Search Results for author:
Found 21 papers, 5 papers with code
Noise Masking Attacks and Defenses for Pretrained Speech Models
Our method fine-tunes the encoder to produce an ASR model, and then performs noise masking on this model, which we find recovers private information from the pretraining data, despite the model never having seen transcripts at pretraining time!
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+1
Unintended Memorization in Large ASR Models, and How to Mitigate It
We empirically show that clipping each example's gradient can mitigate memorization for sped-up training examples with up to 16 repetitions in the training set.
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+2
Why Is Public Pretraining Necessary for Private Model Training?
To explain this phenomenon, we hypothesize that the non-convex loss landscape of a model training necessitates an optimization algorithm to go through two phases.
Recycling Scraps: Improving Private Learning by Leveraging Intermediate Checkpoints
Empirically, we show that the last few checkpoints can provide a reasonable lower bound for the variance of a converged DP model.
Measuring Forgetting of Memorized Training Examples
In memorization, models overfit specific training examples and become susceptible to privacy attacks.
Detecting Unintended Memorization in Language-Model-Fused ASR
End-to-end (E2E) models are often being accompanied by language models (LMs) via shallow fusion for boosting their overall quality as well as recognition of rare words.
Extracting Targeted Training Data from ASR Models, and How to Mitigate It
We design Noise Masking, a fill-in-the-blank style method for extracting targeted parts of training data from trained ASR models.
Public Data-Assisted Mirror Descent for Private Model Training
In this paper, we revisit the problem of using in-distribution public data to improve the privacy/utility trade-offs for differentially private (DP) model training.
The Role of Adaptive Optimizers for Honest Private Hyperparameter Selection
Hyperparameter optimization is a ubiquitous challenge in machine learning, and the performance of a trained model depends crucially upon their effective selection.
Revealing and Protecting Labels in Distributed Training
Prior works have demonstrated that labels can be revealed analytically from the last layer of certain models (e. g., ResNet), or they can be reconstructed jointly with model inputs by using Gradients Matching [Zhu et al'19] with additional knowledge about the current state of the model.
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+4
A Method to Reveal Speaker Identity in Distributed ASR Training, and How to Counter It
We show that a dropout rate of 0. 2 can reduce the speaker identity accuracy to 0% top-1 (0. 5% top-5).
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+2
Practical and Private (Deep) Learning without Sampling or Shuffling
We consider training models with differential privacy (DP) using mini-batch gradients.
Training Production Language Models without Memorizing User Data
This paper presents the first consumer-scale next-word prediction (NWP) model trained with Federated Learning (FL) while leveraging the Differentially Private Federated Averaging (DP-FedAvg) technique.
Privacy Amplification via Random Check-Ins
It has privacy/accuracy trade-offs similar to privacy amplification by subsampling/shuffling.
Understanding Unintended Memorization in Federated Learning
In this paper, we initiate a formal study to understand the effect of different components of canonical FL on unintended memorization in trained models, comparing with the central learning setting.
Evading Curse of Dimensionality in Unconstrained Private GLMs via Private Gradient Descent
We show that for unconstrained convex generalized linear models (GLMs), one can obtain an excess empirical risk of $\tilde O\left(\sqrt{{\texttt{rank}}}/\epsilon n\right)$, where ${\texttt{rank}}$ is the rank of the feature matrix in the GLM problem, $n$ is the number of data samples, and $\epsilon$ is the privacy parameter.
Guaranteed Validity for Empirical Approaches to Adaptive Data Analysis
We design a general framework for answering adaptive statistical queries that focuses on providing explicit confidence intervals along with point estimates.
Differentially Private Learning with Adaptive Clipping
Existing approaches for training neural networks with user-level differential privacy (e. g., DP Federated Averaging) in federated learning (FL) settings involve bounding the contribution of each user's model update by clipping it to some constant value.
Model-Agnostic Private Learning via Stability
We provide a new technique to boost the average-case stability properties of learning algorithms to strong (worst-case) stability properties, and then exploit them to obtain private classification algorithms.
Differentially Private Matrix Completion Revisited
We provide the first provably joint differentially private algorithm with formal utility guarantees for the problem of user-level privacy-preserving collaborative filtering.
Max-Information, Differential Privacy, and Post-Selection Hypothesis Testing
In this paper, we initiate a principled study of how the generalization properties of approximate differential privacy can be used to perform adaptive hypothesis testing, while giving statistically valid $p$-value corrections.
