Recent Advances of Differential Privacy in Centralized Deep Learning: A Systematic Survey
Lea Demelius, Roman Kern, Andreas Trügler
TL;DR
This paper systematically surveys centralized differential privacy in deep learning from 2019 to 2023, addressing the privacy-utility trade-off, auditing/evaluation, and threats beyond membership/inference, as well as private generative models and domain-specific applications. It synthesizes core methods such as DP-SGD and PATE, reviews privately trained generative approaches (autoencoders and GANs), and examines a broad range of applications (medical imaging, face recognition, NLP, and more). Key findings include persistent gaps between theoretical privacy guarantees and empirical attacks, the importance of realistic benchmarks, and the potential of combining techniques to improve utility under DP, while stressing careful interpretation of synthetic data and the need for standardized taxonomy. The work provides a structured, theory-to-practice guide for researchers and practitioners aiming to deploy DP-DL in real-world settings, highlighting both progress and open challenges in privacy-preserving centralized deep learning.
Abstract
Differential Privacy has become a widely popular method for data protection in machine learning, especially since it allows formulating strict mathematical privacy guarantees. This survey provides an overview of the state-of-the-art of differentially private centralized deep learning, thorough analyses of recent advances and open problems, as well as a discussion of potential future developments in the field. Based on a systematic literature review, the following topics are addressed: auditing and evaluation methods for private models, improvements of privacy-utility trade-offs, protection against a broad range of threats and attacks, differentially private generative models, and emerging application domains.