一种隐私保护的卷积神经网络预测方案  被引量：5

作　　者：任艳丽[1,2,3] 余凌赞 何港 张新鹏 郭筝[3] REN Yan-Li;YU Ling-Zan;HE Gang;ZHANG Xin-Peng;GUO Zheng(School of Communication and Information Engineering,Shanghai University,Shanghai 200444;Zhengzhou Xinda Institute of Advanced Technology,Zhengzhou 450000;ZhiXun Crypto Testing and Evaluation Technology Co.,Ltd.,Shanghai 201601)

机构地区：[1]上海大学通信与信息工程学院,上海200444 [2]郑州信大先进技术研究院,郑州450000 [3]智巡密码(上海)检测技术有限公司,上海201601

出　　处：《计算机学报》2023年第8期1606-1619,共14页Chinese Journal of Computers

基　　金：国家自然科学基金重点项目(U1936214);上海市自然科学基金(20ZR1419700,22ZR1481000);河南省网络空间态势感知重点实验室开放课题基金(IINTS2022011)资助。

摘　　要：机器学习在图像目标识别、语音识别和图像处理等领域有广泛的应用.卷积神经网络是机器学习领域中广为流行的架构,训练模型所需计算代价对资源受限的用户来说难以负担,因此越来越多的模型所有者将预测服务托管在云平台上以供用户按需使用.在现有方案中,云端处理数据时可能会泄露用户数据和模型参数,预测准确度不高,且用户与云服务器交互需要大量通信开销.本文提出隐私保护的卷积神经网络预测方案,服务器基于密文模型对用户提供的密文数据进行预测,同时保护用户的隐私数据以及模型参数.而且,用户在上传加密数据之后即可离线等待预测结果,在预测任务执行期间与服务器间无需交互.理论和实验表明,所提方案提高了CNN预测方案的安全性,降低了用户的通信代价,最高可达到93%的预测准确率,与明文数据预测准确率近似相等.Machine learning is a technique of universal data processing,and extensively used in image object recognition,speech recognition and image processing.Neural networks identify the relationships behind data by referring to the neuronal tissue in the brain,which can be better applied to the processing of complex data and the problems related to data prediction.Convolutional neural network(CNN)is a popular architecture in the field of machine learning,which is demonstrated excellent performance in medical image analysis,image and audio recognition and classification.However,the model structure of CNN gradually deepens in recent years,which relies on powerful physical hardware and large training data sets and the computational costs of training models are too high for limited users.Therefore,model owners gradually deploy prediction services on cloud platforms in order to meet the needs of users.At present,there are three methods which are widely used in the field of machine learning for privacy protection.One is secure multi-party computing,whose main idea is multi-party collaborative computing under the premise of privacy protection,but it requires multiple interactions of multiple participants,and the communication cost is high.The second one is the technology of differential privacy,whose main idea is to conduct distributed model training among multiple participants with local data,and add artificial noise to the parameters of the participants'local model for privacy protection,and finally aggregate them to get the global model.The third one is homomorphic encryption,but the computational complexity of operations on ciphertext is very high,and the encryption algorithm only has homomorphism for part of operations,so it cannot realize nonlinear functions in the model.Thus,user's private data and model parameters may be leaked during data processing,and the users need to interact with the cloud servers for many times,and the prediction accuracy is not high in the existing works.In this paper,we propose a privacy-prese

关 键 词：卷积神经网络 数据预测 隐私保护 同态加密 非交互性 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]