基于粒子群优化的差分隐私深度学习模型

doi:10.19678/j.issn.1000-3428.0065590

摘要/Abstract

摘要：

在深度模型差分隐私保护中，过大的梯度扰动噪声会造成数据可用性下降。提出一种基于粒子群优化算法的深度学习模型，根据粒子群优化策略，将粒子的位置映射到网络参数，寻找个体历史最优位置和全局历史最优位置。对全局最优粒子位置所得梯度进行扰动重新参与模型训练，在不改变参数和梯度结构的前提下利用网络传播属性对噪声参数进行优化，运用带扰动的位置参数获取目标函数，最小化经验风险函数，降低噪声对模型效用的损害。在联邦学习模式下，本地客户端利用粒子位置参数更新出本地环境中个体和全局历史最优位置，找到当前最优参数加以扰动，再上传至中心服务器。当每个客户端再次训练时，从服务器请求获取优化、扰动和聚合后的广播参数，参与合作学习。实验结果表明，该算法模型在保护隐私的同时能更好地保留模型可用性，相比DP-SGD算法，在Mnist、Fashion-Mnist和Cifar-10数据集上的准确率分别提高了5.03%、9.23%和22.77%，能够加快联邦学习中的模型收敛，在独立同分布和非独立同分布数据上都具有较好的表现。

关键词: 差分隐私, 噪声参数, 粒子群优化, 网络训练, 联邦学习

Abstract:

Excessive noise from gradient perturbations can lead to usability degradation in deep models with differential privacy protection. A deep learning model with Differential Privacy(DP) based on the Particle Swarm Optimization(PSO) algorithm is proposed to address this issue. The algorithm maps particle positions to network parameters according to the PSO strategy, identifying individual and global historical optimal positions. These global optimal particle positions are then used as gradients, which are perturbed and incorporated into model training. By leveraging network propagation properties without altering the parameters and gradient structure, noise parameters are optimized to realize the objective function. The model is then updated using optimized parameters with perturbation, minimizing the empirical risk function and reducing the impact of noise on model utility. In federated learning, local clients update individual and global historical optimal positions using particle position parameters within their local environment. They identify current optimal parameters to be perturbed before uploading them to the central server. Clients then request optimized, perturbed, and aggregated broadcast parameters from the server for further training in this cooperative learning process. Experimental results demonstrate that the proposed algorithm model effectively preserves model utility while protecting privacy. Compared to the DP-SGD algorithm, the accuracy of Mnist, FashionMnist, and Cifar-10 datasets increases by 5.03%, 9.23%, and 22.77%, respectively.The proposed algorithm accelerates model convergence in federated learning and exhibits strong performance with IID and non-IID data.

Key words: Differential Privacy(DP), noisy parameters, Particle Swarm Optimization(PSO), network training, federated learning

张攀峰, 吴丹华, 董明刚. 基于粒子群优化的差分隐私深度学习模型[J]. 计算机工程, 2023, 49(9): 144-157.

Panfeng ZHANG, Danhua WU, Minggang DONG. Differential Privacy Deep Learning Model Based on Particle Swarm Optimization[J]. Computer Engineering, 2023, 49(9): 144-157.

http://www.ecice06.com/CN/Y2023/V49/I9/144

图/表 15

图1 本文方案的参数优化策略

Fig.1 Parameter optimization strategy of the proposed scheme

图2 本文模型在不同惯性权重下的准确率

Fig.2 Accuracy of the proposed model under different inertia weights

图3 本文模型在不同迭代数下的准确率

Fig.3 Accuracy of the proposed model under different iterations

图4 Mnist数据集在MLP网络中不同隐私水平下训练的测试准确率变化曲线

Fig.4 Test accuracy variation curve of Mnist dataset trained under different privacy levels on the MLP network

图5 Mnist数据集在CNN网络中不同隐私水平下训练的测试准确率变化曲线

Fig.5 Test accuracy variation curve of Mnist dataset trained under different privacy levels on the CNN network

图6 Fashion-Mnist数据集在MLP网络中不同隐私水平下训练的测试准确率变化曲线

Fig.6 Test accuracy variation curve of Fashion-Mnist dataset trained under different privacy levels on the MLP network

图7 Fashion-Mnist数据集在CNN网络中不同隐私水平下训练的测试准确率变化曲线

Fig.7 Test accuracy variation of Fashion-Mnist dataset trained under different privacy levels on the CNN network

图8 不同算法在Mnist数据集上的IID测试准确率

Fig.8 IID test accuracy of different algorithms on Mnist dataset

图9 不同算法在Mnist数据集上的non-IID测试准确率

Fig.9 non-IID test accuracy of different algorithms on Mnist dataset

图10 不同算法在Fashion-Mnist数据集上的IID测试准确率

Fig.10 IID test accuracy of different algorithms on Fashion-Mnist dataset

图11 不同算法在Fashion-Mnist数据集上的non-IID测试准确率

Fig.11 non-IID test accuracy of different algorithms on Fashion-Mnist dataset

参考文献 29

1	ZHANG Y J , BAI G D , ZHONG M Y , et al. Differentially private collaborative coupling learning for recommender systems. IEEE Intelligent Systems, 2021, 36 (1): 16- 24. doi: 10.1109/MIS.2020.3005930
2	WANG S P , LI J , WU G J , et al. Joint optimization of task offloading and resource allocation based on differential privacy in vehicular edge computing. IEEE Transactions on Computational Social Systems, 2022, 9 (1): 109- 119. doi: 10.1109/TCSS.2021.3074949
3	HAN L M, ZHAO Y, ZHAO J. POSTER: blockchain-based differential privacy cost management system[C]//Proceedings of the 15th ACM Conference on Computer and Communications Security. New York, USA: ACM Perss, 2020: 925-927.
4	GUPTA R , ALAM T . Survey on federated-learning approaches in distributed environment. Wireless Personal Communications, 2022, 125 (2): 1631- 1652. doi: 10.1007/s11277-022-09624-y
5	朱黎明, 丁晓波, 龚国强. 图数据连续发布中的隐私保护方法. 计算机工程, 2022, 48 (5): 154- 161. URL
	ZHU L M , DING X B , GONG G Q . Privacy protection method in continuous publishing of graph data. Computer Engineering, 2022, 48 (5): 154- 161. URL
6	刘宇涵, 陈红, 刘艺璇, 等. 图数据上的隐私攻击与防御技术. 计算机学报, 2022, 45 (4): 702- 734. URL
	LIU Y X , CHEN H , LIU Y X , et al. State-of-the-art privacy attacks and defenses on graphs. Chinese Journal of Computers, 2022, 45 (4): 702- 734. URL
7	ABADI M, CHU A, GOODFELLOW I, et al. Deep learning with differential privacy[C]//Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security. New York, USA: ACM Press, 2016: 308-318.
8	YU D, ZHANG H S, CHEN W, et al. Gradient perturbation is underrated for differentially private convex optimization[C]//Proceedings of the 29th International Joint Conference on Artificial Intelligence. New York, USA: ACM Press, 2021: 3117-3123.
9	BASSILY R, SMITH A, THAKURTA A. Private empirical risk minimization: efficient algorithms and tight error bounds[C]//Proceedings of the 55th IEEE Annual Symposium on Foundations of Computer Science. Washington D.C., USA: IEEE Press, 2014: 464-473.
10	ASI H, DUCHI J, FALLAH A, et al. Private adaptive gradient methods for convex optimization[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2106.13756.
11	ANDREW G, THAKKAR O, MCMAHAN H B, et al. Differentially private learning with adaptive clipping[EB/OL]. [2022-07-20]. https://arxiv.org/abs/1905.03871.
12	PICHAPATI V, SURESH A T, YU F X, et al. AdaCliP: adaptive clipping for private SGD[EB/OL]. [2022-07-20]. https://arxiv.org/abs/1908.07643.
13	MOHAPATRA S , SASY S , HE X , et al. The role of adaptive optimizers for honest private hyperparameter selection. Artificial Intelligence, 2022, 36 (7): 7806- 7813.
14	PAPERNOT N, STEINKE T. Hyperparameter tuning with renyi differential privacy[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2110.03620.
15	LI X, TRAMÈR F, LIANG P, et al. Large language models can be strong differentially private learners[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2110.05679.
16	YU D, ZHANG H S, CHEN W, et al. Do not let privacy overbill utility: gradient embedding perturbation for private learning[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2102.12677.
17	YU D, ZHANG H S, CHEN W, et al. Large scale private learning via low-rank reparametrization[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2106.09352.
18	NASR M, SHOKRI R, HOUMANSADR A. Improving deep learning with differential privacy using gradient encoding and denoising[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2007.11524.
19	GATI N J , YANG L T , FENG J , et al. Differentially private tensor train deep computation for Internet of multimedia things. ACM Transactions on Multimedia Computing, Communications, and Applications, 2020, 16 (3): 1- 20.
20	YANG X, ZHANG H, CHEN W, et al. Normalized/clipped SGD with perturbation for differentially private non-convex optimization[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2206.13033.
21	HAN A, MISHRA B, JAWANPURIA P, et al. Differentially private Riemannian optimization[EB/OL]. [2022-07-20]. https://arxiv.org/abs/2205.09494.
22	DWORK C. Differential privacy: a survey of results[C]//Proceedings of International Conference on Theory and Applications of Models of Computation. Berlin, Germany: Springer, 2008: 1-19.
23	DWORK C , ROTH A . The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science, 2014, 9 (3/4): 211- 407.
24	KENNEDY J, EBERHART R. Particle swarm optimization[C]//Proceedings of International Conference on Neural Networks. Washington D.C., USA: IEEE Press, 2002: 1942-1948.
25	HOUSSEIN E H , GAD A G , HUSSAIN K , et al. Major advances in particle swarm optimization: theory, analysis, and application. Swarm and Evolutionary Computation, 2021, 63, 100868.
26	KAIROUZ P, OH S, VISWANATH P. The composition theorem for differential privacy[C]//Proceedings of the 32nd International Conference on Machine Learning. New York, USA: ACM Press, 2015: 1376-1385.
27	MCMAHAN H B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[EB/OL]. [2022-07-20]. https://arxiv.org/abs/1602.05629.
28	GONG M G , XIE Y , PAN K , et al. A survey on differentially private machine learning. IEEE Computational Intelligence Magazine, 2020, 15 (2): 49- 64.
29	MIRONOV I. Rényi differential privacy[C]//Proceedings of the 30th IEEE Computer Security Foundations Symposium. Washington D.C., USA: IEEE Press, 2017: 263-275.

[1]	郑美光, 杨泳. 基于互信息软聚类的个性化联邦学习算法[J]. 计算机工程, 2023, 49(8): 20-28.
[2]	温依霖, 赵乃良, 曾艳, 韩猛, 岳鲁鹏, 张纪林. 基于本地模型质量的客户端选择方法[J]. 计算机工程, 2023, 49(6): 131-143.
[3]	桑永宣, 魏江坡, 王博, 宋莹. 具有边缘缓存机制的混合启发式任务卸载算法[J]. 计算机工程, 2023, 49(4): 149-158.
[4]	陈何雄, 罗宇薇, 韦云凯, 郭威, 杭菲璐, 何映军, 杨宁. 基于联邦学习的SDN异常流量协同检测技术[J]. 计算机工程, 2023, 49(3): 168-176.
[5]	孙扬威, 戚湧. 基于聚类混合采样与PSO-Stacking的车载CAN入侵检测方法[J]. 计算机工程, 2023, 49(1): 138-145.
[6]	李尤慧子, 俞海涛, 殷昱煜, 高洪皓. 基于超级账本的集群联邦优化模型[J]. 计算机工程, 2023, 49(1): 22-30.
[7]	刘金硕, 詹岱依, 邓娟, 王丽娜. 基于深度神经网络和联邦学习的网络入侵检测[J]. 计算机工程, 2023, 49(1): 15-21,30.
[8]	周全兴, 李秋贤, 丁红发, 樊玫玫. 基于博弈论优化的高效联邦学习方案[J]. 计算机工程, 2022, 48(8): 144-151,159.
[9]	吴茂强, 黄旭民, 康嘉文, 余荣. 面向车路协同推断的差分隐私保护研究[J]. 计算机工程, 2022, 48(7): 29-35.
[10]	王树芬, 张哲, 马士尧, 陈俞强, 伍一. 一种鲁棒的半监督联邦学习系统[J]. 计算机工程, 2022, 48(6): 107-114,123.
[11]	陈乃月, 金一, 李浥东, 蔡露鑫, 魏圆梦. 基于区块链的公平性联邦学习模型[J]. 计算机工程, 2022, 48(6): 33-41.
[12]	金媛媛, 倪志伟, 朱旭辉, 陈恒恒, 陈千. 基于本地差分隐私的空间数据自适应划分算法[J]. 计算机工程, 2022, 48(5): 136-144.
[13]	温亚兰, 陈美娟. 融合联邦学习与区块链的医疗数据共享方案[J]. 计算机工程, 2022, 48(5): 145-153,161.
[14]	柏财通, 崔翛龙, 李爱. 基于本地蒸馏联邦学习的鲁棒语音识别技术[J]. 计算机工程, 2022, 48(10): 103-109.
[15]	杨文琦, 章阳, 聂江天, 杨和林, 康嘉文, 熊泽辉. 基于联邦学习的无线网络节点能量与信息管理策略[J]. 计算机工程, 2022, 48(1): 188-196,203.

选择文件类型/文献管理软件名称

选择包含的内容