Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Thanh Chi Phan,Hung Chi Tran

DOI: https://doi.org/10.59461/ijdiic.v2i4.90

2023-12-19

Abstract:As artificial intelligence becomes more and more prevalent, machine learning algorithms are being used in a wider range of domains. Big data and processing power, which are typically gathered via crowdsourcing and acquired online, are essential for the effectiveness of machine learning. Sensitive and private data, such as ID numbers, personal mobile phone numbers, and medical records, are frequently included in the data acquired for machine learning training. A significant issue is how to effectively and cheaply protect sensitive private data. With this type of issue in mind, this article first discusses the privacy dilemma in machine learning and how it might be exploited before summarizing the features and techniques for protecting privacy in machine learning algorithms. Next, the combination of a network of convolutional neural networks and a different secure privacy approach is suggested to improve the accuracy of classification of the various algorithms that employ noise to safeguard privacy. This approach can acquire each layer's privacy budget of a neural network and completely incorporates the properties of Gaussian distribution and difference. Lastly, the Gaussian noise scale is set, and the sensitive information in the data is preserved by using the gradient value of a stochastic gradient descent technique. The experimental results showed that a balance of better accuracy of 99.05% between the accessibility and privacy protection of the training data set could be achieved by modifying the depth differential privacy model's parameters depending on variations in private information in the data.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Bo Ma,W. Yan,E. Lai,Jingsong Wu

DOI: https://doi.org/10.1007/978-3-030-72073-5_1

2021-01-01

Abstract:Centralised machine learning brings in side effect pertaining to privacy preservation, most of machine learning methods prone to using the frameworks without privacy protection, as current methods for privacy preservation will slow down model training and testing. In order to resolve this problem, we develop a new noise generating method based on information entropy by using differential privacy for betterment the privacy protection which owns the architecture of federated machine learning. Our experiments unveil that this solution effectively preserves privacy in the vein of centralized federated learning. The gained accuracy is promising which has a room to be uplifted.

Jiliang Zhang,Chen Li,Jing Ye,Gang Qu

DOI: https://doi.org/10.1145/3386263.3407599

2020-01-01

Abstract:With the improvement of computing power and storage level, Machine Learning (ML), especially Deep Learning (DL), has shown its capabilities beyond humans in areas such as image recognition, speech processing, and content recommendation. However, the data collected to build ML models often contains sensitive information, and models may have high commercial value. Compared with the security problem of model prediction errors caused by malicious external influences, privacy threats have not attracted widespread attention, and they have characteristics that are difficult to define and detect. This article reviews recent research progress on ML privacy. First, the privacy threats on data and models in different scenarios are described in detail. Then, typical privacy protection methods are introduced. Finally, the limitations and future development trends of ML privacy research are discussed.

Le Yang,Miao Tian,Duan Xin,Qishuo Cheng,Jiajian Zheng

2024-02-27

Abstract:The development of artificial intelligence has significantly transformed people's lives. However, it has also posed a significant threat to privacy and security, with numerous instances of personal information being exposed online and reports of criminal attacks and theft. Consequently, the need to achieve intelligent protection of personal information through machine learning algorithms has become a paramount concern. Artificial intelligence leverages advanced algorithms and technologies to effectively encrypt and anonymize personal data, enabling valuable data analysis and utilization while safeguarding privacy. This paper focuses on personal data privacy protection and the promotion of anonymity as its core research objectives. It achieves personal data privacy protection and detection through the use of machine learning's differential privacy protection algorithm. The paper also addresses existing challenges in machine learning related to privacy and personal data protection, offers improvement suggestions, and analyzes factors impacting datasets to enable timely personal data privacy detection and protection.

Cryptography and Security,Artificial Intelligence,Machine Learning

Andy Wang,Chen Wang,Meng Bi,Jian Xu

DOI: https://doi.org/10.1007/978-3-030-00015-8_58

2018-01-01

Abstract:Machine Learning (ML) Classification has already become one of the most commonly used techniques in many areas such as banking, medicine, spam detection and data mining applications. Often, the training of models require massive data which may contain sensitive information and the classification phase may expose the train models and the inputs from the users. Neither the models nor the train datasets and inputs should expose private information. Addressing this goal, several schemes have been proposed for privacy preserving classification. In this paper, we review those privacy preserving techiniques which applied for different machine learning classification algorithms. These algorithms conclude k-NN, SVM, Bayesian, neural networks, decision tree and etc. we sum up the comparison protocols. Finally, this work comes up with some correlative problems which are worthy to study in the future.

Zhiqi Bu,Jinshuo Dong,Qi Long,Weijie J. Su

DOI: https://doi.org/10.48550/arXiv.1911.11607

2020-07-23

Abstract:Deep learning models are often trained on datasets that contain sensitive information such as individuals' shopping transactions, personal contacts, and medical records. An increasingly important line of work therefore has sought to train neural networks subject to privacy constraints that are specified by differential privacy or its divergence-based relaxations. These privacy definitions, however, have weaknesses in handling certain important primitives (composition and subsampling), thereby giving loose or complicated privacy analyses of training neural networks. In this paper, we consider a recently proposed privacy definition termed \textit{$f$-differential privacy} [18] for a refined privacy analysis of training neural networks. Leveraging the appealing properties of $f$-differential privacy in handling composition and subsampling, this paper derives analytically tractable expressions for the privacy guarantees of both stochastic gradient descent and Adam used in training deep neural networks, without the need of developing sophisticated techniques as [3] did. Our results demonstrate that the $f$-differential privacy framework allows for a new privacy analysis that improves on the prior analysis~[3], which in turn suggests tuning certain parameters of neural networks for a better prediction accuracy without violating the privacy budget. These theoretically derived improvements are confirmed by our experiments in a range of tasks in image classification, text classification, and recommender systems. Python code to calculate the privacy cost for these experiments is publicly available in the \texttt{TensorFlow Privacy} library.

Machine Learning,Cryptography and Security

Mengmeng Yang,Ming Ding,Youyang Qu,Wei Ni,David Smith,Thierry Rakotoarivelo

2024-04-15

Abstract:The worldwide adoption of machine learning (ML) and deep learning models, particularly in critical sectors, such as healthcare and finance, presents substantial challenges in maintaining individual privacy and fairness. These two elements are vital to a trustworthy environment for learning systems. While numerous studies have concentrated on protecting individual privacy through differential privacy (DP) mechanisms, emerging research indicates that differential privacy in machine learning models can unequally impact separate demographic subgroups regarding prediction accuracy. This leads to a fairness concern, and manifests as biased performance. Although the prevailing view is that enhancing privacy intensifies fairness disparities, a smaller, yet significant, subset of research suggests the opposite view. In this article, with extensive evaluation results, we demonstrate that the impact of differential privacy on fairness is not monotonous. Instead, we observe that the accuracy disparity initially grows as more DP noise (enhanced privacy) is added to the ML process, but subsequently diminishes at higher privacy levels with even more noise. Moreover, implementing gradient clipping in the differentially private stochastic gradient descent ML method can mitigate the negative impact of DP noise on fairness. This mitigation is achieved by moderating the disparity growth through a lower clipping threshold.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computers and Society

Luning Pang

DOI: https://doi.org/10.1155/2022/7882294

2022-01-25

Abstract:To solve the problem that privacy data are easy to leak in the application of face recognition technology in apps, a method which is based on differential privacy for privacy security protection is proposed. Firstly, Bayesian GAN is conducted to obtain the training data with the same distribution as the privacy data, and the algorithm of differential privacy is conducted to train the training data to obtain these labels with privacy protection. Then, based on the proposed lightface lightweight face recognition model, the tag with noise is generated, and the gradient descent is conducted on the recovered face feature vector from the attack. Finally, through the analysis of privacy loss, an accurate privacy protection boundary is provided. From the results of experiments, it could be known that the proposed privacy security protection method can effectively protect the parameter information of the face recognition model under the face recognition technology and reduce the recognition accuracy of the image recovered by the attacker. Compared with the privacy protection methods such as DPSGD and PATE, it has strong privacy protection ability and can be applied to the privacy protection of practical APP.

Martin Abadi,Andy Chu,Ian Goodfellow,H. Brendan McMahan,Ilya Mironov,Kunal Talwar,Li Zhang

DOI: https://doi.org/10.1145/2976749.2978318

2016-10-24

Abstract:Machine learning techniques based on neural networks are achieving remarkable results in a wide variety of domains. Often, the training of models requires large, representative datasets, which may be crowdsourced and contain sensitive information. The models should not expose private information in these datasets. Addressing this goal, we develop new algorithmic techniques for learning and a refined analysis of privacy costs within the framework of differential privacy. Our implementation and experiments demonstrate that we can train deep neural networks with non-convex objectives, under a modest privacy budget, and at a manageable cost in software complexity, training efficiency, and model quality.

Xianfu Cheng,Yanqing Yao,Ao Liu

DOI: https://doi.org/10.1007/978-3-030-62223-7_29

2020-01-01

Abstract:Deep learning techniques based on neural network have made significant achievements in various fields of Artificial Intelligence. However, model training requires large-scale datasets, these datasets are crowd-sourced and model parameters will contain the encoding of private information, resulting in the risk of privacy leakage. With the trend towards sharing pre-trained models, the risk of stealing training datasets through member inference attack and model inversion attack is further heightened. To tackle this problem, we propose an improved Differential Privacy Stochastic Gradient Descent algorithm, using simulated annealing algorithm and denoising mechanism to optimize the allocation method of privacy loss and improve model accuracy. We also analyze privacy cost under random shuffle data batch processing methods in detail within the framework of Subsampled Rényi Differential Privacy. Compared with existing methods, our experiments show that we can train deep neural networks with non-convex objective function more efficiently with moderate privacy budgets.

Bo Liu,Ming Ding,Sina Shaham,Wenny Rahayu,Farhad Farokhi,Zihuai Lin

DOI: https://doi.org/10.48550/arXiv.2011.11819

IF: 5.414

2020-11-24

Machine Learning

Abstract:The newly emerged machine learning (e.g. deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning (ML) is still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This paper surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

Shaobo Liu,Guiran Liu,Binrong Zhu,Yuanshuai Luo,Linxiao Wu,Rui Wang

2024-10-11

Abstract:This research addresses privacy protection in Natural Language Processing (NLP) by introducing a novel algorithm based on differential privacy, aimed at safeguarding user data in common applications such as chatbots, sentiment analysis, and machine translation. With the widespread application of NLP technology, the security and privacy protection of user data have become important issues that need to be solved urgently. This paper proposes a new privacy protection algorithm designed to effectively prevent the leakage of user sensitive information. By introducing a differential privacy mechanism, our model ensures the accuracy and reliability of data analysis results while adding random noise. This method not only reduces the risk caused by data leakage but also achieves effective processing of data while protecting user privacy. Compared to traditional privacy methods like data anonymization and homomorphic encryption, our approach offers significant advantages in terms of computational efficiency and scalability while maintaining high accuracy in data analysis. The proposed algorithm's efficacy is demonstrated through performance metrics such as accuracy (0.89), precision (0.85), and recall (0.88), outperforming other methods in balancing privacy and utility. As privacy protection regulations become increasingly stringent, enterprises and developers must take effective measures to deal with privacy risks. Our research provides an important reference for the application of privacy protection technology in the field of NLP, emphasizing the need to achieve a balance between technological innovation and user privacy. In the future, with the continuous advancement of technology, privacy protection will become a core element of data-driven applications and promote the healthy development of the entire industry.

Cryptography and Security,Artificial Intelligence,Computation and Language

Linlin Chen,Taeho Jung,Haohua Du,Jianwei Qian,Jiahui Hou,Xiang-Yang Li

DOI: https://doi.org/10.1109/SAHCN.2018.8397100

2018-01-01

Abstract:Deep Learning has shown promising performance in a variety of pattern recognition tasks owning to large quantities of training data and complex structures of neural networks. However conventional deep neural network (DNN) training involves centrally collecting and storing the training data, and then centrally training the neural network, which raises much privacy concerns for the data producers. In this paper, we study how to enable deep learning without disclosing individual data to the DNN trainer. We analyze the risks in conventional deep learning training, then propose a novel idea - Crowdlearning, which decentralizes the heavy- load training procedure and deploys the training into a crowd of computation-restricted mobile devices who generate the training data. Finally, we propose SliceNet, which ensures mobile devices can afford the computation cost and simultaneously minimize the total communication cost. The combination of Crowdlearning and SliceNet ensures the sensitive data generated by mobile devices never leave the devices, and the training procedure will hardly disclose any inferable contents. We numerically simulate our prototype of SliceNet which crowdlearns an accurate DNN for image classification, and demonstrate the high performance, acceptable calculation and communication cost, satisfiable privacy protection, and preferable convergence rate, on the benchmark DNN structure and dataset.

Weina Niu,Yuheng Luo,Kangyi Ding,Xiaosong Zhang,Yanping Wang,Beibei Li

DOI: https://doi.org/10.1093/comjnl/bxab176

2021-11-09

The Computer Journal

Abstract:Abstract In recent years, deep neural networks have been extensively applied in various fields, and face recognition is one of the most important applications. Artificial intelligence has reached or even surpassed human capabilities in many fields. However, while artificial intelligence application provides convenience to the human lives, it also leads to the risk of privacy leaking. At present, the privacy protection technology for human faces has received extensive attention. Research goals of face privacy protection technology mainly include providing face anonymization and data availability protection. Existing methods usually have insufficient anonymity and they are not easy to control the degree of image distortion, which makes it difficult to achieve the purpose of privacy protection. Moreover, they do not explicitly perform diversity preservation of attributes such as emotions, expressions and ethnicities, so they cannot perform data analysis tasks on non-identity attributes. This paper proposes a diverse privacy face image generation algorithm based on machine learning, called DIVFGEN. This algorithm comprehensively considers image distortion, identity mapping distance loss and emotion classification loss; transforms the privacy protection target into the problem of generating adversarial examples based on the recognition model; and uses an adaptive optimization algorithm to generate anonymity and diversity of privacy images. The experimental results show that on the Cohn-Kanade+ dataset, our algorithm can reduce the probability of facial recognition by the neural network when it accurately classifies sentiment, from 98.6% to 4.8%.

Xiangfei Zhang,Feng Yang,Yu Guo,Hang Yu,Zhengxia Wang,Qingchen Zhang

DOI: https://doi.org/10.3390/math11020330

IF: 2.4

2023-01-09

Mathematics

Abstract:Recently, deep neural networks (DNNs) have achieved exciting things in many fields. However, the DNN models have been proven to divulge privacy, so it is imperative to protect the private information of the models. Differential privacy is a promising method to provide privacy protection for DNNs. However, existing DNN models based on differential privacy protection usually inject the same level of noise into parameters, which may lead to a balance between model performance and privacy protection. In this paper, we propose an adaptive differential privacy scheme based on entropy theory for training DNNs, with the aim of giving consideration to the model performance and protecting the private information in the training data. The proposed scheme perturbs the gradients according to the information gain of neurons during training, that is, in the process of back propagation, less noise is added to neurons with larger information gain, and vice-versa. Rigorous experiments conducted on two real datasets demonstrate that the proposed scheme is highly effective and outperforms existing solutions.

mathematics

Puyu Wang,Yunwen Lei,Yiming Ying,Ding-Xuan Zhou

DOI: https://doi.org/10.1016/j.neucom.2024.127557

IF: 6

2024-03-27

Neurocomputing

Abstract:Modern machine learning algorithms aim to extract fine-grained information from data to provide accurate predictions, which often conflicts with the goal of privacy protection. This paper addresses the practical and theoretical importance of developing privacy-preserving machine learning algorithms that ensure good performance while preserving privacy. In this paper, we focus on the privacy and utility (measured by excess risk bounds) performances of differentially private stochastic gradient descent (SGD) algorithms in the setting of stochastic convex optimization. Specifically, we examine the pointwise problem in the low-noise setting for which we derive sharper excess risk bounds for the differentially private SGD algorithm. In the pairwise learning setting, we propose a simple differentially private SGD algorithm based on gradient perturbation. Furthermore, we develop novel utility bounds for the proposed algorithm, proving that it achieves optimal excess risk rates even for non-smooth losses. Notably, we establish fast learning rates for privacy-preserving pairwise learning under the low-noise condition, which is the first of its kind.

computer science, artificial intelligence

Zhili Xiong,Longyuan Li,Junchi Yan,Haiyang Wang,Hao He,Yaohui Jin

DOI: https://doi.org/10.1007/978-3-030-29894-4_9

2019-01-01

Abstract:Incredible capacity of machine learning models to mine the underlying information has led to concerns of privacy disclosure. This makes privacy-preserving learning algorithms become a hot spot. In this paper, we focus on Gaussian processes classification (GPC) with a provable secure and feasible privacy model, differential privacy (DP). First we apply a functional mechanism to design a basic privacy-preserving GP classifier. This involves finding the sensitivity of the outputs, and adding a Gaussian process noise proportional to the sensitivity to the trained classifier. Then we propose a variant-noise mechanism to perturb the classifier with different scaled noise based on the density of dataset. We show that this method can significantly reduce the added noise, whilst sufficiently maintaining the accuracy of the classifier both in theory and experiments.

Keyi Ju,Xiaoqi Qin,Hui Zhong,Xinyue Zhang,Miao Pan,Baoling Liu

2024-03-07

Abstract:Quantum computing revolutionizes the way of solving complex problems and handling vast datasets, which shows great potential to accelerate the machine learning process. However, data leakage in quantum machine learning (QML) may present privacy risks. Although differential privacy (DP), which protects privacy through the injection of artificial noise, is a well-established approach, its application in the QML domain remains under-explored. In this paper, we propose to harness inherent quantum noises to protect data privacy in QML. Especially, considering the Noisy Intermediate-Scale Quantum (NISQ) devices, we leverage the unavoidable shot noise and incoherent noise in quantum computing to preserve the privacy of QML models for binary classification. We mathematically analyze that the gradient of quantum circuit parameters in QML satisfies a Gaussian distribution, and derive the upper and lower bounds on its variance, which can potentially provide the DP guarantee. Through simulations, we show that a target privacy protection level can be achieved by running the quantum circuit a different number of times.

Quantum Physics,Cryptography and Security,Machine Learning