Differential privacy protection method for deep learning based on WGAN feedback

doi:10.3969/j.issn.0253-2778.2020.08.004

Journal of University of Science and Technology of China ›› 2020, Vol. 50 ›› Issue (8): 1064-1071.DOI: 10.3969/j.issn.0253-2778.2020.08.004

• Original Paper • Previous Articles Next Articles

Differential privacy protection method for deep learning based on WGAN feedback

TAO Tao,2, BAI Jianshu, LIU Heng, HOU Shudong, ZHENG Xiao,2

Received:2020-06-05 Revised:2020-08-18 Accepted:2020-08-18 Online:2020-08-31 Published:2020-08-18
Contact: TAO Tao
About author:TAO Tao(corresponding author), male, born in 1977, PhD/Associate Professor.
Supported by:
Supported by the Key Research and Development Program Project of Anhui Province of China(201904d07020020), the Natural Science Foundation Project of Anhui Province of China(1908085MF212, 2008085MF190, 1808085QF210)， the Program for Synergy Innovation in the Anhui Higher Education Institutions of China(GXXT-2020-012).

Abstract

Abstract: Aiming at the problem that attackers may steal sensitive information of the deep learning training dataset by some technological means such as the Generative Adversarial Network(GAN), combining the differential privacy theory, the differential privacy protection method was proposed for deep learning based on the Wasserstein generative adversarial network(WGAN) feedback parameter tuning. This privacy protection method is realized by optimization of the stochastic gradient descent, gradient clipping of setting gradient threshold, and noise adding to the optimization process of deep learning; WGAN was used to generate optimized results similar to the original data. The difference of the generated results and the original data were used for feedback parameter tuning. The experiment result shows that this method can effectively protect sensitive private information of the dataset and has preferable data usability.

Key words: differential privacy protection, deep learning, Wasserstein generative adversarial network（WGAN）

CLC Number:

TP18

References

［1］ HINTON G E, OSINDERO S, TEH Y W. A fast learning algorithm for deep belief nets[J]. Neural Computation, 2006, 18(7):1527-1554.
[2] SWEENEY L. K-anonymity: A model for protecting privacy[J]. International Journal of Uncertainty: Fuzziness and Knowledge-Based Systems, 2002, 10(05):557-570.
[3] MACHANAVAJJHALA A, KIFER D, GEHRKE J. L-diversity: Privacy beyond k -anonymity[J]. Acm Transactions on Knowledge Discovery from Data, 2007, 1(1): 3.
[4] LI N, LI T, VENKATASUBRAMANIAN S. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity[C]//IEEE 23rd International Conference on Data Engineering. Piscataway: IEEE, 2007.
[5] DWORK C. Differential privacy[J]. Lecture Notes in Computer Science, 2006, 26(2):1-12.
[6] ABADI M, GOODFELLOW I, GOODFELLOW I, et al. Deep Learning with Differential Privacy[C]// ACM Sigsac Conference on Computer & Communications Security. 2016.
[7] PAPERNOT N, ABADI M, ERLINGSSON L, et al. Semi-supervised knowledge transfer for deep learning from private training data[C/OL]. (2017-03-03)[2020-05-05]. https://arxiv.org/pdf/1610.05755v4.
[8] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]// International Conference on Neural Information Processing Systems. 2014.
[9] RADFORD A, METZ L, CHINTALA S. Unsupervised representation learning with deep convolutional generative adversarial networks[J]. Computer Science, 2015.
[10] ULLOA A, BASILE A, WEHNER G J, et al. An unsupervised homogenization pipeline for clustering similar patients using electronic health record data [C/OL]. (2018-03-21)[2020-05-05]. https://arxiv.org/pdf/1801.00065.
[11] XIE L, LIN K, WANG S, et al. Differentially private generative adversarial network [C/OL]. (2018-02-19)[2020-05-05]. https://arxiv.org/pdf/1802.06739.
[12] HITAJ B, ATENIESE G, PEREZ-CRUZ F. Deep models under the GAN: Information leakage from collaborative deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: Association for Computing Machinery, 2017: 603-618.
[13] ARJOVSKY M, CHINTALA S, BOTTOU L. Wasserstein GAN[C/OL]. (2017-12-06)[2020-05-05]. https://arxiv.org/pdf/1701.07875.
[14] LECUN Y, CORTES C, BURGES C J. The MNIST database of handwritten digits[DB/OL].[2020-05-05]. http://yann.lecun.com/exdb/mnist/?o=3510.

()
()

[1]	DU Shuying, DU Peng, DING Shifei. A malicious domain name detection method based on CNN [J]. Journal of University of Science and Technology of China, 2020, 50(7): 1019-1025.
[2]	MENG Xuran, BI Xiuchun, ZHANG Shuguang. High frequency algorithm and its back-testing results based on GAN [J]. Journal of University of Science and Technology of China, 2020, 50(6): 801-810.
[3]	Gu Ruizhe, Wang Ping, Zheng Mengce, Hu Honggang, Yu Nenghai. Adversarial attack based countermeasures against deep learning side-channel attacks [J]. Journal of University of Science and Technology of China, 2020, 50(10): 1343-1358.
[4]	DU Zhaoxin, XIE Haining, SONG Jie, ZHOU Desheng, ZOU Xiaofeng, ZENG Ping. A trip fault identification method of distribution network based on image processing and deep learning [J]. Journal of University of Science and Technology of China, 2020, 50(1): 39-48.
[5]	YANG Ziwen, CHEN Lei, PU Jianyu. Recognizing emotions from abstract paintings using convolutional neural network with two-layer transfer learning scheme [J]. Journal of University of Science and Technology of China, 2019, 49(1): 40-48.
[6]	SUN Dachang, BI Xiuchung. High-frequency trading strategies based on deep learning algorithms and their profitability [J]. Journal of University of Science and Technology of China, 2018, 48(11): 923-932.
[7]	CHEN Dongjie, ZHANG Wensheng, YANG Yang. Detection and recognition of high-speed railway catenary locator based on Deep Learning [J]. Journal of University of Science and Technology of China, 2017, 47(4): 320-327.

Differential privacy protection method for deep learning based on WGAN feedback

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 7

Recommended Articles

Metrics

Comments