摘要
针对攻击者利用生成式对抗网络技术(GAN)还原出训练集中的数据,泄露用户隐私信息的问题,提出了一种差分隐私保护梯度惩罚Wasserstein生成对抗网络(WGAN-GP)的方法。该方法在深度学习训练过程中对梯度添加精确计算后的高斯噪声,并使用梯度惩罚进行梯度修正,实现差分隐私保护。利用梯度惩罚Wasserstein生成对抗网络与原始数据相似的数据。实验结果表明,在保证数据可用性的前提下,该方法可以有效保护数据的隐私信息,且生成数据具有较好的质量。
In order to solve the problem of the attacker uses the generative adversarial network(GAN)technology to restore the data in the training process and leaks the user’s private information,this paper proposed a differential privacy protection for Wasserstein generative adversarial network with gradient penalty(WGAN-GP)method.This method added accurately calculated Gaussian noise to the gradient during the deep learning training process,and used gradient penalty to perform gradient correction to achieve differential privacy protection.It used WGAN-GP to generate data that similar to the original data.Experimental results show that under the premise of ensure the availability of the data,the method can effectively protect the privacy information of the data and generate data with better quality.
作者
于雅娜
李红娇
李晋国
Yu Yana;Li Hongjiao;Li Jinguo(College of Computer Science&Technology,Shanghai University of Electric Power,Shanghai 201306,China)
出处
《计算机应用研究》
CSCD
北大核心
2021年第9期2837-2841,共5页
Application Research of Computers
基金
国家自然科学基金资助项目(61403247,61702321)
上海市科委地方能力建设项目(15110500700)
上海市信息安全综合管理技术研究重点实验室开放课题(AGK2015005)。
