Year:2023
CCF:C
Publisher: IEEE
Published in: 2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD)
Cited:1
To solve this problem, we propose a privacy-preserving deep learning model based on matrix transformation. Specifically, we transform original data by adding or multiplying a random matrix.
-
methods based on data processing
-
Matrix Transformation
transform original data by adding or multiplying a random matrix
treat each training image data as a pixel matrix, and add or multiply it with a random matrix element by element
two matrix transformations: matrix addition and matrix multiplication
Each image data needs to be processed with a same random matrix
each training and testing data must be transformed with a same random matrix R
the dimension of R is as same as the original data
The matrix R used to transform original data is not open to public.
- parameters
| Name | Description |
|---|---|
| A | image pixel matrix |
| W×H×C | image dimension(width、height、channels) |
| R | random matrix(same dimension、Each value in R is a random integer in the interval [1,MAX_V]) |
| MAX_V | random positive integer |
| RISE_V | a constant number |
- MNIST
- CIFAR-10
- Pytorch
https://github.com/kuangliu/pytorch-cifar
- ResNet18
矩阵变换后像素值会超过像素值范围255,所以需要对结果进行一个归一化处理,将像素值范围控制在0-255之间,主要是考虑矩阵变换后对原始像素矩阵整体的影响。
MMT、MAT都是逐像素相加和相乘,对于RGB图像需要对RGB3通道分别变换后再合起来。
2. Privacy-Preserving Deep Neural Networks with Pixel-Based Image Encryption Considering Data Augmentation in the Encrypted Domain
Year:2019
CCF:C
Publisher: IEEE
Published in: 2019 IEEE International Conference on Image Processing (ICIP)
Cited:116
Pixel-Based Image Encryption
present a novel privacy-preserving scheme for deep neural networks (DNNs)
a novel pixel-based image encryption method is first proposed for privacy-preserving DNNs
focuses on protecting visual information
-
Negative-Positive Transformation + color component shuffling
the server has no secret key
- Data augmentation
a technique for creating new training data from existing data
eg. horizontal/vertical flip, random crop, random rotation, cutout, and random erasing
- Horizontal/vertical flip: flips original images horizontally or vertically.
- Shifting: shifts pixel locations of original images on both horizontal and vertical axes by number of pixels.
- parameters
| Name | Description |
|---|---|
| I_RGB | a color image, each color channel I_R、I_G、I_B |
| K_c | secret keys {KR, KG, KB} |
| r(i) | a random binary integer generated by K_c, P(r(i)) = 0.5 |
| K_s | random integer for shuffle three color components |
- CIFAR10
- ResNet-18
- SGD
Data Augmentation in Client or Cloud Server?
数据增强发生在客户端或者云服务器端有什么区别吗?为什么效果会差这么多?
Year:2018
CCF:None
Publisher: IEEE
Published in: Data and Applications Security and Privacy XXXII(DBSec 2018)
Cited:153
propose sharing pixelized images with rigorous privacy guarantees
extend the standard differential privacy notion to image data, propose the m-neighborhood notion
pixelization-based method with grid cells of b×b pixels
quantifiable privacy model
- Differential privacy
differentially private pixelization
Pixelization can be achieved by superposing a rectangular grid over the original image and averaging the color values of the pixels within each grid cell
In the paper, focus on grayscale images ,other considering each channel separately
assume the sensitivity of each image is independent of other images to sanitize.
The pixelization technique renders the source image using larger blocks.
partitioning the image using a two-dimensional grid and the average pixel value is released for each grid cell
“square” grid: each grid cell contains b×b pixels
- Standard Differential Privacy.
Laplace mechanism: adding noise N to a function f, N is drawn from a Laplace distribution
- neighboring images
m value in order to customize the level of privacy protection
A straight-forward application of differential privacy is to apply Laplace perturbation to each pixel.
- parameters
| Name | Description |
|---|---|
| I(x,y) | M × N matrix with integer values between 0 and 255 (0 is black and 255 is white) I(x, y) denotes the “pixel” value at position (x, y) in the matrix. |
| b | grid cell length, each grid cell contains b×b pixels |
 |
privacy parameter, the degree of privacy,a smaller implies stronger privacy and vice versa |
 |
global sensitivity, the maximum difference of f between any neighboring databases |
- AT&T
- MNIST
- PETS: PETS09-S2L1
- Venice: Venice-2
Both datasets were converted to grayscale.
- Python
- utility
standard Mean Square Error (MSE)
Structural Similarity (SSIM)
blurring: Gaussian blur, removes details from an image by convolving the 2D Gaussian distribution function with the image
P3 system: encrypts the significant Discrete Cosine Transform (DCT) coefficients of the image
HSV (hue-saturation-value)
defer the extension of our study to inter-dependent images, such as a sequence of video frames
Year:
CCF:
Publisher:
Published in:
Cited:
- parameters