基于DCGAN反馈的深度差分隐私保护方法

为了防止攻击者在深度学习模型应用过程中利用生成式对抗网络(generative adversarial networks,GAN)等技术还原出训练集中的数据,保护训练数据集中用户的敏感信息,提出一个基于深度卷积生成式对抗网络(deep convolutional generative adversarial networks,DCGAN)反馈的深度差分隐私保护方法.该方法在深度网络参数优化计算时结合差分隐私理论添加噪声数据,基于差分隐私与高斯分布可组合特点,计算深度网络每一层的隐私预算,在随机梯度下降(stochastic gradient descent,SGD)计算中添加高斯噪声使之总体隐私预算最小;利用DCGAN生成数据选取可能得到的最优结果,通过对比攻击结果和原始数据之间的差别调节深度差分隐私模型参数,实现训练数据集可用性与隐私保护度的平衡.实验结果表明,该方法针对训练数据集中的敏感信息具有较高的隐私保护能力.

Tickling Deep Differential Privacy Protection Method Based on DCGAN

To prevent attackers from using generative adversarial networks ( GAN) and other technologies in the application of deep learning model to restore the data in the training dataset, and to protect the sensitive information of users in the training dataset, a ticking deep differential privacy protection method was proposed based on DCGAN. The noise data was added the differential privacy theory when optimizing the in-depth network parameters in this method. Then the privacy budget of each layer of the deep network was calculated in a stochastic gradient descent ( SGD ) , which based on the combination of differential privacy and Gaussian distribution, Gaussian noise was added to minimize the total privacy budget in the stochastic gradient descent calculation. And then the optimal result that the attacker may obtain was generated by using DCGAN. Finally, in order to achieve balance between data availability and privacy protection, the difference among the attack result and the original data was used to adjust the deep differential privacy model. The results show that this method has high privacy protection ability for sensitive information in training dataset.