基于WGAN反馈的深度学习差分隐私保护方法

doi:10.3969/j.issn.0253-2778.2020.08.004

中国科学技术大学学报 ›› 2020, Vol. 50 ›› Issue (8): 1064-1071.DOI: 10.3969/j.issn.0253-2778.2020.08.004

基于WGAN反馈的深度学习差分隐私保护方法

陶陶，柏建树，刘恒，侯书东，郑啸

1.安徽工业大学计算机科学与技术学院,安徽马鞍山 243002；2.合肥综合性国家科学中心人工智能研究院，安徽合肥 230026

收稿日期:2020-06-05 修回日期:2020-08-18 接受日期:2020-08-18 出版日期:2020-08-31 发布日期:2020-08-18

Differential privacy protection method for deep learning based on WGAN feedback

TAO Tao,2, BAI Jianshu, LIU Heng, HOU Shudong, ZHENG Xiao,2

Received:2020-06-05 Revised:2020-08-18 Accepted:2020-08-18 Online:2020-08-31 Published:2020-08-18
Contact: TAO Tao
About author:TAO Tao(corresponding author), male, born in 1977, PhD/Associate Professor.
Supported by:
Supported by the Key Research and Development Program Project of Anhui Province of China(201904d07020020), the Natural Science Foundation Project of Anhui Province of China(1908085MF212, 2008085MF190, 1808085QF210)， the Program for Synergy Innovation in the Anhui Higher Education Institutions of China(GXXT-2020-012).

摘要/Abstract

摘要： 针对攻击者可能通过某些技术手段如生成式对抗网络（GAN）等窃取深度学习训练数据集中敏感信息的问题，结合差分隐私理论，提出经沃瑟斯坦生成式对抗网络（WGAN）反馈调参的深度学习差分隐私保护的方法.该方法使用随机梯度下降进行优化，设置梯度阈值进行梯度裁剪，对深度学习的优化过程添加噪声实施隐私保护；利用WGAN生成与原始数据相似的最优结果，对比生成结果与原始数据的差异进行反馈调参.实验结果表明，该方法可以有效保护数据集的敏感信息并且具有较好的数据可用性.

关键词: 差分隐私, 深度学习, 沃瑟斯坦生成式对抗网络（WGAN）

Abstract: Aiming at the problem that attackers may steal sensitive information of the deep learning training dataset by some technological means such as the Generative Adversarial Network(GAN), combining the differential privacy theory, the differential privacy protection method was proposed for deep learning based on the Wasserstein generative adversarial network(WGAN) feedback parameter tuning. This privacy protection method is realized by optimization of the stochastic gradient descent, gradient clipping of setting gradient threshold, and noise adding to the optimization process of deep learning; WGAN was used to generate optimized results similar to the original data. The difference of the generated results and the original data were used for feedback parameter tuning. The experiment result shows that this method can effectively protect sensitive private information of the dataset and has preferable data usability.

Key words: differential privacy protection, deep learning, Wasserstein generative adversarial network（WGAN）

中图分类号:

TP18

陶陶，柏建树，刘恒，侯书东，郑啸. 基于WGAN反馈的深度学习差分隐私保护方法[J]. 中国科学技术大学学报, 2020, 50(8): 1064-1071.

参考文献

［1］ HINTON G E, OSINDERO S, TEH Y W. A fast learning algorithm for deep belief nets[J]. Neural Computation, 2006, 18(7):1527-1554.
[2] SWEENEY L. K-anonymity: A model for protecting privacy[J]. International Journal of Uncertainty: Fuzziness and Knowledge-Based Systems, 2002, 10(05):557-570.
[3] MACHANAVAJJHALA A, KIFER D, GEHRKE J. L-diversity: Privacy beyond k -anonymity[J]. Acm Transactions on Knowledge Discovery from Data, 2007, 1(1): 3.
[4] LI N, LI T, VENKATASUBRAMANIAN S. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity[C]//IEEE 23rd International Conference on Data Engineering. Piscataway: IEEE, 2007.
[5] DWORK C. Differential privacy[J]. Lecture Notes in Computer Science, 2006, 26(2):1-12.
[6] ABADI M, GOODFELLOW I, GOODFELLOW I, et al. Deep Learning with Differential Privacy[C]// ACM Sigsac Conference on Computer & Communications Security. 2016.
[7] PAPERNOT N, ABADI M, ERLINGSSON L, et al. Semi-supervised knowledge transfer for deep learning from private training data[C/OL]. (2017-03-03)[2020-05-05]. https://arxiv.org/pdf/1610.05755v4.
[8] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]// International Conference on Neural Information Processing Systems. 2014.
[9] RADFORD A, METZ L, CHINTALA S. Unsupervised representation learning with deep convolutional generative adversarial networks[J]. Computer Science, 2015.
[10] ULLOA A, BASILE A, WEHNER G J, et al. An unsupervised homogenization pipeline for clustering similar patients using electronic health record data [C/OL]. (2018-03-21)[2020-05-05]. https://arxiv.org/pdf/1801.00065.
[11] XIE L, LIN K, WANG S, et al. Differentially private generative adversarial network [C/OL]. (2018-02-19)[2020-05-05]. https://arxiv.org/pdf/1802.06739.
[12] HITAJ B, ATENIESE G, PEREZ-CRUZ F. Deep models under the GAN: Information leakage from collaborative deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: Association for Computing Machinery, 2017: 603-618.
[13] ARJOVSKY M, CHINTALA S, BOTTOU L. Wasserstein GAN[C/OL]. (2017-12-06)[2020-05-05]. https://arxiv.org/pdf/1701.07875.
[14] LECUN Y, CORTES C, BURGES C J. The MNIST database of handwritten digits[DB/OL].[2020-05-05]. http://yann.lecun.com/exdb/mnist/?o=3510.

()
()

[1]	杜淑颖，杜鹏，丁世飞. 基于CNN的假冒域名识别方法研究[J]. 中国科学技术大学学报, 2020, 50(7): 1019-1025.
[2]	孟徐然，毕秀春，张曙光. 基于生成对抗网络的高频算法及其回测研究[J]. 中国科学技术大学学报, 2020, 50(6): 801-810.
[3]	谷睿哲, 汪平, 郑梦策, 胡红钢, 俞能海. 基于对抗攻击的侧信道防护方案[J]. 中国科学技术大学学报, 2020, 50(10): 1343-1358.
[4]	杜炤鑫, 谢海宁, 宋杰, 周德生, 邹晓峰, 陈冉, 曾平. 基于图像处理和深度学习的配网跳闸故障识别方法[J]. 中国科学技术大学学报, 2020, 50(1): 39-48.
[5]	杨子文，陈蕾，浦建宇. 基于两层迁移卷积神经网络的抽象图像情感识别[J]. 中国科学技术大学学报, 2019, 49(1): 40-48.
[6]	孙达昌，毕秀春. 基于深度学习算法的高频交易策略及其盈利能力[J]. 中国科学技术大学学报, 2018, 48(11): 923-932.
[7]	陈东杰，张文生，杨阳. 基于深度学习的高铁接触网定位器检测与识别[J]. 中国科学技术大学学报, 2017, 47(4): 320-327.

基于WGAN反馈的深度学习差分隐私保护方法

Differential privacy protection method for deep learning based on WGAN feedback

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 7

编辑推荐

Metrics

本文评价