自适应差分隐私的高效深度学习方案

doi:10.19665/j.issn1001-2400.2023.04.006

Abstract

Abstract:

While deep learning has achieved a great success in many fields,it has also gradually exposed a series of serious privacy security issues.As a lightweight privacy protection technology,differential privacy makes the output insensitive to any data in the dataset by adding noise to the model,which is more suitable for the privacy protection of individual users in reality.Aiming at the problems of the dependence of iterations on the privacy budget,low data availability and slow model convergence in most existing differential private deep learning schemes,an efficient deep learning scheme based on adaptive differential privacy is proposed.First,an adaptive differential privacy mechanism is designed based on the Shapley additive explanation model.By adding noise to the sample features,the number of iterations is independent of the privacy budget,and then the loss function is perturbed by the function mechanism,thus achieving the dual protection of original samples and labels while enhancing the utility of data.Second,the adaptive moment estimation algorithm is used to adjust the learning rate to accelerate the model convergence.Additionally,zero-centralized difference privacy is introduced as a statistical mechanism of privacy loss,which reduces the risk of privacy leakage caused by the privacy loss exceeding the privacy budget.Finally,a theoretical analysis of privacy is made,with the effectiveness of the proposed scheme verified by comparative experiments on the MNIST and Fashion-MNIST datasets.

Key words: deep learning, differential privacy, self-adaptation, privacy loss, model convergence

CLC Number:

TP309

WANG Yuhua,GAO Sheng,ZHU Jianming,HUANG Chen. Efficient deep learning scheme with adaptive differential privacy[J].Journal of Xidian University, 2023, 50(4): 54-64.

Figures/Tables 5

References 25

[1]	SONG M K, WANG Z B, ZHANG Z F, et al. Analyzing User-Level Privacy Attack Against Federated Learning[J]. IEEE Journal on Selected Areas in Communications, 2020, 38(10):2430-2444. doi: 10.1109/JSAC.49
[2]	SHOKRI R, STRONATI M, SONG C, et al. Membership Inference Attacks Against Machine Learning Models[C]// 2017 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2017:3-18.
[3]	SALEM A, ZHANG Y, HUMBERT M, et al. ML-Leaks:Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models[C]// The 26th Annual Network and Distributed System Security Symposium.California:NDSS, 2019:24-27.
[4]	YU L, LIU L, PU C, et al. Differentially Private Model Publishing for Deep Learning[C]// 2019 IEEE Symposium on Security and Privacy (SP).Piscataway:IEEE, 2019:332-349.
[5]	康海燕, 冀源蕊. 基于本地化差分隐私的联邦学习方法研究[J]. 通信学报, 2022, 43(10):94-105. doi: 10.11959/j.issn.1000-436x.2022189
	KANG Haiyan, JI Yuanrui. Research on Federated Learning Approach Based on Local Differential Privacy[J]. Journal on Communications, 2022, 43(10):94-105. doi: 10.11959/j.issn.1000-436x.2022189
[6]	PODSCHWADT R, TAKABI D, HU P, et al. A Survey of Deep Learning Architectures for Privacy-Preserving Machine Learning with Fully Homomorphic Encryption[J]. IEEE Access, 2022, 10:117477-117500. doi: 10.1109/ACCESS.2022.3219049
[7]	CHEN J, LI K, YU P. Privacy-Preserving Deep Learning Model for Decentralized VANETs Using Fully Homomorphic Encryption and Blockchain[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(8):11633-11642. doi: 10.1109/TITS.2021.3105682
[8]	RESENDE A, RAILSBACK D, DOWSLEY R, et al. Fast Privacy-Preserving Text Classification Based on Secure Multiparty Computation[J]. IEEE Transactions on Information Forensics and Security, 2022, 17:428-442. doi: 10.1109/TIFS.2022.3144007
[9]	FENG Q, HE D, SHEN J, et al. PPNNT:Multi-Party Privacy-Preserving Neural Network Training System[J]. IEEE Transactions on Artificial Intelligence, 2023 (Early Access):1-14.
[10]	DWORK C. Differential Privacy[C]// The 33rd International Conference on Automata,Languages and Programming - Volume Part II,ICALP’06.Berlin:Springer, 2006:1-12.
[11]	徐花, 田有亮. 差分隐私下的权重社交网络隐私保护[J]. 西安电子科技大学学报, 2022, 49(1):17-25.
	XU Hua, TIAN Youliang. Protection of Privacy of the Weighted Social Network under Differential Privacy[J]. Journal of Xidian University, 2022, 49(1):17-25.
[12]	晏燕, 董卓越, 徐飞, 等. 一种Hilbert编码的本地化位置隐私保护方法[J]. 西安电子科技大学学报, 2023, 50(2):147-160.
	YAN Yan, DONG Zhuoyue, XU Fei, et al. Localized Location Privacy Protection Method Using the Hilbert Encoding[J]. Journal of Xidian University, 2023, 50(2):147-160.
[13]	HU Y, TAN Z, LI X, et al. Adaptive Clipping Bound of Deep Learning with Differential Privacy[C]// 2021 IEEE International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom).Piscataway:IEEE, 2021:428-435.
[14]	FU J, CHEN Z, HAN X. Adap DP-FL:Differentially Private Federated Learning with Adaptive Noise[C]// 2022 IEEE International Conference on Trust,Security and Privacy in Computing and Communications (TrustCom).Piscataway:IEEE, 2022:656-663.
[15]	WANG F, XIE M, TAN Z, et al. Preserving Differential Privacy in Deep Learning Based on Feature Relevance Region Segmentation[J]. IEEE Transactions on Emerging Topics in Computing, 2023 (Early Access):1-11.
[16]	ABADI M, CHU A, GOODFELLOW I, et al. Deep Learning with Differential Privacy[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16). New York: ACM, 2016:308-318.
[17]	ZHANG X, DIING J, WU M, et al. Adaptive Privacy Preserving Deep Learning Algorithms for Medical Data[C]// 2021 IEEE Winter Conference on Applications of Computer Vision (WACV).Piscataway:IEEE, 2021:1168-1177
[18]	PHAN N, WU X, HU H. Adaptive Laplace Mechanism:Differential Privacy Preservation in Deep Learning[C]// 2017 IEEE International Conference on Data Mining (ICDM).Piscataway:IEEE, 2017:385-394.
[19]	ZHANG Y, BAI S. An Improved LRP-Based Differential Privacy Preserving Deep Learning Framework[C]// 2021 17th International Conference on Computational Intelligence and Security (CIS).Piscataway:IEEE, 2021:484-488.
[20]	LIU X, LI H, XU G, et al. Adaptive Privacy-Preserving Federated Learning[J]. Peer-to-Peer Networking and Applications, 2020, 13:2356-2366. doi: 10.1007/s12083-019-00869-2
[21]	BUN M, STEINKE T. Concentrated Differential Privacy:Simplifications,Extensions,and Lower Bounds[C]// Theory of Cryptography Conference.Berlin:Springer, 2016:635-658.
[22]	LI C, LOU J, LIU S, et al. Shapley Explainer-An Interpretation Method for GNNs Used in SDN[C]// GLOBECOM 2022-2022 IEEE Global Communications Conference.Piscataway:IEEE, 2022:5534-5540.
[23]	纪守领, 杜天宇, 李进锋, 等. 机器学习模型安全与隐私研究综述[J]. 软件学报, 2021, 32(1):41-67.
	JI Shouling, DU Tianyu, LI Jinfeng, et al. Research on Security and Privacy of Machine Learning Models[J]. Journal of Software, 2021, 32(1):41-67.
[24]	ZHANG J, ZHANG Z, XIAO X, et al. Functional Mechanism:Regression Analysis under Differential Privacy[J]. Proceedings of the VLDB Endowment, 2012, 5(11):1364-1375. doi: 10.14778/2350229.2350253
[25]	KUMAR G, PRIYA G, DILEEP M, et al. Image Deconvolution Using Deep Learning-Based Adam Optimizer[C]// 2022 6th International Conference on Electronics,Communication and Aerospace Technology.Piscataway:IEEE, 2022:901-904.

Efficient deep learning scheme with adaptive differential privacy

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 5

References 25

Related Articles 15

Metrics

Comments

Recommended 10

[1]	LI Haiyang,GUO Jingjing,LIU Jiuzun,LIU Zhiquan. Privacy preserving byzantine robust federated learning algorithm [J]. Journal of Xidian University, 2023, 50(4): 121-131.
[2]	WANG Fangwei,XIE Meiyun,LI Qingru,WANG Changguang. Differentially private federated learning framework with adaptive clipping [J]. Journal of Xidian University, 2023, 50(4): 111-120.
[3]	FAN Wentong,LI Zhenyu,ZHANG Tao,LUO Xiangyang. JPEG image steganalysis based on deep extraction of stego noise [J]. Journal of Xidian University, 2023, 50(4): 157-169.
[4]	WANG Juan,LIU Zishan,WU Minghu,CHEN Guanhai,GUO Liquan. Multi-scale object detection algorithm combined with super-resolution reconstruction technology [J]. Journal of Xidian University, 2023, 50(3): 122-131.
[5]	XIE Wen,HUA Wenqiang,JIAO Licheng,WANG Ruonan. Review on polarimetric SAR terrain classification methods using deep learning [J]. Journal of Xidian University, 2023, 50(3): 151-170.
[6]	ZHOU Shuo,ZHOU Yiqing,ZHANG Chong,XING Wang. ResNet enabled joint channel estimation and signal detection for OTFS [J]. Journal of Xidian University, 2023, 50(3): 19-30.
[7]	YAN Yan,DONG Zhuoyue,XU Fei,FENG Tao. Localized location privacy protection method using the Hilbert encoding [J]. Journal of Xidian University, 2023, 50(2): 147-160.
[8]	WANG Keyan,CHENG Jicong,HUANG Shirui,CAI Kunlun,WANG Weiran,LI Yunsong. Low-light image dehazing network with aggregated context-aware attention [J]. Journal of Xidian University, 2023, 50(2): 23-32.
[9]	ZHANG Qiang, YANG Xinpeng, ZHAO Shixiang, WEI Dongdong, HAN Zhen. Vehicle-target detection network for SAR images based on the attention mechanism [J]. Journal of Xidian University, 2023, 50(1): 36-47.
[10]	LIU Xiaowen, GUO Jichang, ZHENG Sida. Weakly-supervised salient object detection with the multi-scale progressive network [J]. Journal of Xidian University, 2023, 50(1): 48-57.
[11]	LIU Bochong, CAI Huaiyu, YANG Shiyuan, LI Haotian, WANG Yi, CHEN Xiaodong. Lightweight semantic segmentation network for autonomous driving scenarios [J]. Journal of Xidian University, 2023, 50(1): 118-128.
[12]	ZHANG Zehuan, LIU Qiang, GUO Difei. High efficient framework for large-scale zero-shot image recognition [J]. Journal of Xidian University, 2022, 49(6): 103-110.
[13]	LI Jiaojiao, LIU Zhiqiang, SONG Rui, LI Yunsong. Algorithm for segmentation of remote sensing imagery using the improved Unet [J]. Journal of Xidian University, 2022, 49(6): 67-75.
[14]	ZHANG Zhaoyu,TIAN Chunna,ZHOU Heng,TIAN Xilan. Online classification jointed RGBT tracking based on the dual attention Siamese network [J]. Journal of Xidian University, 2022, 49(6): 76-85.
[15]	QI Peihan,LI Bing,XIE Aiping,GAO Xianglan. Deep learning reconstruction algorithm for incomplete samples of frequency hopping communication signals [J]. Journal of Xidian University, 2022, 49(4): 1-7.