Navigating the Challenges of Selective Classification Under Differential Privacy: An Empirical Study

When combining differential privacy (DP) with selective classification (SC) techniques, several challenges arise that can affect model accuracy and reliability. Some of the specific challenges include:

1. Degraded predictive performance: The addition of DP can degrade the predictive performance of machine learning (ML) models. This is because DP introduces randomness to protect individual privacy, which can make it more difficult for models to maintain accuracy.

2. Increased privacy leakage: Some popular methods for SC can leak more private information when DP is used. This can compromise the privacy protection provided by DP and pose a risk to sensitive data.

3. Reduced effectiveness of SC: DP often reduces the effectiveness of SC, especially for smaller groups in the data. This can make it harder for models to abstain from predictions when uncertain, leading to less reliable results.

4. Difficulty in comparing evaluation metrics: The current ways of measuring how well SC works don't compare well across different levels of privacy protection. This makes it challenging to evaluate and compare the performance of SC methods under varying DP constraints.

To address these challenges, researchers have proposed novel solutions at the intersection of DP and SC. One such solution is Selective Classification via Training Dynamics Ensembles (SCTD), which leverages intermediate model checkpoints to mitigate privacy leakage while maintaining competitive performance. Additionally, a new evaluation metric has been introduced to enable a fair comparison of selective classification methods across different privacy levels.

The recent NeurIPS paper proposes novel solutions at the intersection of Differential Privacy (DP) and Selective Classification (SC) to overcome the challenges in maintaining model accuracy and reliability under privacy constraints1. The authors introduce a new method called Selective Classification via Training Dynamics Ensembles (SCTD), which leverages intermediate model checkpoints to mitigate privacy leakage while maintaining competitive performance.

Unlike traditional ensemble methods, SCTD constructs an ensemble using intermediate model predictions obtained during the training process. It analyzes the disagreement among these intermediate predictions to identify anomalous data points and subsequently reject them. By relying on these intermediate checkpoints, SCTD maintains the original DP guarantee and improves predictive accuracy.

Additionally, the paper presents a novel evaluation metric that allows for a fair comparison of selective classification methods across different privacy levels. This metric calculates an accuracy-normalized selective classification score by comparing achieved performance against an upper bound determined by baseline accuracy and coverage.

The authors conducted a thorough experimental evaluation to assess the performance of the SCTD method, comparing it with other selective classification methods across various datasets and privacy levels. The evaluation focused on metrics such as the accuracy-coverage trade-off, recovery of non-private utility by reducing coverage, distance to the accuracy-dependent upper bound, and comparison with parallel composition using partitioned ensembles.

Overall, the SCTD method offers promising trade-offs between selective classification accuracy and privacy budget, addressing the challenges posed by DP while enhancing the reliability and trustworthiness of selective classifiers.