CN111737743A - Deep learning differential privacy protection method - Google Patents

Deep learning differential privacy protection method Download PDF

Info

Publication number
CN111737743A
CN111737743A CN202010572297.4A CN202010572297A CN111737743A CN 111737743 A CN111737743 A CN 111737743A CN 202010572297 A CN202010572297 A CN 202010572297A CN 111737743 A CN111737743 A CN 111737743A
Authority
CN
China
Prior art keywords
privacy
differential privacy
privacy protection
acc
gradient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010572297.4A
Other languages
Chinese (zh)
Inventor
陶陶
柏建树
郑啸
刘恒
王爱国
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University of Technology AHUT
Original Assignee
Anhui University of Technology AHUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University of Technology AHUT filed Critical Anhui University of Technology AHUT
Priority to CN202010572297.4A priority Critical patent/CN111737743A/en
Publication of CN111737743A publication Critical patent/CN111737743A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • G06N3/084Backpropagation, e.g. using gradient descent

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • Molecular Biology (AREA)
  • Bioethics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Image Analysis (AREA)

Abstract

The invention discloses a deep learning differential privacy protection method, and belongs to the technical field of information system security. The invention provides a novel deep learning differential privacy protection model, WGAN is adopted to generate an image result for data subjected to model privacy protection processing, a result closest to a real image is selected from the generated image, the similarity of the generated result and an original image is compared, a difference value is calculated to carry out threshold value comparison, and privacy parameters in the gradient of the model are fed back and adjusted under the condition of the similarity threshold value limitation, so that a certain promoting effect is provided for the application of differential privacy in the fields of deep learning and the like.

Description

Deep learning differential privacy protection method
Technical Field
The invention belongs to the technical field of information system security, and particularly relates to a deep learning differential privacy protection method.
Background
In the existing privacy protection method for a relatively common data set, for example, anonymity processing is performed on data by adopting k-anonymity, and the like, the effect of true processing is difficult to provide strict privacy guarantee. As a novel privacy protection technology with great advantages, the Differential privacy (DR) technology is a privacy protection method based on data distortion proposed for an attacker with a strong knowledge background, and the purpose of protecting data privacy is achieved by adding noise to ensure that any record is inserted or deleted in a data set without influencing the query output result. The technology is established on the strict mathematical basis, and provides a quantitative evaluation method, which is one of the most effective and high-applicability ways of the current privacy protection technology. The differential privacy technology is proposed by many developers to research and expand the technology, various algorithm models are generated continuously, and the technology plays an important role in daily life, industry, production, medical treatment and the like.
As one of deep learning model classifications, the Generative Adaptive Networks (GAN) can generate an image result very close to the original image, achieving the effect of false or true. However, the conventional GAN has the problems of unstable training, collapse of pattern, disappearance of gradient and the like, so that the actual training process is often difficult to generate the desired image result. Until the proposals of Wasserstein GAN (WGAN) solved these problems well, the WGAN replaces the asymmetric JS divergence used by the traditional GAN with the smoothness and symmetry of the Wasserstein distance, and the training process shows strong stability and high image generation quality. Therefore, from the viewpoint of training stability and image generation quality, generation of a deep learning image data set by WGAN is becoming an important subject of many fields such as image processing and computer vision.
The architecture for adjusting the deep learning differential privacy protection algorithm based on the WGAN feedback method usually includes many parameters, and the setting of the parameters is generally considered as a key factor for balancing the privacy protection degree and the data availability. However, the general privacy parameter grouping method is often limited by the user's own requirements, and the privacy protection degree of the model is not analyzed in a fixed manner, so that the realization of the balance between the privacy protection degree and the data availability is hindered.
Through searching, the application number is: 201811540698.0, filing date: 12 and 17 in 2018, the invention name is as follows: a combined deep learning training method based on privacy protection technology is provided. In the application, a Homorphic Encryption (HE) method is used for sending encrypted data to a cloud server, and a user obtains the data through ciphertext decryption. However, the homomorphic encryption only involves addition and multiplication, and is difficult to adapt to the complex operation requirement of deep learning, and the operation process needs to consume a large amount of computing resources, which may cause the performance degradation of the deep learning network.
As another example, application numbers are: 201710611972.8, filing date: 7, month and 25 in 2017, the invention name is: a deep differential privacy protection method based on a generative countermeasure network. In this application, the concept of deep convolution generation of a countermeasure network (DCGAN) is applied to a deep learning image data set for privacy protection. However, the DCGAN used in this method still has a deficiency in training stability, as the number of training times increases, some parameters (such as filter) will oscillate due to collapse, and the DCGAN generation model is limited by batch normalization. In addition, the grouping setting method of the privacy parameters by the method mainly depends on the individual requirements of the user, and qualitative analysis of privacy loss minimization is not carried out on the feedback-adjusted privacy parameter setting.
Based on the above analysis, there is a need in the art for a deep learning data set privacy protection method that can better balance the privacy protection degree and the data availability.
Disclosure of Invention
1. Technical problem to be solved by the invention
The invention aims to overcome the defect that the privacy protection degree and the data usability are difficult to balance when the deep learning data set is subjected to privacy protection, and provides a deep learning differential privacy protection method. The invention provides a novel deep learning differential privacy protection model, WGAN is adopted to generate image results for data subjected to model privacy protection processing, the result closest to a real image is selected from the generated images, the similarity of the generated result and an original image is compared, a difference value is calculated for threshold value comparison, and privacy parameters in the gradient of the model are fed back and adjusted under the condition of the similarity threshold value, so that a certain promoting effect is provided for the application of differential privacy in the fields of deep learning and the like.
2. Technical scheme
In order to achieve the purpose, the technical scheme provided by the invention is as follows:
the invention discloses a deep learning differential privacy protection method, which comprises the following steps:
step 1, constructing a deep learning network introducing a differential privacy mechanism;
step 2, Gaussian noise is added to the gradient in a parameter optimization stage of the deep learning network by combining a difference privacy theory;
step 3, calculating the privacy loss of the step 2 by combining the combinable characteristics of the differential privacy;
step 4, generating a generated image processed by the differential privacy parameters by using a generating model of the WGAN; generating an image by utilizing a WGAN generation model for the raw data which is not processed at all;
step 5, selecting an optimal image result from the generated image processed by the difference privacy parameters, comparing the difference between the optimal image and the original data generated image, and calculating a similarity difference value;
and 6, under the limit of the similarity threshold, feeding back related privacy parameters in the regulation model to enable the privacy loss in the step 3 to reach the minimum value, and realizing the balance between privacy protection and data availability.
Furthermore, a convolutional neural network with two convolutional layers and three fully-connected layers is established in step 1, and the introduced differential privacy is (,) -differential privacy, as shown in formula (1):
Pr[M(D)∈SM]≤e×Pr[M(D’)∈SM]+ (1)
wherein M is a given random algorithm; d and D' are neighbor datasets that differ by at most one record; sMIs randomAll possible outputs of the algorithm M on the data sets D and D'; representing a privacy budget and a privacy error value, respectively.
Furthermore, the process of adding gaussian noise to the deep network parameter optimization stage in the step 2 is as follows:
from the training data set X ═ X1,x2,...,xnRandomly selecting a small batch of training data to input, wherein the batch size is m, and calculating a gradient value corresponding to each training data
Figure BDA0002550076790000039
For L of each gradient2Gradient cutting is carried out on the norm, the average value is calculated, and a new gradient value is obtained within the threshold value range C
Figure BDA0002550076790000031
Then at the new gradient value
Figure BDA0002550076790000032
Adding Gaussian noise V-N (0, sigma)2) The output of the disturbance gradient, sigma is the scale of noise addition; finally, the new gradient is reduced according to the gradient descent method
Figure BDA0002550076790000033
Moving one step backward and updating gradient value parameter thetat
Further, the calculation of the privacy loss in step 3 is represented by formula (2):
Figure RE-GDA0002577088290000035
wherein M is a given random algorithm; D. d' is two adjacent data sets, aux is the input auxiliary parameter, s represents the output and s is for R;
the added gaussian noise has markov property, and the following formula (3) can be obtained by combining the definition of differential privacy:
Figure BDA0002550076790000035
wherein, the gaussian noise V and V 'added to the neighboring data sets D and D' satisfies the following formula (4):
V'=V+Dd (4)
wherein Dd is differential privacy sensitivity;
finally, the characteristics of the Gaussian mechanism are combined to obtain
Figure BDA0002550076790000036
The privacy loss in the process of adding gaussian noise can be obtained by simplifying the formulas (2), (3) and (4) as the following formula (5):
Figure BDA0002550076790000037
further, the loss function of WGAN in step 4 is shown in equation (6):
Figure BDA0002550076790000038
wherein, PdRepresenting the true data distribution, PgRepresenting a generated data distribution; when updating the weights, it is necessary to maintain the network parameters within a range that satisfies the Lipschitz condition.
Furthermore, the optimal selection of the generated image after the privacy parameter processing in step 5 mainly depends on the classification accuracy and the visual evaluation, and the similarity difference is calculated by subtracting the classification accuracy of the optimal selection from the classification accuracy of the generated image without any processing, as shown in formula (7):
Cacc=accr-accp(7)
wherein, accrRepresenting the generated image classification accuracy without any processing; acc (acrylic acid)pThe generated image classification accuracy rate representing the optimal choice.
Furthermore, the setting of the similarity threshold C in step 6 is generally 10%; calculating C obtained in step 5accThe size of the similarity threshold C is set; if CaccWhen the value of (A) is greater than C, the proper value is selected againRepeating step 5 until CaccIs less than C; when C is presentaccWhen the value of (a) is less than (C), the magnitude of privacy loss is evaluated through step (3), and the privacy loss is minimized by selecting an appropriate sum and the condition of gaussian noise is satisfied, so that the balance between the privacy protection degree and the data availability is finally realized.
3. Advantageous effects
Compared with the prior art, the technical scheme provided by the invention has the following remarkable effects:
(1) according to the deep learning differential privacy protection method, a deep learning model introducing a (nor) differential privacy mechanism is constructed, wherein the degree of privacy protection is influenced by privacy parameters and sigma, through setting a plurality of pairs of privacy parameter groups, single-parameter variable and multi-parameter variable classification accuracy rate experiments are carried out, and the most appropriate privacy parameter combination is selected, so that the privacy protection effect of the control model can be effectively improved.
(2) According to the deep learning differential privacy protection method, the WGAN is used for generating the generated image after being processed by the privacy parameters and the generated image without being processed, the privacy parameters are fed back and adjusted by combining the evaluation criteria of privacy loss and classification accuracy, and finally a group of proper privacy parameters is obtained, so that a good privacy protection effect and high data availability can be guaranteed. The WGAN well solves the problems of the traditional GAN and shows better training stability and generated image quality than other GAN derivative variants (such as DCGAN), thereby being beneficial to improving the usability of generated results and the practical significance of research.
(3) According to the deep learning differential privacy protection method, a method for quantitatively calculating privacy loss is designed, and whether privacy loss can reach a smaller value through the privacy loss minimization can be verified through the privacy parameter setting adjusted through feedback, so that a better privacy protection effect is obtained.
Drawings
FIG. 1 is a diagram of the overall architecture of the model of the present invention;
FIG. 2 is a flow chart of the privacy feedback portion of the WGAN-based of the invention;
FIG. 3 is a schematic diagram of a convolutional neural network model of the present invention.
Detailed Description
For a further understanding of the invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings and examples.
Example 1
With reference to fig. 1, a deep learning differential privacy protection method according to this embodiment includes the steps of:
step 1, constructing a convolutional neural network with two convolutional layers and three fully-connected layers, introducing a difference privacy theory in the parameter optimization of the network, and adding Gaussian noise meeting a Gaussian mechanism, wherein the specific process is as follows:
initializing, establishing a convolutional neural network with two convolutional layers and three fully-connected layers, and initializing model parameters of the convolutional neural network, as shown in fig. 3. Introducing (,) -differential privacy is shown in equation (1):
Pr[M(D)∈SM]≤e×Pr[M(D’)∈SM]+ (1)
wherein M is a given random algorithm; d and D' are neighbor datasets that differ by at most one record; sMIs all possible outputs of the random algorithm M on the data sets D and D'. The degree of privacy protection is governed by the privacy parameters: privacy budget, privacy disclosure error value, and Gaussian noise V-N (0, σ) derived from satisfying the Gaussian mechanism2) The noise addition scale σ of (2), excessive noise may reduce the usability of data, and too little noise may reduce the degree of privacy protection.
Step 2, Gaussian noise is added to the gradient in a parameter optimization stage of the deep learning network by combining a difference privacy theory; a privacy parameter grouping method is set, and the specific process is as follows:
from the training data set X ═ X1,x2,...,xnRandomly selecting a small batch (batch size m) of training data to input, and calculating each training data (x)i∈mt) Corresponding gradient value
Figure BDA0002550076790000051
For L of each gradient2Gradient cutting is carried out on the norm, the average value is calculated, and a new gradient value is obtained within the range of a gradient cutting threshold value C
Figure BDA0002550076790000052
Then at the new gradient value
Figure BDA0002550076790000053
Adding Gaussian noise V-N (0, sigma)2) Outputting a disturbance gradient; finally, the new gradient is determined according to a gradient descent method
Figure BDA0002550076790000054
Moving one step backward and updating gradient value parameter thetat
For privacy parameters influencing the differential privacy protection effect, a classification accuracy rate experiment is carried out by changing a single parameter and fixing other two parameters; the ideal value range obtained by analyzing the variation trend is [0.5,1,2,4], the value range of sigma is [2,4,6,8], and the value range is [1e-5,1e-4,1e-3,1e-2 ]. Then, 64 sets of privacy parameter combinations are constituted by combinations with each other.
Step 3, calculating the privacy loss of the step 2 according to the characteristic that the privacy protection can be quantitatively evaluated by combining the differential privacy; the specific process is as follows:
the privacy loss is used as a random variable, and the value directly reflects the privacy protection effect and mainly depends on the added Gaussian noise. Due to Gaussian noise V-N (0, sigma)2) With markov property, the privacy loss of the process can be tracked by a Moments Accountant (MA) calculation method, and the privacy loss is calculated as represented by formula (2):
Figure RE-GDA0002577088290000061
wherein M is a random algorithm; D. d' is two adjacent datasets; aux is an input auxiliary parameter; s represents the output and s ∈ R.
For better quantitative calculation of privacy loss, analyzing the influence of privacy parameter setting on privacy loss, and combining the characteristics of gaussian noise with the definition of differential privacy, the following formula (3) can be obtained:
Figure BDA0002550076790000062
by the global sensitivity characteristic of differential privacy, the gaussian noise V and V 'when added to the adjacent data sets D and D' satisfy the following equation (4):
V'=V+Dd (4)
where Dd is the differential privacy sensitivity.
Because in the Gaussian mechanism, the Gaussian noise V to N (0, sigma)2) Satisfy sigma2≥c△f/,c2>2In (2 /); thus can obtain
Figure BDA0002550076790000063
After the above calculation formula is simplified, the privacy loss in the process of adding gaussian noise can be obtained as the following formula (5):
Figure BDA0002550076790000064
step 6 setting of privacy parameters for feedback adjustment requires minimizing the value of equation (5) as much as possible and needs to be satisfied
Figure BDA0002550076790000065
To obtain a better privacy protection effect.
Step 4, generating a generated image processed by the difference privacy parameter in the step 2 by using a generating model of the WGAN, and generating an image by using the WGAN generating model for the raw data which is not processed; calculating the classification accuracy, and the specific process is as follows:
firstly, building a WGAN class, defining basic information: the size (28,28,1) of the input picture; the input implicit coding dimension (100 dimensions); defining a generator and a discriminator function; a loss function of the WGAN is defined. Then, a generator and a discriminator are set up, and a weight clipping value (0.01) is set. Finally, the parameters of the generator are optimized (RMSProp method). In the training process, the WGAN is used for setting to train the generation model under different privacy parameters to generate an image result, the obtained image result trains a classifier, and the classification accuracy of the test set is tested; the classifier was trained using the image results generated by the WGAN without any privacy protection and the test set was tested for classification accuracy. The loss function of WGAN is shown in equation (6):
Figure BDA0002550076790000071
wherein, PdRepresenting the true data distribution, PgRepresenting a generated data distribution; when updating the weights, it is necessary to maintain the network parameters within a range that satisfies the Lipschitz condition.
The invention uses the excellent derivative variant WGAN of the GAN to generate the images processed by the privacy parameters and the images without any processing, and well solves the problems of unstable training, mode collapse and the like of the traditional GAN. The generative model of the WGAN is continuously trained towards the direction closer to the real data distribution, and the closer the accuracy of the generative result is to the real result, the better the data usability is shown. In combination with the privacy loss calculation and analysis in step 3, the objectives of the present invention are: the method ensures a better privacy protection effect as far as possible and simultaneously gives consideration to higher data availability.
Step 5, selecting an optimal image result from the generated image processed by the difference privacy parameters, comparing the difference between the optimal image and the original data generated image, and calculating a similarity difference value; the specific process is as follows:
and selecting the most appropriate generated image result according to the test accuracy and the visual evaluation, calculating the difference value of the accuracy of the generated image result without privacy protection, and regarding the difference value as the similarity difference value. As shown in equation (7):
Cacc=accr-accp(7)
wherein, accrRepresenting the generated image classification accuracy without any processing; acc (acrylic acid)pThe generated image classification accuracy rate representing the optimal choice.
Step 6, under the limit of the similarity threshold, feeding back related privacy parameters in the regulation model, as shown in fig. 2, so that the privacy loss in the step 3 reaches the minimum value, and the balance between the privacy protection degree and the data availability is realized; the specific process is as follows:
calculating C obtained in step 5accThe size of the similarity threshold C (10%) set; if CaccIf the value of C is greater than C, the appropriate generated image is selected again, and step 5 is repeated until C is reachedaccIs less than C; when C is presentaccWhen the value of (a) is less than (C), the magnitude of the privacy loss is evaluated by step (3); and finally, the balance between the privacy protection degree and the data availability is realized.
The present invention and its embodiments have been described above schematically, without limitation, and what is shown in the drawings is only one of the embodiments of the present invention, and the actual structure is not limited thereto. Therefore, if the person skilled in the art receives the teaching, without departing from the spirit of the invention, the person skilled in the art shall not inventively design the similar structural modes and embodiments to the technical solution, but shall fall within the scope of the invention.

Claims (7)

1. A deep learning differential privacy protection method is characterized by comprising the following steps:
step 1, constructing a deep learning network introducing a differential privacy mechanism;
step 2, Gaussian noise is added to the gradient in a parameter optimization stage of the deep learning network by combining a difference privacy theory;
step 3, calculating the privacy loss of the step 2 by combining the combinable characteristics of the differential privacy;
step 4, generating a generated image processed by the differential privacy parameters by using a generating model of the WGAN; generating an image by utilizing a WGAN generation model on the raw data without any treatment;
step 5, selecting an optimal image result from the generated image processed by the difference privacy parameters, comparing the difference between the optimal image and the original data generated image, and calculating a similarity difference value;
and 6, under the limit of the similarity threshold, feeding back related privacy parameters in the regulation model to enable the privacy loss in the step 3 to reach the minimum value, and realizing the balance between privacy protection and data availability.
2. The deep-learning differential privacy protection method according to claim 1, wherein: in step 1, a convolutional neural network with two convolutional layers and three fully-connected layers is established, and the introduced differential privacy is (,) -differential privacy, as shown in formula (1):
Pr[M(D)∈SM]≤e×Pr[M(D’)∈SM]+ (1)
wherein M is a given random algorithm; d and D' are neighbor datasets that differ by at most one record; sMIs all possible outputs of the random algorithm M on the data sets D and D'; representing a privacy budget and a privacy error value, respectively.
3. The deep-learning differential privacy protection method according to claim 2, wherein: step 2, the process of adding Gaussian noise in the deep network parameter optimization stage is as follows:
from the training data set X ═ X1,x2,...,xnRandomly selecting a small batch of training data for input, wherein the batch size is m, and calculating a gradient value corresponding to each training data
Figure FDA0002550076780000015
For L of each gradient2Gradient cutting is carried out on the norm, the average value is calculated, and a new gradient value is obtained within the threshold value range C
Figure FDA0002550076780000011
Then at the new gradient value
Figure FDA0002550076780000012
Adding Gaussian noise V-N (0, sigma)2) The output of the disturbance gradient, sigma is the scale of noise addition; finally, the new gradient is reduced according to the gradient descent method
Figure FDA0002550076780000013
Moving one step backward and updating gradient value parameter thetat
4. The deep-learning differential privacy protection method of claim 3, wherein: the privacy loss calculation in step 3 is represented by formula (2):
Figure RE-FDA0002577088280000014
wherein M is a given random algorithm; D. d' is two adjacent data sets, aux is the input auxiliary parameter, s represents the output and s is for R;
the added gaussian noise has markov property, and the following formula (3) can be obtained by combining the definition of differential privacy:
Figure RE-FDA0002577088280000021
wherein, the gaussian noise V and V 'added to the neighboring data sets D and D' satisfies the following formula (4):
V'=V+Dd (4)
wherein Dd is differential privacy sensitivity;
finally, the characteristics of the Gaussian mechanism are combined to obtain
Figure RE-FDA0002577088280000022
The privacy loss in the process of adding gaussian noise can be obtained by simplifying the formulas (2), (3) and (4) as the following formula (5):
Figure RE-FDA0002577088280000023
5. the deep-learning differential privacy protection method according to claim 4, wherein: the loss function of WGAN in step 4 is shown in equation (6):
Figure FDA0002550076780000024
wherein, PdRepresenting the true data distribution, PgRepresenting a generated data distribution; when updating the weights, it is necessary to maintain the network parameters within a range that satisfies the Lipschitz condition.
6. The deep-learning differential privacy protection method of claim 5, wherein: in step 5, the optimal selection of the generated image after the privacy parameter processing mainly depends on the classification accuracy and the visual evaluation, and the calculation of the similarity difference is obtained by subtracting the optimal selection classification accuracy from the classification accuracy of the generated image without any processing, as shown in formula (7):
Cacc=accr-accp(7)
wherein, accrRepresenting the generated image classification accuracy without any processing; acc (acrylic acid)pRepresenting the generated image classification accuracy for the optimal selection.
7. The deep-learning differential privacy protection method of claim 6, wherein: setting the similarity threshold C in the step 6 to be generally 10 percent; calculating C obtained in step 5accThe size of the similarity threshold C is set; if CaccIf the value of C is greater than C, the appropriate generated image is selected again, and step 5 is repeated until C is reachedaccIs less than C; when C is presentaccWhen the value of (a) is less than (C), the magnitude of privacy loss is evaluated through step (3), and the privacy loss is minimized by selecting an appropriate sum and the condition of gaussian noise is satisfied, so that the balance between the privacy protection degree and the data availability is finally realized.
CN202010572297.4A 2020-06-22 2020-06-22 Deep learning differential privacy protection method Pending CN111737743A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010572297.4A CN111737743A (en) 2020-06-22 2020-06-22 Deep learning differential privacy protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010572297.4A CN111737743A (en) 2020-06-22 2020-06-22 Deep learning differential privacy protection method

Publications (1)

Publication Number Publication Date
CN111737743A true CN111737743A (en) 2020-10-02

Family

ID=72650251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010572297.4A Pending CN111737743A (en) 2020-06-22 2020-06-22 Deep learning differential privacy protection method

Country Status (1)

Country Link
CN (1) CN111737743A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307514A (en) * 2020-11-26 2021-02-02 哈尔滨工程大学 Difference privacy greedy grouping method adopting Wasserstein distance
CN112487479A (en) * 2020-12-10 2021-03-12 支付宝(杭州)信息技术有限公司 Method for training privacy protection model, privacy protection method and device
CN113254927A (en) * 2021-05-28 2021-08-13 浙江工业大学 Model processing method and device based on network defense and storage medium
CN113282961A (en) * 2021-07-22 2021-08-20 武汉中原电子信息有限公司 Data desensitization method and system based on power grid data acquisition
CN113434873A (en) * 2021-06-01 2021-09-24 内蒙古大学 Federal learning privacy protection method based on homomorphic encryption
CN113642715A (en) * 2021-08-31 2021-11-12 西安理工大学 Differential privacy protection deep learning algorithm for self-adaptive distribution of dynamic privacy budget
CN113869384A (en) * 2021-09-17 2021-12-31 大连理工大学 Privacy protection image classification method based on domain self-adaption
CN114638013A (en) * 2022-02-15 2022-06-17 西安电子科技大学 Method, system, medium and terminal for measuring and protecting image privacy information
CN114882216A (en) * 2022-04-18 2022-08-09 华南理工大学 Garment button quality detection method, system and medium based on deep learning
WO2023109246A1 (en) * 2021-12-17 2023-06-22 新智我来网络科技有限公司 Method and apparatus for breakpoint privacy protection, and device and medium
CN117808694A (en) * 2023-12-28 2024-04-02 中国人民解放军总医院第六医学中心 Painless gastroscope image enhancement method and painless gastroscope image enhancement system under deep neural network
CN117936011A (en) * 2024-03-19 2024-04-26 泰山学院 Intelligent medical service management system based on big data

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107368752A (en) * 2017-07-25 2017-11-21 北京工商大学 A kind of depth difference method for secret protection based on production confrontation network
US20200082259A1 (en) * 2018-09-10 2020-03-12 International Business Machines Corporation System for Measuring Information Leakage of Deep Learning Models

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107368752A (en) * 2017-07-25 2017-11-21 北京工商大学 A kind of depth difference method for secret protection based on production confrontation network
US20200082259A1 (en) * 2018-09-10 2020-03-12 International Business Machines Corporation System for Measuring Information Leakage of Deep Learning Models

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陶陶 等: "基于WGAN反馈的深度学习差分隐私保护方法", 电子技术与软件工程, vol. 2020, no. 02, pages 244 - 245 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307514A (en) * 2020-11-26 2021-02-02 哈尔滨工程大学 Difference privacy greedy grouping method adopting Wasserstein distance
CN112307514B (en) * 2020-11-26 2023-08-01 哈尔滨工程大学 Differential privacy greedy grouping method adopting Wasserstein distance
CN112487479A (en) * 2020-12-10 2021-03-12 支付宝(杭州)信息技术有限公司 Method for training privacy protection model, privacy protection method and device
CN112487479B (en) * 2020-12-10 2023-10-13 支付宝(杭州)信息技术有限公司 Method for training privacy protection model, privacy protection method and device
CN113254927B (en) * 2021-05-28 2022-05-17 浙江工业大学 Model processing method and device based on network defense and storage medium
CN113254927A (en) * 2021-05-28 2021-08-13 浙江工业大学 Model processing method and device based on network defense and storage medium
CN113434873A (en) * 2021-06-01 2021-09-24 内蒙古大学 Federal learning privacy protection method based on homomorphic encryption
CN113282961A (en) * 2021-07-22 2021-08-20 武汉中原电子信息有限公司 Data desensitization method and system based on power grid data acquisition
CN113642715A (en) * 2021-08-31 2021-11-12 西安理工大学 Differential privacy protection deep learning algorithm for self-adaptive distribution of dynamic privacy budget
CN113869384A (en) * 2021-09-17 2021-12-31 大连理工大学 Privacy protection image classification method based on domain self-adaption
CN113869384B (en) * 2021-09-17 2024-05-10 大连理工大学 Privacy protection image classification method based on field self-adaption
WO2023109246A1 (en) * 2021-12-17 2023-06-22 新智我来网络科技有限公司 Method and apparatus for breakpoint privacy protection, and device and medium
CN114638013A (en) * 2022-02-15 2022-06-17 西安电子科技大学 Method, system, medium and terminal for measuring and protecting image privacy information
CN114882216A (en) * 2022-04-18 2022-08-09 华南理工大学 Garment button quality detection method, system and medium based on deep learning
CN114882216B (en) * 2022-04-18 2024-04-30 华南理工大学 Garment button attaching quality detection method, system and medium based on deep learning
CN117808694A (en) * 2023-12-28 2024-04-02 中国人民解放军总医院第六医学中心 Painless gastroscope image enhancement method and painless gastroscope image enhancement system under deep neural network
CN117808694B (en) * 2023-12-28 2024-05-24 中国人民解放军总医院第六医学中心 Painless gastroscope image enhancement method and painless gastroscope image enhancement system under deep neural network
CN117936011A (en) * 2024-03-19 2024-04-26 泰山学院 Intelligent medical service management system based on big data

Similar Documents

Publication Publication Date Title
CN111737743A (en) Deep learning differential privacy protection method
Wu et al. An adaptive federated learning scheme with differential privacy preserving
Lei et al. GCN-GAN: A non-linear temporal link prediction model for weighted dynamic networks
CN110334742B (en) Graph confrontation sample generation method based on reinforcement learning and used for document classification and adding false nodes
Prakash et al. IoT device friendly and communication-efficient federated learning via joint model pruning and quantization
CN109165735B (en) Method for generating sample picture based on generation of confrontation network and adaptive proportion
CN114841364B (en) Federal learning method for meeting personalized local differential privacy requirements
Kang et al. Privacy-preserving federated adversarial domain adaptation over feature groups for interpretability
Lam High‐dimensional covariance matrix estimation
CN113642715B (en) Differential privacy protection deep learning algorithm capable of adaptively distributing dynamic privacy budget
CN109949200B (en) Filter subset selection and CNN-based steganalysis framework construction method
Ma et al. RDP-GAN: A rényi-differential privacy based generative adversarial network
Unceta et al. Copying machine learning classifiers
He et al. Uniform-pac bounds for reinforcement learning with linear function approximation
CN117290721A (en) Digital twin modeling method, device, equipment and medium
Knežević et al. Neurosca: Evolving activation functions for side-channel analysis
US20210326757A1 (en) Federated Learning with Only Positive Labels
Zhang et al. Sequential outlier criterion for sparsification of online adaptive filtering
Wang et al. Logit calibration for non-iid and long-tailed data in federated learning
CN114282650A (en) Federal learning acceleration system and synchronous hidden and sparse convolution layer construction and learning method
Xin et al. A compound decision approach to covariance matrix estimation
CN113744175A (en) Image generation method and system for generating countermeasure network based on bidirectional constraint
Khorramshahi et al. Gans with variational entropy regularizers: Applications in mitigating the mode-collapse issue
Yang et al. Multi-distribution mixture generative adversarial networks for fitting diverse data sets
CN112488238A (en) Hybrid anomaly detection method based on countermeasure self-encoder

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination