Image Classification Based on Layered Gradient Clipping Under Differential Privacy

Convolutional neural networks (CNNs) are widely used in the field of image classification. At the same time, users face the risk of privacy leakage because adversaries can reverse private information from the training parameters of CNNs. Adding Gaussian noise to the training parameters is an effecti...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2023-01, Vol.11, p.1-1
Hauptverfasser: Ma, ChunMei, Kong, XiangShan, Huang, Baogui
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Convolutional neural networks (CNNs) are widely used in the field of image classification. At the same time, users face the risk of privacy leakage because adversaries can reverse private information from the training parameters of CNNs. Adding Gaussian noise to the training parameters is an effective means to prevent adversaries from stealing private, but this tends to reduce the utility of the models. Therefore, how to find a balance between privacy and utility has become a hot research topic. In this paper, to improve the image classification ability of CNN models under differential privacy protection, we propose an image classification algorithm based on layered gradient clipping under differential privacy, ICGC-DP for short. Firstly, the gradient tensor is layered according to the neural network model. Secondly, for each layered gradient tensor, the median of L 2 norms is used as the clipping threshold. Moreover, to prevent the sensitivity from converging to zero, we add a bound on the sensitivity to ensure that all gradients can be protected by differential privacy. To further improve the classification utility of ICGC-DP, we design an adaptive weighted fusion module for it. The module assigns weights to prediction tensors according to the variance between them. We conduct comprehensive experiments on the Mnist, FashionMnist and CIFAR10 datasets, respectively. The experimental results show that, when the privacy budget ε = 2.0, ICGC-DP achieves accuracy of 97.36%, 88.72% and 72.63% on the Minist, FasionMnist and CIFAR10 datasets. When the privacy budget ε = 8.0, ICGC-DP achieves accuracy of 97.81%, 89.49% and 74.41% on the Minist, FasionMnist and CIFAR10 datasets.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3249575