| As the most powerful data mining technology,deep learning has broad application prospects in various fields.However,in the cloud-based service mode,if there is privacy-sensitive information in user data,there will exist a potential risk of privacy leakage.At the same time,the intermediate features extracted by the deep learning algorithm do not have anti-privacy analysis capabilities,and there is also a corresponding risk of privacy leakage.Aiming at the risk of user data privacy leakage in the deep learning application,the splitting-based framework is based on the characteristics of deep neural network hierarchical connections,which divides the whole neural network from the intermediate layer into two parts and deploys them in client and server respectively.In this setting,firstly,it is guaranteed that the user’s original data is protected by transmitting intermediate features instead of the original data.One step further,in order to solve the privacy leakage problem from the intermediate features,the Privacy-preserving Feature Extraction method based on Adversarial Training(P-FEAT)introduces an additional privacy attacking network to the original target network as a measure of the privacy leakage risks.The privacy attacking network imposes privacy protection constraints on the feature extraction process of the target network.For scenarios where the privacy attributes are known,the specific privacy attack tasks are used as adversarial objectives,and for scenarios where the privacy attributes are unknown,the reconstruction attacking task is used as adversarial objective.Finally,the privacy attacking network and target the network are trained alternately using adversarial training techniques to obtain the privacy-preserving intermediate features,which can effectively prevent various privacy attacks.The experiments show that P-FEAT can significantly reduce the threats of privacy attacking tasks while maintaining high accuracy of the target tasks.The degradation in target task accuracy can usually be limited to 5%,thus the method has high availability.P-FEAT is superior to similar methods in terms of privacy protection effect.Compared with the solutions using a dedicated encoding network,the proposed method has obvious advantages in terms of the implementation difficulty,and can be seamlessly integrated with the existing model structure.The privacy-utility trade-offs in the method can be adjusted through hyperparameters,which are related to specific privacy attack scenarios.In addition,because the splitting-based deployment mode will bring additional overhead to the client devices,on the premise of satisfying the privacy-utility requirements,the splitting layer should be as shallow as possible. |
PDF Full Text Request