一种基于差分隐私的可追踪深度学习分类器  被引量：1

作　　者：胡韵[1,2] 刘嘉驹 李春国 Yun Hu;Jiaju Liu;Chunguo Li(College of Information Engineering,Xizang Minzu University,Xianyang,Shaanxi 712082;School of Information Science and Engineering,Southeast University,Nanjing,Jiangsu 210096)

机构地区：[1]西藏民族大学信息工程学院,咸阳市陕西省712082 [2]东南大学信息科学与工程学院,南京市210096

出　　处：《信息安全研究》2022年第3期277-291,共15页Journal of Information Security Research

基　　金：国家自然科学基金项目(62171119);国家重点研发计划项目(2020YFB1807201);西藏科技厅自然科学基金项目(XZ202101ZR0082G);江苏省重点研发计划项目(BE2021013-3)。

摘　　要：随着深度学习在各个领域的广泛应用,数据收集和训练过程中产生的隐私泄露问题已成为阻碍人工智能进一步发展的原因之一.目前已有很多研究将深度学习与同态加密或者差分隐私等技术结合以实现对深度学习中的隐私保护.从另一个角度尝试解决这个问题,即在一定程度上保证训练数据集隐私性的基础上,实现对训练数据计算节点的可追踪性.提出了一种基于差分隐私的可追踪深度学习分类器,结合差分隐私和数字指纹技术,在为训练数据集提供隐私保护的同时保证在出现非法传播的训练模型或者数据集时,能根据其中的指纹信息定位到问题训练节点.该分类器既能保证安全判定分类功能,又能保证指纹的不可感知性、鲁棒性、可信度和可行性等基本特征.从后续的公式推导、理论分析和在真实数据的仿真结果表明,该方案能够满足深度学习中对隐私信息的安全可追踪性的需求.With the application of deep learning in various fields,privacy leakage in data collection and training has become one of the reasons hindering the further development of artificial intelligence.At present,many studies have combined deep learning with homomorphic encryption or differential privacy technologies to achieve privacy protection in deep learning.This paper aims to solve the problem from another perspective,that is,to achieve traceability of computing nodes of training data on the basis of guaranteeing privacy of it to a certain extent.Therefore,this paper proposes a traceable deep learning classifier based on differential privacy.It combines differential privacy and digital fingerprint technologies to provide privacy protection for training data sets and ensure that the problem of training nodes can be located according to the fingerprint information in training models or data sets that are illegally transmitted.The classifier can ensure the function of safety decision classification and guarantee the imperceptibility,robustness,reliability and feasibility of fingerprint.The subsequent formulas derivation,theoretical analysis and simulation results on real data show that the solution can satisfy the need for safety and traceability of privacy information in deep learning.

关 键 词：深度学习 分类器 差分隐私 数字指纹 隐私保护 可追踪性 

分 类 号：TP183[自动化与计算机技术—控制理论与控制工程]