Research And Implementation Of Deep Domain Adaptation Under Differential Privacy

Deep domain adaptation aligns the feature distribution of source and target domains,allowing models trained on the source domain to perform well on the target domain,and has wide applications in fields such as bioinformatics.However,when the source or target domain data contains private information,directly releasing models trained on privacy data can result in the leakage of personal privacy information.Therefore,how to ensure the utility of domain adaptation models while protecting users’personal information has become a key issue to be urgently solved in deep domain adaptation tasks.Differential privacy is an effective privacy protection mechanism that has received great attention in recent years.Differential privacy makes it impossible for attackers to determine whether a user’s private data are in the dataset by adding noise during the calculation process,thereby protecting the user’s personal privacy.Therefore,this paper applies differential privacy technology to the deep domain adaptation task to protect data privacy.This paper designs and implements two deep domain adaptation algorithms that satisfies differential privacy for the scenarios where the source domains are public datasets and private datasets separately.For the scenario where the source domain is public,this paper proposes the PDAPL algorithm.In this algorithm,to solve the problem that directly adding noise on the gradient will result in poor model performance.This paper proposes a double-layer noise addition mechanism based differentially private method.In order to solve the problem that adding the same noise to all features will affect the performance of the model to a certain extent,this paper proposes a feature perturbation method based on adaptive Gaussian mechanism.This paper experimentally evaluates the proposed algorithm PDAPL on multiple datasets,and the results show that the proposed algorithm has high accuracy while satisfying privacy protection requirements.For the scenario where the source domain is private,this paper proposes the PDADA algorithm.In this algorithm,to solve the problem that private source domain data cannot be publicly released,this paper proposes a mixed Gaussian model based differential private approximation method for source domain feature distribution.To solve the problem that directly releasing the model trained with private target domain data will lead to the leakage of personal information,this paper proposes a feature distribution alignment method based on differential privacy domain adversarial networks.The results of experimental tests on multiple data sets show that the method proposed in this paper has high accuracy while meeting the privacy protection requirements.