Saved in:
Bibliographic Details
Main Authors: Shi, Zhongjie, Wang, Puyu, Zhang, Chenyang, Cao, Yuan
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2511.22270
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915783415693312
author Shi, Zhongjie
Wang, Puyu
Zhang, Chenyang
Cao, Yuan
author_facet Shi, Zhongjie
Wang, Puyu
Zhang, Chenyang
Cao, Yuan
contents Modern deep learning techniques focus on extracting intricate information from data to achieve accurate predictions. However, the training datasets may be crowdsourced and include sensitive information, such as personal contact details, financial data, and medical records. As a result, there is a growing emphasis on developing privacy-preserving training algorithms for neural networks that maintain good performance while preserving privacy. In this paper, we investigate the generalization and privacy performances of the differentially private gradient descent (DP-GD) algorithm, which is a private variant of the gradient descent (GD) by incorporating additional noise into the gradients during each iteration. Moreover, we identify a concrete learning task where DP-GD can achieve superior generalization performance compared to GD in training two-layer Huberized ReLU convolutional neural networks (CNNs). Specifically, we demonstrate that, under mild conditions, a small signal-to-noise ratio can result in GD producing training models with poor test accuracy, whereas DP-GD can yield training models with good test accuracy and privacy guarantees if the signal-to-noise ratio is not too small. This indicates that DP-GD has the potential to enhance model performance while ensuring privacy protection in certain learning tasks. Numerical simulations are further conducted to support our theoretical results.
format Preprint
id arxiv_https___arxiv_org_abs_2511_22270
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Towards Understanding Generalization in DP-GD: A Case Study in Training Two-Layer CNNs
Shi, Zhongjie
Wang, Puyu
Zhang, Chenyang
Cao, Yuan
Machine Learning
Modern deep learning techniques focus on extracting intricate information from data to achieve accurate predictions. However, the training datasets may be crowdsourced and include sensitive information, such as personal contact details, financial data, and medical records. As a result, there is a growing emphasis on developing privacy-preserving training algorithms for neural networks that maintain good performance while preserving privacy. In this paper, we investigate the generalization and privacy performances of the differentially private gradient descent (DP-GD) algorithm, which is a private variant of the gradient descent (GD) by incorporating additional noise into the gradients during each iteration. Moreover, we identify a concrete learning task where DP-GD can achieve superior generalization performance compared to GD in training two-layer Huberized ReLU convolutional neural networks (CNNs). Specifically, we demonstrate that, under mild conditions, a small signal-to-noise ratio can result in GD producing training models with poor test accuracy, whereas DP-GD can yield training models with good test accuracy and privacy guarantees if the signal-to-noise ratio is not too small. This indicates that DP-GD has the potential to enhance model performance while ensuring privacy protection in certain learning tasks. Numerical simulations are further conducted to support our theoretical results.
title Towards Understanding Generalization in DP-GD: A Case Study in Training Two-Layer CNNs
topic Machine Learning
url https://arxiv.org/abs/2511.22270