基于差分隐私的面部图像安全传播方法研究  

作　　者：贺春禄 唐琪[2] He Chunlu;Tang Qi(National Science Library,Chinese Academy of Sciences,Beijing 100190,China;Hunan University,Changsha 410082,China)

机构地区：[1]中国科学院文献情报中心,北京100190 [2]湖南大学,湖南长沙410082

出　　处：《网络安全与数据治理》2025年第3期8-16,共9页CYBER SECURITY AND DATA GOVERNANCE

摘　　要：人脸数据蕴含丰富身份信息,其隐私泄露问题备受关注。传统差分隐私方法直接对像素或特征向量整体添加噪声,导致识别性能下降且缺乏可解释性。为此,提出一种新型差分隐私方法,将特征嵌入向量结合分类方法设计,创新性地将响应数据转换为径向半径与切向角度两种形式,更好适配分类中的角度与距离度量。在此基础上,构建了基于角度与半径的差分隐私噪声生成机制,并通过差分隐私组合定理定义隐私预算并进行数学证明。此外,设计了隐私图像生成方法,通过优化评价函数实现隐私性与可用性的平衡。实验结果基于三个公开数据集,表明所提方法在径向与切向方向的组合应用中表现优异,在相同隐私预算下显著提升了识别性能。该方法实现了隐私保护与分类可用性的兼顾,并在解释性与性能上展现出显著优势。Face data contains rich identity information,and its privacy leakage has attracted much attention.Traditional differential privacy methods directly add noise to pixels or feature vectors as a whole,resulting in decreased recognition performance and lack of interpretability.Therefore,this paper proposes a new differential privacy method,which combines the feature embedding vector with the classification method design,and innovatively converts the response data into two forms of radial radius and tangential angle,so as to better adapt the angle and distance measurement in classification.On this basis,a differential privacy noise generation mechanism based on angle and radius is constructed,and the privacy budget is defined and mathematically proved by the differential privacy combination theorem.In addition,this paper designs a privacy image generation method to achieve a balance between privacy and availability by optimizing the evaluation function.The experimental results based on three public datasets show that the proposed method performs well in the combined application of radial and tangential directions,and significantly improves the recognition performance under the same privacy budget.This method achieves both privacy protection and classification availability,and shows significant advantages in interpretability and performance.

关 键 词：差分隐私 人脸识别 特征嵌入 隐私保护 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]