1.中国信息通信研究院移动应用创新与治理技术工业和信息化部重点实验室,北京 100191;2.北京邮电大学网络空间安全学院,北京 100876
1.Key Laboratory of Mobile Application Innovation and Governance Technology, Ministry of Industry and Information Technology, China Academy of Information and Communication Technology, Beijing 100191, China;2.School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
- 摘要 |
- 图/表 |
- 访问统计 |
- 参考文献 |
- 相似文献 |
- 引证文献 |
- 资源附件
针对数据挖掘模型中存在的隐私泄漏问题及现有隐私保护技术的不透明性,本文将差分隐私与图像生成模型生成对抗网络(Generative adversarial network, GAN)相结合,提出了一种更具普适性的支持图像数据差分隐私保护的生成对抗网络模型(Image differential privacy-GAN, IDP-GAN)。IDP-GAN通过差分隐私的拉普拉斯实现机制,将拉普拉斯噪声合理地分配到判别器的仿射变换层的输入特征以及输出层的损失函数的多项式近似系数中。在实现差分隐私保护的同时,有效地减少了训练过程中隐私预算的消耗。标准数据集MNIST和CelebA上的实验验证了IDP-GAN可以生成更高质量的图像数据,此外用成员推理攻击实验证明了IDP-GAN具有较好的抗攻击能力。
Aiming at the privacy leakage problem in the data mining model and the opacity of existing privacy protection technologies, a more universal image differential privacy-generative adversarial network (IDP-GAN) combining differential privacy with the image generation model—generative adversarial network (GAN) is proposed. IDP-GAN uses the Laplace implementation mechanism to reasonably allocate Laplace noise to the input features of the affine transformation layer and the polynomial approximation coefficients of the loss function of the output layer. While achieving differential privacy protection, IDP-GAN effectively reduces the consumption of privacy budget during training. Experiments on the standard data sets MNIST and CelebA verify that IDP-GAN can generate higher quality image data. In addition, membership inference attacks experiments prove that IDP-GAN has better ability to resist attacks.
引用本文
杨云鹿,周亚建,宁华.支持差分隐私的图像数据挖掘方法研究[J].数据采集与处理,2021,36(1):85-94
复制分享
文章指标
- 点击次数:
- 下载次数:
历史
- 收稿日期:2020-07-10
- 最后修改日期:2020-09-30
- 录用日期:
- 在线发布日期: 2021-01-25
