no code implementations • 2 Apr 2024 • Matthew Jagielski, Om Thakkar, Lun Wang
Our method fine-tunes the encoder to produce an ASR model, and then performs noise masking on this model, which we find recovers private information from the pretraining data, despite the model never having seen transcripts at pretraining time!
Automatic Speech Recognition Automatic Speech Recognition (ASR) +1
no code implementations • 18 Oct 2023 • Lun Wang, Om Thakkar, Rajiv Mathews
We empirically show that clipping each example's gradient can mitigate memorization for sped-up training examples with up to 16 repetitions in the training set.
Automatic Speech Recognition Automatic Speech Recognition (ASR) +2
no code implementations • 19 Feb 2023 • Arun Ganesh, Mahdi Haghifam, Milad Nasr, Sewoong Oh, Thomas Steinke, Om Thakkar, Abhradeep Thakurta, Lun Wang
To explain this phenomenon, we hypothesize that the non-convex loss landscape of a model training necessitates an optimization algorithm to go through two phases.
no code implementations • 4 Oct 2022 • Virat Shejwalkar, Arun Ganesh, Rajiv Mathews, Om Thakkar, Abhradeep Thakurta
Empirically, we show that the last few checkpoints can provide a reasonable lower bound for the variance of a converged DP model.
no code implementations • 30 Jun 2022 • Matthew Jagielski, Om Thakkar, Florian Tramèr, Daphne Ippolito, Katherine Lee, Nicholas Carlini, Eric Wallace, Shuang Song, Abhradeep Thakurta, Nicolas Papernot, Chiyuan Zhang
In memorization, models overfit specific training examples and become susceptible to privacy attacks.
no code implementations • 20 Apr 2022 • W. Ronny Huang, Steve Chien, Om Thakkar, Rajiv Mathews
End-to-end (E2E) models are often being accompanied by language models (LMs) via shallow fusion for boosting their overall quality as well as recognition of rare words.
no code implementations • 18 Apr 2022 • Ehsan Amid, Om Thakkar, Arun Narayanan, Rajiv Mathews, Françoise Beaufays
We design Noise Masking, a fill-in-the-blank style method for extracting targeted parts of training data from trained ASR models.
no code implementations • 1 Dec 2021 • Ehsan Amid, Arun Ganesh, Rajiv Mathews, Swaroop Ramaswamy, Shuang Song, Thomas Steinke, Vinith M. Suriyakumar, Om Thakkar, Abhradeep Thakurta
In this paper, we revisit the problem of using in-distribution public data to improve the privacy/utility trade-offs for differentially private (DP) model training.
no code implementations • NeurIPS 2021 • Shubhankar Mohapatra, Sajin Sasy, Xi He, Gautam Kamath, Om Thakkar
Hyperparameter optimization is a ubiquitous challenge in machine learning, and the performance of a trained model depends crucially upon their effective selection.
1 code implementation • NeurIPS 2021 • Trung Dang, Om Thakkar, Swaroop Ramaswamy, Rajiv Mathews, Peter Chin, Françoise Beaufays
Prior works have demonstrated that labels can be revealed analytically from the last layer of certain models (e. g., ResNet), or they can be reconstructed jointly with model inputs by using Gradients Matching [Zhu et al'19] with additional knowledge about the current state of the model.
Automatic Speech Recognition Automatic Speech Recognition (ASR) +4
1 code implementation • 15 Apr 2021 • Trung Dang, Om Thakkar, Swaroop Ramaswamy, Rajiv Mathews, Peter Chin, Françoise Beaufays
We show that a dropout rate of 0. 2 can reduce the speaker identity accuracy to 0% top-1 (0. 5% top-5).
Automatic Speech Recognition Automatic Speech Recognition (ASR) +2
2 code implementations • 26 Feb 2021 • Peter Kairouz, Brendan Mcmahan, Shuang Song, Om Thakkar, Abhradeep Thakurta, Zheng Xu
We consider training models with differential privacy (DP) using mini-batch gradients.
no code implementations • 21 Sep 2020 • Swaroop Ramaswamy, Om Thakkar, Rajiv Mathews, Galen Andrew, H. Brendan McMahan, Françoise Beaufays
This paper presents the first consumer-scale next-word prediction (NWP) model trained with Federated Learning (FL) while leveraging the Differentially Private Federated Averaging (DP-FedAvg) technique.
no code implementations • NeurIPS 2020 • Borja Balle, Peter Kairouz, H. Brendan McMahan, Om Thakkar, Abhradeep Thakurta
It has privacy/accuracy trade-offs similar to privacy amplification by subsampling/shuffling.
no code implementations • 12 Jun 2020 • Om Thakkar, Swaroop Ramaswamy, Rajiv Mathews, Françoise Beaufays
In this paper, we initiate a formal study to understand the effect of different components of canonical FL on unintended memorization in trained models, comparing with the central learning setting.
no code implementations • 11 Jun 2020 • Shuang Song, Thomas Steinke, Om Thakkar, Abhradeep Thakurta
We show that for unconstrained convex generalized linear models (GLMs), one can obtain an excess empirical risk of $\tilde O\left(\sqrt{{\texttt{rank}}}/\epsilon n\right)$, where ${\texttt{rank}}$ is the rank of the feature matrix in the GLM problem, $n$ is the number of data samples, and $\epsilon$ is the privacy parameter.
1 code implementation • 21 Jun 2019 • Ryan Rogers, Aaron Roth, Adam Smith, Nathan Srebro, Om Thakkar, Blake Woodworth
We design a general framework for answering adaptive statistical queries that focuses on providing explicit confidence intervals along with point estimates.
1 code implementation • NeurIPS 2021 • Galen Andrew, Om Thakkar, H. Brendan McMahan, Swaroop Ramaswamy
Existing approaches for training neural networks with user-level differential privacy (e. g., DP Federated Averaging) in federated learning (FL) settings involve bounding the contribution of each user's model update by clipping it to some constant value.
no code implementations • 14 Mar 2018 • Raef Bassily, Om Thakkar, Abhradeep Thakurta
We provide a new technique to boost the average-case stability properties of learning algorithms to strong (worst-case) stability properties, and then exploit them to obtain private classification algorithms.
no code implementations • ICML 2018 • Prateek Jain, Om Thakkar, Abhradeep Thakurta
We provide the first provably joint differentially private algorithm with formal utility guarantees for the problem of user-level privacy-preserving collaborative filtering.
no code implementations • 13 Apr 2016 • Ryan Rogers, Aaron Roth, Adam Smith, Om Thakkar
In this paper, we initiate a principled study of how the generalization properties of approximate differential privacy can be used to perform adaptive hypothesis testing, while giving statistically valid $p$-value corrections.