基于迁移学习的敏感数据隐私保护方法  被引量：5

作　　者：付玉香 秦永彬[1,2] 申国伟 Fu Yuxiang;Qin Yongbin;Shen Guowei(College of Computer Science and Technology,Guizhou University,Guiyang,550025,China;Guizhou Provincial Key Laboratoryof Public Big Data,Guizhou University,Guiyang,550025,China)

机构地区：[1]贵州大学计算机科学与技术学院,贵阳550025 [2]贵州大学贵州省公共大数据重点实验室,贵阳550025

出　　处：《数据采集与处理》2019年第3期422-431,共10页Journal of Data Acquisition and Processing

基　　金：国家自然科学基金重大研究计划(91746116)资助项目;贵州省重大应用基础研究(黔科合JZ字[2014]2001)资助项目;贵州省科技重大专项计划(黔科合重大专项字[2017]3002)资助项目

摘　　要：机器学习涉及一些隐含的敏感数据,当受到模型查询或模型检验等模型攻击时,可能会泄露用户隐私信息。针对上述问题,本文提出一种敏感数据隐私保护“师徒”模型PATE-T,为机器学习模型的训练数据提供强健的隐私保证。该方法以“黑盒”方式组合了由不相交敏感数据集训练得到的多个“师父”模型,这些模型直接依赖于敏感训练数据。“徒弟”由“师父”集合迁移学习得到,不能直接访问“师父”或基础参数,“徒弟”所在数据域与敏感训练数据域不同但相关。在差分隐私方面,攻击者可以查询“徒弟”,也可以检查其内部工作,但无法获取训练数据的隐私信息。实验表明,在数据集MNIST和SVHN上,本文提出的隐私保护模型达到了隐私/实用准确性的权衡,性能优越。Machine learning involves some implicit sensitive data that may reveal user’s privacy information when attacked by model attacks such as model queries or model tests.In view of the above problems,this paper proposes a sensitivity data privacy protection Mentoring model PATE‐T,which provides a strong privacy guarantee for the training data for machine learning.The method combines multiple Master models trained by disjoint sensitive data sets in a black box manner,relying directly on sensitive training data.Disciple is transfer learning by Master’s collection and cannot directly access Master or basic parameters.Disciple’s data field is different but related to the sensitive training data field.In terms of differential privacy,an attacker can query the Disciple and check its internal work,but it cannot obtain the private information of the training data.Experiments show that the privacy protection model proposed in this paper has reached the balance of privacy/practical accuracy on the MNIST data set and SVHN data set,and the results are superior.

关 键 词：差分隐私 迁移学习 模型攻击 敏感数据 隐私保护 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]