-
Notifications
You must be signed in to change notification settings - Fork 0
20 (M) 23rd February, Friday
I have now covered most of the tests that I wanted to run on the differentially private model, seems as thought there is almost nothing that can be done in the training itself that can reasonably limit the malicious training without significantly affecting the original training. Capacity of the network seems to be the key factor, from my observations regularisation techniques make some difference, but don't seem to be an actual solution to this problem. Perhaps compressed models could offer a solution, and it could be interesting to see if combining these techniques with a compressed model resulted in any interesting results. Intuitively all of my results make sense, if not a little disappointing.
Meeting: We agreed that a plan for the rest of the term should be put in place, to organise the rest of the project. The next series of experiments will be based around exploring the effects of changing network capacity in different ways to investigate the effects on the capacity abuse attack, as well as the extent to which the network is poisoned by the data.