RRN: A differential private approach to preserve privacy in image classification-Reference-Cited by-同舟云学术

RRN: A differential private approach to preserve privacy in image classification

Published:2023-03-20 Issue:7 Volume:17 Page:2192-2203
ISSN:1751-9659
Container-title:IET Image Processing
language:en
Short-container-title:IET Image Processing

Author:

Shen Zhidong¹²^ORCID,Zhong Ting¹^ORCID,Sun Hui³,Qi Baiwen³

Affiliation:

1. Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan University Wuhan Hubei China

2. Engineering Research Center of Cyberspace Yunnan University Kunming Yunnan China

3. Zhongnan Hospital Wuhan University Wuhan Hubei China

Abstract

AbstractThe wide application of image classification has given rise to many intelligent systems, such as face recognition systems, which makes our life more convenient. However, the ensuing privacy leakage problem has become increasingly serious. The training of a deep neural network requires lots of data, which may contain sensitive information of users and may be exploited by data collectors. A perturbation algorithm named RRN is proposed for image data based on local differential privacy, which provides a rigorous privacy guarantee. Existing solutions have low accuracy due to the high sensitivity of an image; the authors' method combines the Randomized Response mechanism with the Laplace mechanism to solve this problem. Experiments were conducted on the MNIST and CIFAR‐10 datasets to show the effectiveness of the algorithm. Experimental results shows that the model is better than baseline models. The algorithm was also implemented on the commonly used model in deep learning, the VGG model, which can achieve 96.4% accuracy in the non‐private version on the CIFAR‐10 dataset. The accuracy of the differential private VGG model based on the RRN algorithm is 83% when , which is still excellent. The experimental results show that the RRN algorithm can both preserve privacy and data utility.

Publisher

Institution of Engineering and Technology (IET)

Subject

Electrical and Electronic Engineering,Computer Vision and Pattern Recognition,Signal Processing,Software

Link

https://onlinelibrary.wiley.com/doi/pdf/10.1049/ipr2.12784

Reference46 articles.

1. He K. Zhang X. Ren S. Sun J.:Delving deep into rectifiers: Surpassing human‐level performance on imagenet classification. In:Proceedings of the IEEE International Conference on Computer Vision pp.1026–1034.IEEE Piscataway(2015). doi:https://doi.org/10.1109/ICCV.2015.123

2. Narayanan A. Shmatikov V.:Robust de‐anonymization of large sparse datasets. In:Proceedings ‐ IEEE Symposium on Security and Privacy pp.111–125.IEEE Piscataway(2008). doi:https://doi.org/10.1109/SP.2008.33

3. Shokri R. Stronati M. Song C. Shmatikov V.:Membership inference attacks against machine learning models. In:Proceedings ‐ IEEE Symposium on Security and Privacy pp.3–18.IEEE Piscataway(2017). doi:https://doi.org/10.1109/SP.2017.41

4. Fredrikson M. Jha S. Ristenpart T.:Model inversion attacks that exploit confidence information and basic countermeasures. In:Proceedings of the ACM Conference on Computer and Communications Security pp.1322–1333.ACM New York(2015). doi:https://doi.org/10.1145/2810103.2813677

5. An adaptive federated learning scheme with differential privacy preserving

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An Effective Federated Object Detection Framework with Dynamic Differential Privacy;Mathematics;2024-07-09

2. Enhancing Security and Privacy in Distributed Face Recognition Systems through Blockchain and GAN Technologies;Computers, Materials & Continua;2024

3. A lightweight privacy-preserving scheme using pixel block mixing for facial image classification in deep learning;Engineering Applications of Artificial Intelligence;2023-11

4. Conditional GAN-Based Gradient Recovery Attack for Differentially Private Deep Image Processing;2023 IEEE Smart World Congress (SWC);2023-08-28