A Deep Differential Privacy Preservation Method Based on Generative Adversarial Networks

Abstract

The invention provides a deeply differential privacy protection method based on a generative adversarial network. The deeply differential privacy protection method is adopted to solve the problem that attackers use own coding and other methods for restoring training set data when a deep learning model is in use, and by adopting the deeply differential privacy protection method, the purpose of protecting users' privacy in a training dataset is achieved. The method includes the steps that according to the potential dataset scale of the input training dataset, a sensitivity degree and the maximum attacker attacking probability are queried to calculate an upper bound of privacy budgets; during deep network parameter optimizing calculation, a differential privacy thought is integrated, noise data is added, on the basis of the characteristic that differential privacy and Gaussian distribution can be combined, the privacy budget of each layer of a deep network is calculated, and during stochastic gradient descent calculation, Gaussian noise is added to make the overall privacy budget minimum; the generative adversarial network is adopted to generate optimal results which the attackers can get, by comparing attack results with initial data, feedback regulation is conducted on parameters of a deeply differential privacy model, and the balance between dataset availability and privacy protection degrees is achieved.

Description

technical field [0001] The invention relates to the fields of deep learning and privacy protection, in particular to a deep differential privacy protection method based on a generative confrontation network. Background technique [0002] In recent years, deep learning has achieved remarkable results in the fields of object detection and computer vision, natural language processing, speech recognition and semantic analysis, and has attracted more and more researchers' attention. Through the hierarchical processing of neural networks, deep learning combines low-level features to form more abstract high-level representation attribute categories or features to discover the distributed feature representation of data. Its model performance is closely related to the scale and quality of training data sets, while training Data sets usually contain more sensitive information. Training data sets are widely used in many fields, including face recognition in the security field, pornogra...

AI Technical Summary

Problems solved by technology

[0005] The technology of the present invention solves the problem: overcomes the deficiencies of the existing technology, and provides a deep differential privacy protection method based on a generative confrontation network, so as to use differential privacy technology to solve the problem of leaking user sensitive information during deep model training and application

[0006] The technical solution of the present invention: a deep differential privacy protection method based on generative confrontation network feedback, which is used to solve the problem that the attacker uses self-encoding and other methods to restore the training set data in the application of the deep learning model, and applies the deep differential privacy protection method Realize the privacy protection purpose of the training data set

Images