Personalized privacy becomes critical in deep learning for Trustworthy AI. While Differentially Private Stochastic Gradient Descent (DP-SGD) is widely used in deep learning methods supporting privacy, it provides the same level of privacy to all individuals, which may lead to overprotection and low utility. In practice, different users may require different privacy levels, and the model can be improved by using more information about the users with lower privacy requirements. There are also recent works on differential privacy of individuals when using DP-SGD, but they are mostly about individual privacy accounting and do not focus on satisfying different privacy levels. We thus extend DP-SGD to support a recent privacy notion called ($\Phi$,$\Delta$)-Personalized Differential Privacy (($\Phi$,$\Delta$)-PDP), which extends an existing PDP concept called $\Phi$-PDP. Our algorithm uses a multi-round personalized sampling mechanism and embeds it within the DP-SGD iterations. Experiments on real datasets show that our algorithm outperforms DP-SGD and simple combinations of DP-SGD with existing PDP mechanisms in terms of model performance and efficiency due to its embedded sampling mechanism.

翻译：个性化隐私在可信人工智能的深度学习中变得至关重要。虽然差分隐私随机梯度下降（DP-SGD）被广泛用于支持隐私保护的深度学习方法，但它为所有个体提供相同级别的隐私，可能导致过度保护和低效用。实践中，不同用户可能需要不同的隐私级别，通过利用隐私要求较低用户的更多信息可以改进模型。近期也有关于使用DP-SGD时个体差分隐私的研究，但这些工作主要关注个体隐私核算，并未侧重于满足不同隐私级别。因此，我们将DP-SGD扩展以支持一种名为（$\Phi$,$\Delta$）-个性化差分隐私（（$\Phi$,$\Delta$）-PDP）的新隐私概念，该概念扩展了现有的$\Phi$-PDP概念。我们的算法采用多轮个性化采样机制，并将其嵌入DP-SGD迭代中。在真实数据集上的实验表明，由于嵌入的采样机制，我们的算法在模型性能和效率方面优于DP-SGD以及DP-SGD与现有PDP机制的简单组合。