| 引用本文: |
-
王豪,许强,张清华,李开菊.LFDP:融合低频信息的差分隐私鲁棒性增强方法[J].信息安全学报,已采用 [点击复制]
- WANG HAO,XU QIANG,ZHANG QINGHUA,LI KAIJU.LFDP: A Differentially Private Robustness Augmentation Method Combining Low-Frequency Information[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 针对机器学习模型差分隐私鲁棒性增强方法面临的加入的高频噪声容易被滤除,导致鲁棒性增强效果下降的问题,提出了一种普适的融合低频信息的差分隐私鲁棒性增强方法LFDP。从理论上证明了差分隐私高频噪声在鲁棒性增强方面的原理和不足,将图像分为高低频两部分进行处理,利用二维离散余弦逆变换生成低频高斯噪声,加入到图像频域系数中。实验结果表明,与直接加入高频噪声的差分隐私鲁棒性增强方法相比,LFDP在不增大噪声尺度的同时能够起到更好的鲁棒性增强效果。 |
| 关键词: 机器学习 鲁棒性 差分隐私 低频噪声 |
| DOI: |
| 投稿时间:2022-12-11修订日期:2023-03-11 |
| 基金项目: |
|
| LFDP: A Differentially Private Robustness Augmentation Method Combining Low-Frequency Information |
|
WANG HAO1, XU QIANG2, ZHANG QINGHUA1, LI KAIJU3
|
| (1.Chongqing University of Posts and Telecommunications;2.City University of Hong Kong;3.Chongqing University) |
| Abstract: |
| To solve the problem that robustness enhanced high-frequency noise based on differential privacy is easily to be filtered out, leading to the decrease of robustness augmentation effect, a differential privacy robustness augmentation method combining low-frequency information, LFDP, is proposed. The principle and shortcoming of high-frequency noise in robustness augmentation are theoretically proved, and a method for generating low-frequency Gaussian noise is proposed. We divide the image into high and low frequency parts, generate low-frequency Gaussian noise using 2D discrete cosine transform and add it to the image frequency domain coefficients. Experimental results show that, compared with existing differential privacy robustness augmentation methods that directly add high-frequency noise, LFDP can achieve better robustness effect without increasing noise scale. |
| Key words: Machine learning Robustness Differential privacy Low-frequency noise |
