WGAN-GP privacy protection system and method based on improved PATE

A privacy protection system and privacy protection technology, applied in the field of models with comprehensive performance improvement, can solve problems such as unpredictable model impact, model failure to converge, and privacy budget exhaustion, reducing query costs, improving accuracy, and improving consensus. degree of effect

Pending Publication Date: 2021-10-26
TIANJIN UNIV
View PDF3 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the generative confrontation network trained by this method needs to add an appropriate amount of precisely calculated noise in each round of gradient clipping, so a large amount of noise will still be introduced
Because of this, training methods based on noisySGD usually face the problem that the privacy budget is exhausted and the model cannot converge
At the same time, the noise introduced during gradient clipping is sampled from a random distribution, so the impact on the training optimization of the model is unpredictable, and the training of the model may have an effect in the opposite direction.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WGAN-GP privacy protection system and method based on improved PATE
  • WGAN-GP privacy protection system and method based on improved PATE
  • WGAN-GP privacy protection system and method based on improved PATE

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0083] 本发明最终的实现形式是一个基于差分隐私的生成式对抗网络数据隐私保护模型。 利用该模型能对包含敏感信息的训练数据进行差分隐私保护,通过WGAN-GP框架的生成器生成极为逼真的生成样本,为机器学习模型提供不包含真实隐私的训练数据集。 The specific embodiment of the present invention is as follows:

[0084] 通过k折交叉验证法(本发明中k取10)对教师分类模型进行优选。选出具有较好分类效果的n个(m*t=n,t为类别数,m为每个类别块的模型数)分类模型后,将训练数据集划分为n个等大小且不重叠的子数据集,依次分别独立训练每一个优化的教师分类器,组成j个分类块(教研室)。生成器首先从高斯分布中随机采样噪声合成生成样本,每一个分类块下的优化的教师分类器对生成样本做分类预测,将教研室内的优化的教师分类器输出的投票结果聚合,一个分类块输出一个投票结果,通过有条件的差分隐私聚合器对结果进行噪声添加和共识度检查。当通过检查时,对j个分类块的结果噪声聚合后输出一个最终的分类标签,学生判别器通过学习优化的教师分类器集群输出的标签和生成器生成的样本,进行训练,并反向传播优化生成器。当共识度检查未通过时,则放弃输出优化的教师分类器集群对该生成样本的分类结果。如此循环训练,通过对抗博弈的方式优化生成器和学生判别器。当隐私预算用尽或模型训练完成时,可产生不包含任何真实敏感信息的生成样本集。

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of AI security, relates to comprehensive application of privacy learning, ensemble learning and knowledge migration, and provides a method which is stable in model training, good in generation effect and strict in privacy guarantee. Therefore, the technical scheme adopted by the invention is as follows: according to the improved PATE-based WGAN-GP privacy protection method, differential privacy protection is carried out based on a designed consensus degree check condition and Gaussian distribution sampling noise, so that an aggregation mechanism is optimized; a conditional differential privacy aggregator is designed in the integration process by utilizing the relation that the consensus degree of a teacher discriminator is inversely proportional to the privacy cost and the consensus degree of the teacher discriminator is directly proportional to the accuracy, and synthetic data for other machine learning models to train is generated on the basis of protecting original sensitive training data by optimizing a teacher classifier cluster. The method and the device are mainly applied to privacy data security protection occasions.

Description

technical field [0001] The invention belongs to the field of AI security, relates to the comprehensive application of privacy learning, integrated learning and knowledge transfer, and designs a model for comprehensive performance improvement by weighing privacy and accuracy. Realize the privacy protection of training data, generate synthetic data that no longer contains real private information and are realistic enough for the training of machine learning models, defend against model stealing attacks, and ensure the security of machine learning models. It is specifically related to the WGAN-GP privacy protection method based on the improved PATE. Background technique [0002] With the advent of the information sharing era, information publishing and data mining technologies emerge in an endless stream, and a large amount of privacy value, including potential and valuable knowledge, has been mined. The risk of privacy breaches inevitably increases rapidly at an extremely hig...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/62G06K9/62G06N3/04G06N3/08G06N20/00
CPCG06F21/6245G06N20/00G06N3/08G06N3/045G06F18/2132G06F18/2415
Inventor 杨张妍许光全冯美琪韩正博聂鹏丽
Owner TIANJIN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap