一种基于差分隐私的可追踪深度学习分类器

A Traceable Deep Learning Classifier Based on Differential Privacy

随着深度学习在各个领域的广泛应用,数据收集和训练过程中产生的隐私泄露问题已成为阻碍人工智能进一步发展的原因之一.目前已有很多研究将深度学习与同态加密或者差分隐私等技术结合以实现对深度学习中的隐私保护.从另一个角度尝试解决这个问题,即在一定程度上保证训练数据集隐私性的基础上,实现对训练数据计算节点的可追踪性.提出了一种基于差分隐私的可追踪深度学习分类器,结合差分隐私和数字指纹技术,在为训练数据集提供隐私保护的同时保证在出现非法传播的训练模型或者数据集时,能根据其中的指纹信息定位到问题训练节点.该分类器既能保证安全判定分类功能,又能保证指纹的不可感知性、鲁棒性、可信度和可行性等基本特征.从后续的公式推导、理论分析和在真实数据的仿真结果表明,该方案能够满足深度学习中对隐私信息的安全可追踪性的需求.

With the application of deep learning in various fields,privacy leakage in data collection and training has become one of the reasons hindering the further development of artificial intelligence.At present,many studies have combined deep learning with homomorphic encryption or differential privacy technologies to achieve privacy protection in deep learning.This paper aims to solve the problem from another perspective,that is,to achieve traceability of computing nodes of training data on the basis of guaranteeing privacy of it to a certain extent.Therefore,this paper proposes a traceable deep learning classifier based on differential privacy.It combines differential privacy and digital fingerprint technologies to provide privacy protection for training data sets and ensure that the problem of training nodes can be located according to the fingerprint information in training models or data sets that are illegally transmitted.The classifier can ensure the function of safety decision classification and guarantee the imperceptibility,robustness,reliability and feasibility of fingerprint.The subsequent formulas derivation,theoretical analysis and simulation results on real data show that the solution can satisfy the need for safety and traceability of privacy information in deep learning.