai
ns. In this work, we propose a method of de-identifying free-form text documents by carefully redacting sensitive data in them. We show that our method preserves data utility for text classification, sequence labeling and question answering tasks.
News recommendation techniques can help users on news platforms obtain their preferred news information. Most existing news recommendation methods rely on centrally stored user behavior data to train models and serve users. However, user data is usua
lly highly privacy-sensitive, and centrally storing them in the news platform may raise privacy concerns and risks. In this paper, we propose a unified news recommendation framework, which can utilize user data locally stored in user clients to train models and serve users in a privacy-preserving way. Following a widely used paradigm in real-world recommender systems, our framework contains a stage for candidate news generation (i.e., recall) and a stage for candidate news ranking (i.e., ranking). At the recall stage, each client locally learns multiple interest representations from clicked news to comprehensively model user interests. These representations are uploaded to the server to recall candidate news from a large news pool, which are further distributed to the user client at the ranking stage for personalized news display. In addition, we propose an interest decomposer-aggregator method with perturbation noise to better protect private user information encoded in user interest representations. Besides, we collaboratively train both recall and ranking models on the data decentralized in a large number of user clients in a privacy-preserving way. Experiments on two real-world news datasets show that our method can outperform baseline methods and effectively protect user privacy.
suggested questions
Log in to be able to interact and post comments
comments
Fetching comments
Sign in to be able to follow your search criteria
