This work addresses the utility degradation in DP-SGD caused by homogeneous Gaussian noise. We propose DP-Hero, a heterogeneous noise allocation mechanism leveraging prior knowledge from pre-trained models. Its core innovation lies in the first formal modeling of “leaked knowledge” implicitly encoded in pre-trained models as a gradient importance signal, enabling dynamic, dimension-wise calibration of noise magnitude. The resulting framework is provably ε-differentially private. By departing from conventional homogeneous perturbation, DP-Hero significantly improves convergence speed and generalization performance without compromising privacy guarantees. Extensive experiments across multiple benchmark datasets demonstrate that DP-Hero consistently outperforms state-of-the-art methods, validating the effectiveness of privacy–utility co-optimization through heterogeneous noise design.

Differential privacy (DP) provides a provable framework for protecting individuals by customizing a random mechanism over a privacy-sensitive dataset. Deep learning models have demonstrated privacy risks in model exposure as an established learning model unintentionally records membership-level privacy leakage. Differentially private stochastic gradient descent (DP-SGD) has been proposed to safeguard training individuals by adding random Gaussian noise to gradient updates in the backpropagation. Researchers identify that DP-SGD causes utility loss since the injected homogeneous noise can alter the gradient updates calculated at each iteration. Namely, all elements in the gradient are contaminated regardless of their importance in updating model parameters. In this work, we argue that the utility can be optimized by involving the heterogeneity of the the injected noise. Consequently, we propose a generic differential privacy framework with heterogeneous noise (DP-Hero) by defining a heterogeneous random mechanism to abstract its property. The insight of DP-Hero is to leverage the knowledge encoded in the previously trained model to guide the subsequent allocation of noise heterogeneity, thereby leveraging the statistical perturbation and achieving enhanced utility. Atop DP-Hero, we instantiate a heterogeneous version of DP-SGD, where the noise injected into gradients is heterogeneous and guided by prior-established model parameters. We conduct comprehensive experiments to verify and explain the effectiveness of the proposed DP-Hero, showing improved training accuracy compared with state-of-the-art works. Broadly, we shed light on improving the privacy-utility space by learning the noise guidance from the pre-existing leaked knowledge encoded in the previously trained model, showing a different perspective of understanding the utility-improved DP training.