基于生成对抗网络的差分隐私数据发布方法

doi:10.3969/j.issn.0372-2112.2020.10.016

电子学报 ›› 2020, Vol. 48 ›› Issue (10): 1983-1992.DOI: 10.3969/j.issn.0372-2112.2020.10.016

基于生成对抗网络的差分隐私数据发布方法

方晨¹, 郭渊博¹, 王娜¹, 甄帅辉^1,2, 唐国栋³

1. 信息工程大学, 河南郑州 450001;
2. 中国人民解放军93808部队, 甘肃兰州 730000;
3. 中国人民解放军75775部队, 广东广州 510000

收稿日期:2019-12-10 修回日期:2020-04-16 出版日期:2020-10-25
- 通讯作者:
- 郭渊博
- 作者简介:
- 方晨男,1993年出生,安徽安庆人.战略支援部队信息工程大学博士研究生.研究方向为机器学习隐私安全.E-mail:17756230629@163.com
  王娜女,1970年出生,河南郑州人.战略支援部队信息工程大学副教授.研究方向为网络信息安全.
- 基金资助:
- 国家自然科学基金 (No.61501515，No.61601515）; 信息保障技术重点实验室开放基金 (No.KJ-15-108）

Differential Private Data Publishing Method Based on Generative Adversarial Network

FANG Chen¹, GUO Yuan-bo¹, WANG Na¹, ZHEN Shuai-hui^1,2, TANG Guo-dong³

1. Information Engineering University, Zhengzhou, Henan 450001, China;
2. Unit 93808, Lanzhou, Gansu 730000, China;
3. Unit 75775, Guangzhou, Guangdong 510000, China

Received:2019-12-10 Revised:2020-04-16 Online:2020-10-25 Published:2020-10-25
- Corresponding author:
- GUO Yuan-bo
- Supported by:
- National Natural Science Foundation of China (No.61501515, No.61601515); Open Fund of Key Laboratory of Information Assurance Technology (No.KJ-15-108)

摘要/Abstract

摘要： 机器学习的飞速发展使其成为数据挖掘领域最有效的工具之一，但算法的训练过程往往需要大量的用户数据，给用户带来了极大的隐私泄漏风险.由于数据统计特征的复杂性及语义丰富性，传统隐私数据发布方法往往需要对原始数据进行过度清洗，导致数据可用性低而难以再适用于数据挖掘任务.为此，提出了一种基于生成对抗网络（Generative Adversarial Network，GAN）的差分隐私数据发布方法，通过在GAN模型训练的梯度上添加精心设计的噪声来实现差分隐私，确保GAN可无限量生成符合源数据统计特性且不泄露隐私的合成数据.针对现有同类方法合成数据质量低、模型收敛缓慢等问题，设计多种优化策略来灵活调整隐私预算分配并减小总体噪声规模，同时从理论上证明了合成数据严格满足差分隐私特性.在公开数据集上与现有方法进行实验对比，结果表明本方法能够更高效地生成质量更高的隐私保护数据，适用于多种数据分析任务.

关键词: 差分隐私, 生成对抗网络, 隐私数据发布, 合成数据, 数据挖掘

Abstract: The rapid development of machine learning makes itself one of the most effective tools in the data mining research community. However, the training of algorithm often needs a large amount of user data, which brings a great risk of privacy leakage to users. Due to the complex statistical characteristics and semantic richness of the data, traditional private data publishing methods usually sanitize original data too excessively to lead to low data availability and uselessness in data mining tasks. In this paper, a differential private data publishing method based on generative adversarial network (GAN) is proposed. The differential privacy of the GAN model is realized by adding carefully designed noise to the gradients during the training procedure, so that the GAN can generate unlimited synthetic data conforming to the original statistical characteristics without disclosing any privacy. Aiming at the problems of low quality synthetic data and slow convergence in the existing similar methods, several optimization strategies are designed to adjust the privacy budget allocation and reduce the overall noise scale. Moreover, we provide rigorous proof that the synthetic data satisfies the differential privacy. Comparisons with existing methods on public datasets show that the method proposed can generate private data with higher quality more efficiently, which is suitable for various data analysis tasks.

Key words: differential privacy, generative adversarial network, private data publishing, synthetic data, data mining

中图分类号:

TP301

方晨, 郭渊博, 王娜, 等. 基于生成对抗网络的差分隐私数据发布方法[J]. 电子学报, 2020, 48(10): 1983-1992.

FANG Chen, GUO Yuan-bo, WANG Na, et al. Differential Private Data Publishing Method Based on Generative Adversarial Network[J]. Acta Electronica Sinica, 2020, 48(10): 1983-1992.

参考文献

[1] Fredrikson M,Jha S,Ristenpart T.Model inversion attacks that exploit confidence information and basic countermeasures[A].Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security[C].USA:ACM,2015.1322-1333.
[2] Cynthia Dwork,Aaron Roth.The Algorithmic Foundations of Differential Privacy[M].USA:Now Foundations and Trends,2014.
[3] 杨高明,朱海明,方贤进,等.局部差分隐私约束的关联属性不变后随机响应扰动[J].电子学报,2019,47(5):1079-1085. YANG Gao-ming,ZHU Hai-ming,FANG Xian-jin,et al.Invariant post-random response perturbation for correlated attributes under local differential privacy constraint[J].Acta Electronica Sinica,2019,47(5):1079-1085.(in Chinese)
[4] 傅继彬,张啸剑,丁丽萍.MAXGDDP:基于差分隐私的决策数据发布算法[J].通信学报,2018,39(3):136-146. FU Ji-bin,ZHANG Xiao-jian,DING Li-ping.MAXGDDP:decision data release with differential privacy[J].Journal of Communications,2018,39(3):136-146.(in Chinese)
[5] Zhang J,Cormode G,Procopiuc C M,et al.Privbayes:Private data release via Bayesian networks[J].ACM Transactions on Database Systems (TODS),2017,42(4):1-41.
[6] Asghar H J,Ding M,Rakotoarivelo T,et al.Differentially private release of high-dimensional datasets using the Gaussian copula[J].arXiv Preprint,2019, arXiv:1902.01499.
[7] GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Generative adversarial nets[A].Advances in Neural Information Processing Systems[C].USA:ACM,2014.2672-2680.
[8] Xie L,Lin K,Wang S,et al.Differentially private generative adversarial network[J].arXiv Preprint,2018,arXiv:1802.06739.
[9] Acs G,Melis L,Castelluccia C,et al.Differentially private mixture of generative neural networks[J].IEEE Transactions on Knowledge and Data Engineering,2018,31(6):1109-1121.
[10] Xu C,Ren J,Zhang D,et al.GANobfuscator:Mitigating information leakage under GAN via differential privacy[J].IEEE Transactions on Information Forensics and Security,2019,14(9):2358-2371.
[11] 郭鹏,钟尚平,陈开志,等.差分隐私GAN梯度裁剪阈值的自适应选取方法[J].网络与信息安全学报,2018,4(5):10-20. GUO Peng,ZHONG Shang-ping,CHEN Kai-zhi,et al.Adaptive selection method of differential privacy GAN gradient clipping thresholds[J].Chinese Journal of Network and Information Security,2018,4(5):10-20.(in Chinese)
[12] Gulrajani I,Ahmed F,Arjovsky M,et al.Improved training of Wasserstein gans[A].Advances in Neural Information Processing Systems[C].USA:ACM,2017.5767-5777.
[13] ABADI M,CHU A,GOODFELLOW I,et al.Deep learning with differential privacy[A].The ACM SIGSAC Conference on Computer and Communications Security[C].USA:ACM,2016.308-318.
[14] Wang Q,Zhang Y,Lu X,et al.Real-time and spatio-temporal crowd-sourced social network data publishing with differential privacy[J].IEEE Transactions on Dependable and Secure Computing,2018,15(4):591-606.
[15] 李万杰,张兴,曹光辉,等.基于差分隐私保护的数据分级融合发布机制[J].小型微型计算机系统,2019,40(10):2252-2256. LI Wan-jie,ZHANG Xing,CAO Guang-hui,et al.Hierarchical data fusion publishing mechanism based on differential privacy protection[J].Journal of Chinese Computer Systems,2019,40(10):2252-2256.(in Chinese)
[16] Chollet F.Xception:Deep learning with depth wise separable convolutions[A].IEEE Conference on Computer Vision and Pattern Recognition (CVPR)[C].USA:IEEE,2017.1800-1807.
[17] Deep Learning Tutorials[OL].http://deeplearning.net/tutorial/,2019-3-26.

基于生成对抗网络的差分隐私数据发布方法

Differential Private Data Publishing Method Based on Generative Adversarial Network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	曾卓, 汪成亮, 马飞. 基于差分隐私的活动模式保护与时空轨迹发布方法[J]. 电子学报, 2023, 51(3): 552-563.
[2]	刘少鹏, 赵慧民, 洪佳明, 吴晓航, 许发宝, 欧阳佳, 梁鹏, 熊建斌. 面向医学图像生成的鲁棒条件生成对抗网络[J]. 电子学报, 2023, 51(2): 427-437.
[3]	刘杰, 葛一凡, 田明. 文物图像的超分辨率重建算法研究[J]. 电子学报, 2023, 51(1): 139-145.
[4]	康海燕, 冀源蕊. 基于本地化差分隐私的时序位置发布方案研究[J]. 电子学报, 2022, 50(9): 2222-2232.
[5]	吴靖, 叶晓晶, 黄峰, 陈丽琼, 王志锋, 刘文犀. 基于深度学习的单帧图像超分辨率重建综述[J]. 电子学报, 2022, 50(9): 2265-2294.
[6]	张少波, 原刘杰, 毛新军, 朱更明. 基于本地差分隐私的K-modes聚类数据隐私保护方法[J]. 电子学报, 2022, 50(9): 2181-2188.
[7]	沈鹏飞, 徐臻, 王英. 基于嵌套生成对抗学习的网络嵌入[J]. 电子学报, 2022, 50(9): 2155-2163.
[8]	裴炤, 邱文涛, 王淼, 马苗, 张艳宁. 基于Transformer动态场景信息生成对抗网络的行人轨迹预测方法[J]. 电子学报, 2022, 50(7): 1537-1547.
[9]	刘文杰, 赵胶胶, 张颖, 葛业波. 一种量子条件生成对抗网络算法[J]. 电子学报, 2022, 50(7): 1586-1593.
[10]	孙晨峰, 吕卫民, 戴洪德, 张浩晨. 一种基于TimeGAN和OCSVM的多元退化设备小子样数据增广方法[J]. 电子学报, 2022, 50(11): 2678-2687.
[11]	李宝奇, 黄海宁, 刘纪元, 李宇. 基于改进CycleGAN的光学图像迁移生成水下小目标合成孔径声纳图像算法研究[J]. 电子学报, 2021, 49(9): 1746-1753.
[12]	王森, 王煜, 宁德军. 复杂软件系统健康状态智能感知与诊断模型[J]. 电子学报, 2021, 49(9): 1799-1808.
[13]	席亮, 刘涵, 樊好义, 张凤斌. 基于深度对抗学习潜在表示分布的异常检测模型[J]. 电子学报, 2021, 49(7): 1257-1265.
[14]	袁水莲, 皮德常, 胥萌. 基于差分隐私的轨迹隐私保护方法[J]. 电子学报, 2021, 49(7): 1266-1273.
[15]	陈星宇, 叶锋, 黄添强, 翁彬, 陈家祯, 林文忠. 融合小型深度生成模型的显著性检测[J]. 电子学报, 2021, 49(4): 768-774.