当前位置:
X-MOL 学术
›
IET Image Process.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
RRN: A differential private approach to preserve privacy in image classification
IET Image Processing ( IF 2.0 ) Pub Date : 2023-03-20 , DOI: 10.1049/ipr2.12784 Zhidong Shen 1, 2 , Ting Zhong 1 , Hui Sun 3 , Baiwen Qi 3
IET Image Processing ( IF 2.0 ) Pub Date : 2023-03-20 , DOI: 10.1049/ipr2.12784 Zhidong Shen 1, 2 , Ting Zhong 1 , Hui Sun 3 , Baiwen Qi 3
Affiliation
|
The wide application of image classification has given rise to many intelligent systems, such as face recognition systems, which makes our life more convenient. However, the ensuing privacy leakage problem has become increasingly serious. The training of a deep neural network requires lots of data, which may contain sensitive information of users and may be exploited by data collectors. A perturbation algorithm named RRN is proposed for image data based on local differential privacy, which provides a rigorous privacy guarantee. Existing solutions have low accuracy due to the high sensitivity of an image; the authors' method combines the Randomized Response mechanism with the Laplace mechanism to solve this problem. Experiments were conducted on the MNIST and CIFAR-10 datasets to show the effectiveness of the algorithm. Experimental results shows that the model is better than baseline models. The algorithm was also implemented on the commonly used model in deep learning, the VGG model, which can achieve 96.4% accuracy in the non-private version on the CIFAR-10 dataset. The accuracy of the differential private VGG model based on the RRN algorithm is 83% when , which is still excellent. The experimental results show that the RRN algorithm can both preserve privacy and data utility.
中文翻译:
RRN:一种在图像分类中保护隐私的差分隐私方法
图像分类的广泛应用催生了许多智能系统,例如人脸识别系统,使我们的生活更加方便。然而,随之而来的隐私泄露问题却日趋严重。深度神经网络的训练需要大量数据,这些数据可能包含用户的敏感信息,并可能被数据收集者利用。提出了一种基于局部差分隐私的图像数据扰动算法RRN,提供了严格的隐私保证。由于图像的高灵敏度,现有解决方案的准确性较低;作者的方法结合了随机响应机制和拉普拉斯机制来解决这个问题。在 MNIST 和 CIFAR-10 数据集上进行了实验,以证明算法的有效性。实验结果表明该模型优于基线模型。该算法也在深度学习中常用的模型VGG模型上实现,该模型在CIFAR-10数据集上的非私有版本可以达到96.4%的准确率。基于RRN算法的差分私有VGG模型准确率为83%, 这仍然是优秀的。实验结果表明,RRN算法既能保护隐私,又能保护数据效用。
更新日期:2023-03-20
中文翻译:
RRN:一种在图像分类中保护隐私的差分隐私方法
图像分类的广泛应用催生了许多智能系统,例如人脸识别系统,使我们的生活更加方便。然而,随之而来的隐私泄露问题却日趋严重。深度神经网络的训练需要大量数据,这些数据可能包含用户的敏感信息,并可能被数据收集者利用。提出了一种基于局部差分隐私的图像数据扰动算法RRN,提供了严格的隐私保证。由于图像的高灵敏度,现有解决方案的准确性较低;作者的方法结合了随机响应机制和拉普拉斯机制来解决这个问题。在 MNIST 和 CIFAR-10 数据集上进行了实验,以证明算法的有效性。实验结果表明该模型优于基线模型。该算法也在深度学习中常用的模型VGG模型上实现,该模型在CIFAR-10数据集上的非私有版本可以达到96.4%的准确率。基于RRN算法的差分私有VGG模型准确率为83%, 这仍然是优秀的。实验结果表明,RRN算法既能保护隐私,又能保护数据效用。
京公网安备 11010802027423号