Reserach On Federal Image Classification System Based On Hybrid Differential Privacy

At present,the amount of information is increasing explosively,and data is a key factor in the development of machine learning.The explosive growth has led to unprecedented development of machine learning technology.Machine learning technology has shown its outstanding advantages in almost all industries.However,in real scenarios,data is often distributed among different institutions.At the same time,with the improvement of citizens’ privacy awareness and the improvement of relevant laws,data between institutions often cannot be directly shared to complete machine learning,which makes how to Legally addressing data fragmentation and segregation is a major challenge facing machine learning researchers today.In 2016,Google first proposed the federated learning algorithm framework.Federated learning is a distributed deep learning architecture that can meet data privacy protection and enable thousands of participants or clients to participate in the same specific deep learning.The model is iteratively trained,and finally,a high-precision global model is trained.Although federated learning has protected data privacy by preventing users from uploading original data,studies have shown that attackers can still steal data in federated learning systems through active or passive attacks,and have little knowledge of how to construct data that satisfies data requirements.Research on private federated learning systems is still in its infancy.Therefore,the research on the privacy protection of the federated learning system is imminent.This paper will design a federated learning system based on differential privacy technology from the perspective of protecting data privacy in federated learning.The research results and innovations of this paper are as follows:(1)In order to solve the problem of privacy budget accumulation in the federated learning system based on differential privacy technology,this paper proposes an adaptive Laplacian local differential privacy scheme based on the hierarchical correlation propagation algorithm.According to the hierarchical correlation propagation algorithm,less noise is added to the input features in the client’s local data that have a greater impact on the output,and vice versa.Compared with the traditional noise addition scheme,the privacy budget of this scheme does not need to be accumulated with training iterations,and more rounds of local training can be completed under the same privacy budget,so that the model can achieve higher accuracy.(2)For the calculation method of the privacy budget in the federated learning system based on differential privacy technology,this paper proposes a local differential privacy scheme based on differential privacy from the perspective of hypothesis testing.Compared with the traditional scheme that calculates the privacy budget from the perspective of information entropy,this scheme can tighten the calculation method of the privacy budget from the perspective of hypothesis testing,so that more rounds can be completed under the same privacy budget.Local training enables the model to achieve higher accuracy.(3)By comparing the performance of the above two schemes in terms of privacy protection and model accuracy,the optimal differential privacy scheme is selected,and a federal image classification system based on hybrid differential privacy is proposed.According to the attack model existing in the federated learning system,the client is divided into two categories,one is the client that trusts the central server,and the other is the client that does not trust the central server.The former directly uploads the local update gradient during training,and the central server completes the centralized noise addition.The latter needs to add noise to the local update gradient,and then upload the update gradient to the server.At the same time,the gradient normalization method is used to replace the gradient threshold clipping method,and finally a federal image classification system based on hybrid differential privacy is designed.Finally,experiments show that the designed system can achieve a high model accuracy while protecting data privacy.