| With the rapid development of computer technology and big data,artificial intelligence services based on machine learning have flourished in many fields,forming Machine Learning as a Service(MLaaS)business service model.However,most MLaaS service models stipulate that users must upload their private data to the cloud when using machine learning cloud services.These data are likely to contain privacy that users do not want to disclose.This service model poses a severe privacy threat to users.Therefore,researching better privacy protection technology has vital practical significance for the development of MLaaS.Existing MLaaS privacy protection research mainly focuses on encryption,perturbation,and machine learning-based privacy reconstruction methods.Encryption methods positively affect privacy protection.but they will significantly increase the computational and transmission overhead.Perturbation methods usually lead to a significant drop in service accuracy,making it difficult to achieve a balance of privacy and utility.Most privacy reconstruction methods based on machine learning assume that clouds are trustworthy,which makes it challenging to avoid privacy leakage from the server.Therefore,this thesis proposes a more reliable privacy protection scheme to address the shortcomings of the existing privacy protection methods.The main works are as follows:1.To solve the encryption method’s defects,this thesis proposes "Feature Dilution(FD)" to help users obtain cloud services by replacing the original data with noisy data that hardly contains sensitive information.The FD uses a deep network to continuously add the original data features to a fixed random noise until the amount of features in the noise used for valid queries is equal to the minimum threshold.We call the resulting noise Weak Feature Noise(WFN).Meanwhile,FD reduces the risk of privacy leakage in lowdimensional space.Experiments show that WFN does not increase the transmission overhead and can maintain the utility well,but slightly increases the computing overhead.2.To solve the problem that most privacy protection methods can only be implemented based on a trusted cloud,this thesis proposes the "Privacy Autonomy Scheme(PAS)" to help users achieve "privacy autonomy" in MLaaS.PAS combines joint learning with reconstruction networks,allowing users to design their own privacy reconstruction networks based on variational information bottleneck and adversarial reconstructions.At the same time,joint learning is used to train the reconstruction network without exposing privacy methods.The reconstructed data generated by the constructed network replaces the original data for the query to protect privacy.In addition,PAS can also defend against reverse engineering attacks to a certain extent.Experiments show that the utility reduced by PAS usually does not exceed 3%,and the privacy protection effect is better than most existing methods. |
PDF Full Text Request