Cheng Zhuo,Di Gao,Liangwei Liu

DOI: https://doi.org/10.1109/tbdata.2022.3216566

2024-01-01

IEEE Transactions on Big Data

Abstract:The deployment of deep learning applications has to address the increasing privacy concerns when using private and sensitive data for training. A conventional deep learning model is prone to privacy attacks that can recover the sensitive information from either model parameters or accesses to the inference model. Recently, differential privacy (DP) has been proposed to offer provable privacy guarantees by randomizing the training process of neural networks. However, many approaches tend to provide the worst case privacy protection for model publishing, inevitably impairing the accuracy of the trained models. Thus, we present a novel private knowledge transfer strategy, where the private teacher trained on sensitive data is not publicly accessible but the student models can be released with privacy guarantees. In this paper, a three-player (teacher-student-discriminator) learning framework, Private Knowledge Distillation with Generative Adversarial Networks (PKDGAN), is proposed, where the student acquires the distilled knowledge from the teacher and is trained with the discriminator to generate similar outputs as the teacher. Moreover, a cooperative learning strategy is also suggested to support the collective training of multiple students against the discriminator when each student is with insufficient unlabelled training data. To enforce rigorous privacy guarantees, PKDGAN applies a Rényi differential privacy mechanism throughout the training process, and use it with a moment accountant technique to track the privacy cost. PKDGAN allows students to be trained with unlabelled public data and very few epochs, which avoids the exposure of training data while ensuring model performance. In the experiments, PKDGAN is found to have consistently good performance on various datasets (MNIST, SVHN, CIFAR-10, and Market-1501). When compared to prior works [1], [2], PKDGAN exhibits 5-82% accuracy loss improvement without compromising any privacy guarantee.

Ke Pan,Maoguo Gong,Yuan Gao

DOI: https://doi.org/10.1016/j.knosys.2023.110576

IF: 8.139

2023-07-01

Knowledge-Based Systems

Abstract:Generative adversarial networks (GANs) have become hugely popular by virtue of their impressive ability to generate realistic samples. Although GANs alleviate the arduous data-collection problem, they are prone to memorize training samples as a result of their complex model structure. Thus, GANs may not provide sufficient privacy guarantees, and there is a considerable chance of inadvertently divulging data privacy. To alleviate this issue, we design a privacy-enhanced GAN based on differential privacy. We first integrate truncated concentrated differential privacy technique into GAN for mitigating privacy leakage with tighter privacy bound. Then, according to different privacy demands of users in real-world scenarios, we design two adaptive noise allocation strategies, which enable us to dynamically inject noise into gradients at each iteration. Different strategies provide us with an intuitive handle to adopt a suitable strategy and achieve an elegant compromise between privacy and utility in distinct scenarios. Furthermore, we offer rigorous illustrations from the perspective of privacy preservation and privacy defense to demonstrate that our algorithm can fulfill differential privacy guarantees. Extensive experiments on real-world datasets manifest that our algorithm can generate high-quality samples while achieving an excellent trade-off between model performance and privacy guarantees.

computer science, artificial intelligence

Bingzhe Wu,Shiwan Zhao,ChaoChao Chen,Haoyang Xu,Li Wang,Xiaolu Zhang,Guangyu Sun,Jun Zhou

DOI: https://doi.org/10.48550/arxiv.1908.07882

2019-01-01

Abstract:In this paper, we aim to understand the generalization properties of generative adversarial networks (GANs) from a new perspective of privacy protection. Theoretically, we prove that a differentially private learning algorithm used for training the GAN does not overfit to a certain degree, i.e., the generalization gap can be bounded. Moreover, some recent works, such as the Bayesian GAN, can be re-interpreted based on our theoretical insight from privacy protection. Quantitatively, to evaluate the information leakage of well-trained GAN models, we perform various membership attacks on these models. The results show that previous Lipschitz regularization techniques are effective in not only reducing the generalization gap but also alleviating the information leakage of the training dataset.

Chuan Ma,Jun Li,Ming Ding,Bo Liu,Kang Wei,Jian Weng,H. Vincent Poor

DOI: https://doi.org/10.1109/tdsc.2022.3233580

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Generative adversarial networks (GANs) have attracted increasing attention recently owing to their impressive abilities to generate realistic samples with high privacy protection. Without directly interacting with training examples, the generative model can be used to estimate the underlying distribution of an original dataset while the discriminator can examine model quality of the generated samples by comparing the label values with training examples. In considering privacy issues in GANS, existing works focus on perturbing the parameters and analyzing the corresponding privacy protection capability, and the parameters are not directly exchanged between the generator and discriminator in GANs. Thus, in this work, we propose a Rényi-differentially private-GAN (RDP-GAN), which achieves differential privacy (DP) in a GAN by carefully adding random Gaussian noise to the value of the exchanged loss function during training. Moreover, we derive analytical results characterizing the total privacy loss under the subsampling method and cumulative iterations, which show its effectiveness for the privacy budget allocation. In addition, in order to mitigate the negative impact of injecting noises, we enhance the proposed algorithm by adding an adaptive noise tuning step, which will change the amount of added noise according to the testing accuracy. Through extensive experimental results, we verify that the proposed algorithm can achieve a better privacy level while producing high-quality samples compared with a benchmark DP-GAN scheme based on noise perturbation on training gradients.

computer science, information systems, software engineering, hardware & architecture

Di Gao,Cheng Zhuo

DOI: https://doi.org/10.3233/FAIA200294

2020-01-01

Abstract:The deployment of deep learning applications has to address the growing privacy concerns when using private and sensitive data for training. A conventional deep learning model is prone to privacy attacks that can recover the sensitive information of individuals from either model parameters or accesses to the target model. Recently, differential privacy that offers provable privacy guarantees has been proposed to train neural networks in a privacy-preserving manner to protect training data. However, many approaches tend to provide the worst case privacy guarantees for model publishing, inevitably impairing the accuracy of the trained models. In this paper, we present a novel private knowledge transfer strategy, where the private teacher trained on sensitive data is not publicly accessible but teaches a student to be publicly released. In particular, a three-player (teacher-student-discriminator) learning framework is proposed to achieve trade-off between utility and privacy, where the student acquires the distilled knowledge from the teacher and is trained with the discriminator to generate similar outputs as the teacher. We then integrate a differential privacy protection mechanism into the learning procedure, which enables a rigorous privacy budget for the training. The framework eventually allows student to be trained with only unlabelled public data and very few epochs, and hence prevents the exposure of sensitive training data, while ensuring model utility with a modest privacy budget. The experiments on MNIST, SVHN and CIFAR-10 datasets show that our students obtain the accuracy losses w.r.t teachers of 0.89%, 2.29%, 5.16%, respectively with the privacy bounds of (1.93, 10(-5)), (5.02, 10(-6)), (8.81, 10(-6)). When compared with the existing works [15, 20], the proposed work can achieve 582% accuracy loss improvement.

Kaixiang Lin,Jiayu Zhou,Shu Wang,Liyang Xie,Fei Wang

2018-02-19

Abstract:Generative Adversarial Network (GAN) and its variants have recently attracted intensive research interests due to their elegant theoretical foundation and excellent empirical performance as generative models. These tools provide a promising direction in the studies where data availability is limited. One common issue in GANs is that the density of the learned generative distribution could concentrate on the training data points, meaning that they can easily remember training samples due to the high model complexity of deep networks. This becomes a major concern when GANs are applied to private or sensitive data such as patient medical records, and the concentration of distribution may divulge critical patient information. To address this issue, in this paper we propose a differentially private GAN (DPGAN) model, in which we achieve differential privacy in GANs by adding carefully designed noise to gradients during the learning procedure. We provide rigorous proof for the privacy guarantee, as well as comprehensive empirical evidence to support our analysis, where we demonstrate that our method can generate high quality data points at a reasonable privacy level.

Medicine,Mathematics,Computer Science

Chang Sun,Johan van Soest,Michel Dumontier

DOI: https://doi.org/10.48550/arXiv.2206.13787

2022-06-28

Abstract:Despite the remarkable success of Generative Adversarial Networks (GANs) on text, images, and videos, generating high-quality tabular data is still under development owing to some unique challenges such as capturing dependencies in imbalanced data, optimizing the quality of synthetic patient data while preserving privacy. In this paper, we propose DP-CGANS, a differentially private conditional GAN framework consisting of data transformation, sampling, conditioning, and networks training to generate realistic and privacy-preserving tabular data. DP-CGANS distinguishes categorical and continuous variables and transforms them to latent space separately. Then, we structure a conditional vector as an additional input to not only presents the minority class in the imbalanced data, but also capture the dependency between variables. We inject statistical noise to the gradients in the networking training process of DP-CGANS to provide a differential privacy guarantee. We extensively evaluate our model with state-of-the-art generative models on three public datasets and two real-world personal health datasets in terms of statistical similarity, machine learning performance, and privacy measurement. We demonstrate that our model outperforms other comparable models, especially in capturing dependency between variables. Finally, we present the balance between data utility and privacy in synthetic data generation considering the different data structure and characteristics of real-world datasets such as imbalance variables, abnormal distributions, and sparsity of data.

Machine Learning,Artificial Intelligence,Cryptography and Security,Data Structures and Algorithms

Georgi Ganev

DOI: https://doi.org/10.48550/arXiv.2111.13617

2021-11-27

Abstract:Generative Adversarial Networks (GANs) are among the most popular approaches to generate synthetic data, especially images, for data sharing purposes. Given the vital importance of preserving the privacy of the individual data points in the original data, GANs are trained utilizing frameworks with robust privacy guarantees such as Differential Privacy (DP). However, these approaches remain widely unstudied beyond single performance metrics when presented with imbalanced datasets. To this end, we systematically compare GANs trained with the two best-known DP frameworks for deep learning, DP-SGD, and PATE, in different data imbalance settings from two perspectives -- the size of the classes in the generated synthetic data and their classification performance. Our analyses show that applying PATE, similarly to DP-SGD, has a disparate effect on the under/over-represented classes but in a much milder magnitude making it more robust. Interestingly, our experiments consistently show that for PATE, unlike DP-SGD, the privacy-utility trade-off is not monotonically decreasing but is much smoother and inverted U-shaped, meaning that adding a small degree of privacy actually helps generalization. However, we have also identified some settings (e.g., large imbalance) where PATE-GAN completely fails to learn some subparts of the training data.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society

Yueqi Chen,Witold Pedrycz,Tingting Pan,Jian Wang,Jie Yang

DOI: https://doi.org/10.1002/adts.202400234

2024-06-23

Advanced Theory and Simulations

Abstract:This paper introduces three strategies to improve the ability of GAN to handle imbalanced data. The first strategy is to inject prior knowledge into the latent space of GAN. The second strategy is to inject random noise into the discriminator. The third one is to use multiple GANs to learn comprehensive probability distributions of positive class based on multi‐scale data. Tackling imbalanced problems encountered in real‐world applications poses a challenge at present. Oversampling is a widely useful method for imbalanced tabular data. However, most traditional oversampling methods generate samples by interpolation of minority (positive) class, failing to entirely capture the probability density distribution of the original data. In this paper, a novel oversampling method is presented based on generative adversarial network (GAN) with the originality of introducing three strategies to enhance the distribution of the positive class, called GAN‐E. The first strategy is to inject prior knowledge of positive class into the latent space of GAN, improving sample emulation. The second strategy is to inject random noise containing this prior knowledge into both original and generated positive samples to stretch the learning space of the discriminator of GAN. The third one is to use multiple GANs to learn comprehensive probability distributions of positive class based on multi‐scale data to eliminate the influence of GAN on generating aggregate samples. The experimental results and statistical tests obtained on 18 commonly used imbalanced datasets show that the proposed method comes with a better performance in terms of G‐mean, F‐measure, AUC and accuracy than 14 other rebalanced methods.

multidisciplinary sciences

Xinyue Zhang,Jiahao Ding,Sai Mounika Errapotu,Xiaoxia Huang,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/globecom38437.2019.9014134

2019-01-01

Abstract:In recent years, generative adversarial network (GAN) has attracted great attention due to its impressive performance and potential numerous applications, such as data augmentation, real-like image synthesis, image compression improvement, etc. The generator in GAN learns the density of the distribution from real data in order to generate high fidelity fake samples from latent space and deceive the discriminator. Despite its advantages, GAN can easily memorize training samples because of the high model complexity of deep neural networks. Thus, training a GAN with sensitive or private data samples may compromise the privacy of training data. To address this privacy issue, we propose a novel \textit{Privacy Preserving Generative Adversarial Network} (PPGAN) that perturbs the objective function of discriminator by injecting Laplace noises based on functional mechanism to guarantee the differential privacy of training data. Since generator training is considered as a post-processing step while guaranteeing differential privacy of discriminator, the trained generator should be differentially private to effectively protect data samples. Through detailed privacy analysis, we theoretically prove that PPGAN can provide such strict differential privacy guarantee. With extensive simulation study on the benchmark dataset MNIST, we show the efficacy of the proposed PPGAN under practical privacy budgets.

Sen Zhang,Weiwei Ni,Nan Fu

DOI: https://doi.org/10.1016/j.cose.2021.102285

2021-07-01

Abstract:<p>The goal of privacy-preserving graph publishing is to protect individual privacy in released graph data while preserving data utility. Degree distribution, serving as fundamental operations for many graph analysis tasks, is a crucial data utility. Yet, existing methods using differential privacy (DP) cannot well preserve degree distribution, since they distill a graph into a set of structural statistics (e.g. <span class="math"><math>dK</math></span>-series, etc.) that only captures local degree correlations, and require massive noise added to mask the change of a single edge. Recently Generative Adversarial Network for graphs (NetGAN) plays a key role in machine learning, due to its ability to capture the local and global degree distribution of the graph via biased random walks. Further, it allows us to move the burden of privacy-preserving to the learning procedure of its discriminator, rather than the extracted structure features. Inspired by this, we propose Priv-GAN, a private publishing model based on NetGAN. Instead of distilling and then publishing graphs, we publish the Priv-GAN model that is trained using the original data in a DP manner. With Priv-GAN, data holders are able to produce synthetic graph data with degree distribution preservation. Compared to alternative solutions, ours highlights that (i) a private Langevin with gradient estimate is designed as an optimizer for discriminator, which provides a theoretical gradient upper bound and achieves DP by adding noise to the gradients; and (ii) importantly, the error bound of the noisy Langevin method is theoretically analyzed, which demonstrates that with appropriate parameter settings, Priv-GAN is able to maintain high utility guarantees. Experimental results confirm our theoretical findings and the efficacy of Priv-GAN.</p>

computer science, information systems

Jinke Ren,Chonghe Liu,Guanding Yu,Dongning Guo

2021-01-01

Abstract: Generative adversarial networks (GANs) are emerging machine learning models for generating synthesized data similar to real data by jointly training a generator and a discriminator. In many applications, data and computational resources are distributed over many devices, so centralized computation with all data in one location is infeasible due to privacy and/or communication constraints. This paper proposes a new framework for training GANs in a distributed fashion: Each device computes a local discriminator using local data; a single server aggregates their results and computes a global GAN. Specifically, in each iteration, the server sends the global GAN to the devices, which then update their local discriminators; the devices send their results to the server, which then computes their average as the global discriminator and updates the global generator accordingly. Two different update schedules are designed with different levels of parallelism between the devices and the server. Numerical results obtained using three popular datasets demonstrate that the proposed framework can outperform a state-of-the-art framework in terms of convergence speed.

Yi Liu,Jialiang Peng,James J.Q Yu,Yi Wu

DOI: https://doi.org/10.1109/ICPADS47876.2019.00150

2019-10-05

Abstract:Generative Adversarial Network (GAN) and its variants serve as a perfect representation of the data generation model, providing researchers with a large amount of high-quality generated data. They illustrate a promising direction for research with limited data availability. When GAN learns the semantic-rich data distribution from a dataset, the density of the generated distribution tends to concentrate on the training data. Due to the gradient parameters of the deep neural network contain the data distribution of the training samples, they can easily remember the training samples. When GAN is applied to private or sensitive data, for instance, patient medical records, as private information may be leakage. To address this issue, we propose a Privacy-preserving Generative Adversarial Network (PPGAN) model, in which we achieve differential privacy in GANs by adding well-designed noise to the gradient during the model learning procedure. Besides, we introduced the Moments Accountant strategy in the PPGAN training process to improve the stability and compatibility of the model by controlling privacy loss. We also give a mathematical proof of the differential privacy discriminator. Through extensive case studies of the benchmark datasets, we demonstrate that PPGAN can generate high-quality synthetic data while retaining the required data available under a reasonable privacy budget.

Machine Learning

Ren Yang,Xuebin Ma,Xiangyu Bai,Xiangdong Su

DOI: https://doi.org/10.1109/trustcom50675.2020.00232

2020-01-01

Abstract:In recent years, as image data are widely used in data analysis tasks, the problem of privacy disclosure is becoming more and more serious. However, the privacy protection technology of image data is still immature. In this paper, we propose a privacy protection framework named dp-WGAN for image data. This framework uses differential privacy and generative adversarial network to train a generative model with privacy protection function. Using this generative model, synthetic data with similar characteristics to sensitive data can be obtained, and synthetic data is published instead sensitive data to complete all kinds of data analysis tasks. Through extensive empirical evaluation on benchmark datasets, we demonstrate that dp-WGAN can provide strong privacy protection for sensitive data and produce high-quality synthetic data.

Lihe Hou,Weiwei Ni,Sen Zhang,Nan Fu,Dongyue Zhang

DOI: https://doi.org/10.1109/tnsm.2023.3280916

2023-01-01

Abstract:Many real-world networks can be represented as weighted graphs, where weights represent the closeness or importance of relationships between node pairs. Sharing these graphs is beneficial for many applications while potentially leading to privacy breaches. Variants of deep learning approaches have been developed for synthetic graph publishing, but privacy-preserving graph (especially weighted graph) publishing has not been fully addressed. To bridge this gap, we propose WDP-GAN, a generative adversarial network (GAN) based privacy-preserving weighted graph generation approach, which can generate unlimited synthetic graphs of a given weighted graph while ensuring individual privacy. To do this, we devise a new node sequence sampling method to generate the training set while preserving both the edge weight and topological structure of the original graph. Moreover, we apply the bi-directional long-short term memory (Bi-LSTM) network to capture the interdependence of node pairs. WDP-GAN then approximates the edge weight information using the frequencies of edges produced by the generator. Furthermore, we propose an adaptive gradient perturbation algorithm to improve the speed and stability of the training process while ensuring individual privacy. Theoretical analysis and experiments on real-world network datasets show that WDP-GAN can generate graphs that effectively preserve structural utility while satisfying differential privacy.

Chugui Xu,Ju Ren,Deyu Zhang,Yaoxue Zhang,Zhan Qin,Kui Ren

DOI: https://doi.org/10.1109/tifs.2019.2897874

IF: 7.231

2019-01-01

IEEE Transactions on Information Forensics and Security

Abstract:By learning generative models of semantic-rich data distributions from samples, generative adversarial network (GAN) has recently attracted intensive research interests due to its excellent empirical performance as a generative model. The model is used to estimate the underlying distribution of a dataset and randomly generate realistic samples according to their estimated distribution. However, GANs can easily remember training samples due to the high model complexity of deep networks. When GANs are applied to private or sensitive data, the concentration of distribution may divulge some critical information. It consequently requires new technological advances to mitigate the information leakage under GANs. To address this issue, we propose GANobfuscator, a differentially private GAN, which can achieve differential privacy under GANs by adding carefully designed noise to gradients during the learning procedure. With GANobfuscator, analysts are able to generate an unlimited amount of synthetic data for arbitrary analysis tasks without disclosing the privacy of training data. Moreover, we theoretically prove that GANobfuscator can provide strict privacy guarantee with differential privacy. In addition, we develop a gradient-pruning strategy for GANobfuscator to improve the scalability and stability of data training. Through extensive experimental evaluation on benchmark datasets, we demonstrate that GANobfuscator can produce high-quality generated data and retain desirable utility under practical privacy budgets.

Alex Bie,Gautam Kamath,Guojun Zhang

2023-10-05

Abstract:We show that the canonical approach for training differentially private GANs -- updating the discriminator with differentially private stochastic gradient descent (DPSGD) -- can yield significantly improved results after modifications to training. Specifically, we propose that existing instantiations of this approach neglect to consider how adding noise only to discriminator updates inhibits discriminator training, disrupting the balance between the generator and discriminator necessary for successful GAN training. We show that a simple fix -- taking more discriminator steps between generator steps -- restores parity between the generator and discriminator and improves results. Additionally, with the goal of restoring parity, we experiment with other modifications -- namely, large batch sizes and adaptive discriminator update frequency -- to improve discriminator training and see further improvements in generation quality. Our results demonstrate that on standard image synthesis benchmarks, DPSGD outperforms all alternative GAN privatization schemes. Code: <a class="link-external link-https" href="https://github.com/alexbie98/dpgan-revisit" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Cryptography and Security,Computer Vision and Pattern Recognition

Zhenya Wang,Xiang Cheng,Sen Su,Guangsheng Wang

DOI: https://doi.org/10.1016/j.ins.2022.11.006

IF: 8.1

2023-01-01

Information Sciences

Abstract:This paper considers the problem of differentially private vertically partitioned data sharing. In particular, with the assistance of a semi-honest curator, the involved parties (i.e., data owners) each holds records regarding different features of the same set of individuals collectively generate a shared dataset while satisfying differential privacy. Motivated by the superiority of the generative adversarial network (GAN) in data synthesizing, we present a differentially private generative decomposed adversarial network (DPGDAN) approach for vertically partitioned data sharing. In DPGDAN, the discriminator in the initial GAN is decomposed into several local discriminators and two relational discriminators, i.e., a real relational discriminator and a fake relational discriminator. Each party is assigned with a local discriminator while the curator holds the generator and the two relational discriminators. By combining the sanitized feedback from the local discriminators and the outputs of the relational discriminators, the curator can update the generator to approximate the distribution of the integrated dataset without compromising each party’s privacy. Moreover, to promote the shared data’s utility, we design a snapshot aggregation method by aggregating the synthetic records produced by the generators acquired during training. Furthermore, we show that DPGDAN satisfies (∊,δ)- differential privacy. Extensive experiments validate the effectiveness of DPGDAN.

Zhenya Wang,Xiang Cheng,Sen Su,Jintao Liang,Haocheng Yang

DOI: https://doi.org/10.1109/tbdata.2023.3277716

2023-01-01

IEEE Transactions on Big Data

Abstract:In this article, we study the problem of differentially private multi-party data sharing, where the involved parties assisted by a semi-honest curator collectively generate a shared dataset while satisfying differential privacy. Inspired by the success of data synthesis with the generative adversarial network (GAN), we propose a novel GAN-based differentially private multi-party data sharing approach named ATLAS. In ATLAS, we extend the original GAN to multiple discriminators, and let each party hold a discriminator while the curator holds a generator. To update the generator without compromising each party's privacy, we decompose the calculation of the generator's gradient and selectively sanitize the discriminators' responses. Additionally, we propose two methods to improve the utility of shared data, i.e., the collaborative discriminator filtering (CDF) method and the adaptive gradient perturbation (AGP) method. Specifically, the CDF method utilizes trained discriminators to refine synthetic records, while the AGP method adaptively adjusts the noise scale during training to reduce the impact of deferentially private noise on the final shared data. Extensive experiments on real-world datasets validate the superiority of our ATLAS approach.

Maryam Azadmanesh,Behrouz Shahgholi Ghahfarokhi,Maede Ashouri Talouki

DOI: https://doi.org/10.1016/j.eswa.2024.125646

IF: 8.5

2024-11-08

Expert Systems with Applications

Abstract:Generative Adversarial Networks (GANs) do not ensure the privacy of the training datasets and may memorize sensitive details. To maintain privacy of data during inference, various privacy-preserving GAN mechanisms have been proposed. Despite the different approaches and their characteristics, advantages, and disadvantages, there is a lack of a systematic review on them. This paper first presents a comprehensive survey on privacy-preserving mechanisms and offers a taxonomy based on their characteristics. The survey reveals that many of these mechanisms modify the GAN learning algorithm to enhance privacy, highlighting the need for theoretical and empirical analysis of the impact of these modifications on GAN convergence. Among the surveyed methods, ADAM-DPGAN is a promising approach that ensures differential privacy in GANs for both the discriminator and the generator networks when using the ADAM optimizer, by introducing appropriate noise based on the global sensitivity of discriminator parameters. Therefore, this paper conducts a theoretical and empirical analysis of the convergence of ADAM-DPGAN. In the presented theoretical analysis, assuming that simultaneous/alternating gradient descent method with ADAM optimizer converges locally to a fixed point and its operator is L-Lipschitz with L < 1, the effect of ADAM-DPGAN-based noise disturbance on local convergence is investigated and an upper bound for the convergence rate is provided. The analysis highlights the significant impact of differential privacy parameters, the number of training iterations, the discriminator's learning rate, and the ADAM hyper-parameters on the convergence rate. The theoretical analysis is further validated through empirical analysis. Both theoretical and empirical analyses reveal that a stronger privacy guarantee leads to a slower convergence, highlighting the trade-off between privacy and performance. The findings also indicate that there exists an optimal value for the number of training iterations regarding the privacy needs. The optimal settings for each parameter are calculated and outlined in the paper.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science