Impact of Privacy Parameters on Deep Learning Models for Image Classification
Basanta Chaulagain
TL;DR
This work investigates applying differential privacy to deep learning for image classification on CIFAR-10 by training five architectures (ConvNet, ResNet18, EfficientNet, ViT, DenseNet121) and three classical classifiers (SVM, NBC, KNN) under varying privacy settings. It conducts over 70 experiments varying privacy parameters, optimizer, batch size, learning rate, and epoch size, and reports train/test accuracy and loss to characterize the privacy–utility trade-off. A key finding is that reducing the privacy budget (lower epsilon) degrades accuracy, while increasing clipping, batch size, and epoch size generally improves performance; Adam emerges as the strongest optimizer, and deep models outperform classical methods under DP, with EfficientNet achieving a best test accuracy of 59.63% under the reported setup. The results provide practical guidance for deploying differential privacy in image classification and highlight the tangible trade-offs between privacy guarantees and model utility.
Abstract
The project aims to develop differentially private deep learning models for image classification on CIFAR-10 datasets \cite{cifar10} and analyze the impact of various privacy parameters on model accuracy. We have implemented five different deep learning models, namely ConvNet, ResNet18, EfficientNet, ViT, and DenseNet121 and three supervised classifiers namely K-Nearest Neighbors, Naive Bayes Classifier and Support Vector Machine. We evaluated the performance of these models under varying settings. Our best performing model to date is EfficientNet with test accuracy of $59.63\%$ with the following parameters (Adam optimizer, batch size 256, epoch size 100, epsilon value 5.0, learning rate $1e-3$, clipping threshold 1.0, and noise multiplier 0.912).