[Retracted] Privacy Protection Technology Based on Machine Learning and Intelligent Data Recognition

liu, Qiang

doi:https://doi.org/10.1155/2022/1598826

Security and Communication Networks

On this page

Abstract Introduction Background Conclusions Data Availability Conflicts of Interest References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Computational Technologies for Malicious Traffic Identification in IoT Networks

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 1598826 | https://doi.org/10.1155/2022/1598826

[Retracted] Privacy Protection Technology Based on Machine Learning and Intelligent Data Recognition

Qiang liu¹

Academic Editor: Muhammad Arif

Received17 Mar 2022

Revised13 Apr 2022

Accepted19 Apr 2022

Published05 May 2022

Abstract

The machine learning algorithm is gradually being applied to various fields and has become the core technology to achieve artificial intelligence. The success of machine learning cannot be achieved without the support of large amounts of data and computing power, which are usually collected through crowdsourcing and learned online. The data collected for machine learning training often contains some personal and sensitive information, including personal mobile phone numbers, ID numbers, and medical information. How to protect these private data at low cost and efficiently is an important problem. Aiming at this kind of problem, this article starts with the privacy problem in machine learning and the way of being attacked and summarizes the privacy protection methods and characteristics in the machine learning algorithm. Then, for the classification accuracy of the different algorithm that uses noise to protect privacy, a deep difference privacy protection method combined with a convolutional neural network is proposed. This method perfectly integrates the features of difference and Gaussian distribution and can obtain the privacy budget of each layer of the neural network. Finally, the stochastic gradient descent algorithm's gradient value is employed to set the Gaussian noise scale and preserve the data's sensitive information. The experimental results demonstrated that by adjusting the parameters of the depth differential privacy model based on differences in private information in the data, a balance between the availability and privacy protection of the training data set could be reached.

1. Introduction

At present, artificial intelligence is mainly data-oriented, and the protection of personal information in data has attracted more and more attention at home and abroad. The Cybersecurity Law of the People's Republic of China in 2017 has clearly stipulated the protection of personal privacy, especially for network operators. The use of sensitive personal information online or in real life without consent is legally liable. The European Union also proposed clear instructions in 2018 on how to handle personal information collected by companies. It has become illegal for companies to collect, share, and analyze data without users' knowledge. In addition to using laws to prevent information disclosure, the realization of privacy protection in machine learning also needs to consider the characteristics of machine learning [1]. It is necessary to design the model structure and training methods with privacy protection as the main premise to ensure that sensitive personal information will not be directly or indirectly obtained by unauthorized personnel during the training process.

In traditional machine learning training, data of all parties are collected by data collectors and then trained by data analysts. This mode is called centralized learning, as shown in Figure 1. The data collector and the data analyst can be on the same side, such as mobile application developers [2]. It can also be multiparty, such as developers sharing data with other data analytics agencies. It can be seen that in the centralized learning mode, once the data are collected, it is difficult for users to have control over the data, and it is also unknown where and how to use the data wisely. In the current, some researchers have tried to train the global model while keeping all data locally. The typical representative of this work is the federated learning proposed by Google in 2017 [3]. Although federated learning gives users control over their personal data, it is not a complete defense against potential privacy attacks.

At present, the privacy protection of machine learning is mainly realized by differential privacy algorithms and its various improvement schemes. For the improvement of differential privacy, researchers mainly improve it from three aspects, which are based on gradient, function, and label, respectively [4]. No matter what kind of differential privacy algorithm, its essence is to add noise in different ways and strategies in the process of machine learning in order to disturb the neural network's memory of real training data. For this kind of method, Abadi et al. proposed a DP-SGD algorithm, which calculates the dependence of neural network weight parameters on training data to control the changes in the gradient descent process to achieve privacy protection, which is not conducive to the convergence of complex models [5]. Xie et al. constructed the DP-GAN method; by adding sensitive information from noise protection data to the gradient, the gradient is calculated from the Wasserstein distance. This approach relies on generators to generate high-quality training data points; therefore, it performs poorly in complex datasets [6]. Phan et al. combined a deep encoder with various privacy techniques, adding a global sensitivity computing layer to the encoder based on a gradient descent approach to provide optimal perturbation parameters and then fine-tuning model parameters using a back-propagation algorithm [7]. This method introduces an additional network layer without fitting training data and the negative effect is more obvious in complex datasets. As an improved scheme, they proposed a new differential privacy protection mechanism, ADLM, which dynamically adjusts the noise allocation by increasing the noise on the neurons weakly correlated with the output during training by introducing neural network parameters to the objective function. When this mechanism is applied to the CIFAR-10 dataset, the accuracy of the model is improved to 84.8%, which is 14% higher than that of the DP-SGD algorithm, but the accuracy is still not ideal [8]. Papernot et al. constructed a deep learning strategy that combines the knowledge transfer method in semisupervision. This strategy uses disjoint datasets to train multiple teacher models and then aggregates the prediction results of multiple teachers by voting and adding noise to further supervise the training of student models [9]. This training method can achieve relatively high model accuracy and has good privacy protection ability. However, since the training of the student model is derived from the accuracy of the prediction parameters of the teacher model, in order to make multiple teacher models have extremely high accuracy, the latter requires a large amount of data training, which is undoubtedly disastrous for complex tasks. For different datasets, how to design noise in the process of aggregation is also a complex task.

For privacy, the different algorithms that are applied to the machine learning model can effectively improve the safety of data privacy, but adding noise is not conducive to the characteristics of the model fitting the data sample because it is at the expense of the data authenticity for privacy security and will inevitably lead to machine learning classification ability of the model. Intelligent data recognition technology is now more advanced than ever, with breakthroughs in target detection, natural language processing, speech recognition, and other areas. Deep learning, as the most mature method in intelligent data recognition, has piqued the interest of an increasing number of academics [10]. The most important feature of deep learning is that it can combine low-level features into more abstract high-level features through neural networks, so as to discover distributed feature representation of data, which can effectively help the prediction accuracy of differential privacy model. Therefore, based on machine learning differential privacy protection mechanism and deep learning, this article designs a differential privacy protection method combined with convolutional networks. This method can well combine the characteristics of differential privacy and Gaussian distribution. In addition to privacy protection, it has better data availability and can protect the sensitive information in the data set more effectively. Small sample training can be used to reconstruct training, and when the sample size is big, the attack effect is substantially decreased. The early model theft attack primarily employs the equation solving method, which is only appropriate for a simple linear binary model [11–13].

The following is a summary of the research: Section 2 contains the background and Section 3 discusses the algorithm in detail. Finally, Section 4 concludes the article.

2. Background

In this section, we examine the privacy issues in machine learning and application of machine learning in privacy protection in detail.

2.1. Privacy Issues in Machine Learning

The development of data collection and analysis inevitably leads to the problem of sensitive information. Privacy in machine learning leaks in two main ways:(1)Direct privacy breaches are caused by mass data collection. Unreliable data collectors collect personal information, share data, and trade data illegally without people's permission.(2)Indirect privacy disclosure caused by insufficient model generalization ability. It is mainly manifested in that the unreliable data analyst can converse the individual sensitive attributes in the unknown training data by interacting with the model [11]. The root cause of this problem is that the more complex the model is in training, the more powerful the “memory” ability of the data is; as a result, models are very sensitive to data differences and perform differently.

Compared with direct privacy disclosure, indirect privacy disclosure is the key goal of machine learning privacy protection. Indirect privacy disclosure refers to various privacy attacks on machine learning models. Privacy attacks mostly occur in the model application phase. Because attackers cannot access training data directly, they can only infer relevant information. An attacker may have no knowledge of the model and data or may have some background knowledge, such as known model types or data characteristics. According to the attacker's target, there are two main ways of privacy attack: refactoring and member-based reasoning.

Reconstruction attack refers to the attacker's attempt to reconstruct sensitive information or target model of specific individuals in training data. The former is called a model inversion attack and the latter is called a model stealing attack. For model inversion attack for machine learning models with simple structure, the sensitive information of individuals in training data can be predicted by using dynamic analysis or computing similarity between records. For example, for the linear prediction model of personalized medicine, the sensitive genotype of a specific patient can be successfully predicted under the condition that the basic information and prediction results of the patient are known. For complex deep learning models, sample labels and other auxiliary information are used. The confidence mechanism is used to identify randomly constructed virtual portraits so as to restore the real appearance of individuals in the dataset. Training reconstruction can be carried out in small sample training, and when the sample size is large, the attack effect will be greatly weakened. As for model theft attacks, the early model theft attack mainly uses the equation solution method, which is only suitable for a simple linear binary model [12]. The model can be applied to complex models and the attack effect can be significantly improved by using predictive confidence. In addition, some researchers also proposed an adaptive attack algorithm for the decision tree model. Although an attack aimed at stealing a model has no apparent interest in data, an inversion attack aimed at obtaining a replacement model can significantly improve the attack effect because the model may “remember” some training data during training. In practical application scenarios, machine learning models are important intellectual property rights for enterprises. Once stolen, they will bring great losses to enterprises.

Member inference attack refers to the attacker trying to predict whether a given sample is used in the training of the model, that is, one of the “members” of the training data. In some cases, inferential attacks can have serious consequences, such as in the case of a diagnostic model built from AIDS patient data; if a person's medical data are inferred to be the model's training data, that person may have AIDS. Member inference mode assumes that the attacker knows the target model in “black box” mode and constructs another expression of the target model—the shadow model using simulated data. At the same time, the attack model was trained to judge the learning effect of the target model by the difference between the output results. The use of the shadow model includes two premises:(1)The data used by the shadow model has a similar distribution to real data.(2)The shadow model structure should be designed according to the target model. In the subsequent research, the above constraints are relaxed and a more general attack model is proposed under the condition of guaranteeing the effectiveness of the attack. Considering the attack in “white box” mode, it believes that the attacker can know the average loss of the target model and judge whether the data are training data by estimating a data loss in the model. In addition, other studies have proposed member inference attacks against generative models and deep learning models with differential privacy protection.

Thus, there are many limitations to current privacy attacks on machine learning, and such attacks can only succeed under certain circumstances [13]. It is important for us to study these issues because such attacks are often fatal for complex models. Protecting sensitive information in data depends on the legal need to regulate data collection methods, processing, and dissemination of personal data with the help of legal and social moral sanctions and constraints to prevent direct privacy disclosure; On the other hand, researchers should consider the potential risks in the training and application process as much as possible at the beginning of the model design and prevent all possible indirect privacy leakage by optimizing the model structure and learning algorithm or using data encryption, noise interference and other privacy protection technologies.

In addition to privacy concerns, machine learning also faces a number of security threats. The main difference between security problem and privacy problem lies in that although the former causes direct or indirect leakage of training data, the model itself is not affected; however, the latter will cause the internal logic of the model to be maliciously induced or destroyed, thus failing to achieve the desired function. Security attacks against machine learning may occur in both model training and model application stages, mainly including poisoning attacks and antisample attacks. Security is also a challenge for machine learning today.

2.2. Application of Machine Learning in Privacy Protection

A privacy protection scenario is a machine learning situation that may result in privacy disclosure and necessitates privacy protection measures. Different privacy protection systems are appropriate for various privacy contexts. Understanding privacy protection scenarios is the premise of designing privacy protection schemes. The stage of machine learning, the training mode of the model, and the privacy protection scenario are determined by credibility, which is calculated by training data distribution [14]. Models, machine learning processes, model training methods, and privacy protection technologies are all utilized to secure private data in machine learning.

2.2.1. Model Classification

Supervisory, semisupervisory, unsupervised, and reinforcement learning are all types of machine learning. Figure 2 depicts the methods found in each category. Among them, the typical method of supervised learning is a support vector machine, the typical method of semisupervised learning is a generative model, the typical method of unsupervised learning is K-means, and the typical method of reinforcement learning is Q-learning. At the same time, deep learning is widely used and highly sought after in various fields, so privacy protection methods based on the neural network model and its variants have also been well developed.

2.2.2. Classification of the Learning Process

Machine learning is usually preceded by training and followed by prediction. In different stages of machine learning, different privacy threats are faced, and the protection methods adopted are also different due to the technology of machine learning itself. At present, homomorphic encryption is mostly used in the prediction stage of deep neural networks but rarely used in the training stage. Deep learning itself has high computing and communication requirements and is a computationally intensive method. In the absence of encryption, it still needs hardware support with high throughput, and its computing and communication requirements are high. Therefore, homomorphic encryption is generally used in deep neural network prediction. However, the privacy protection method of efficient machine learning based on encryption technology in research training is still an open question.

2.2.3. Classification of Training Methods

Machine learning-based model training approaches are centralized, distributed, and joint. The training datasets are collected and managed uniformly by a single machine, cluster, or cloud central server in the concentrated learning model, which has the advantages of easy training and deployment and high model training accuracy. In distributed learning, there is no need to centralize the training data of each participant to the central server. Each user's data are transferred to the cloud server with a balanced load. The distribution of training data among each participant may be horizontal, vertical, or arbitrary [15]. Joint learning first builds a joint model and then trains simultaneously with the data of multiple users, which can keep the training data scattered. However, federated learning is faced with a more complex learning environment, but federated learning attaches more importance to the protection of user data privacy, so it has attracted the attention of academic and industrial circles.

2.2.4. Classification of Protection Technology

There are three techniques commonly used to protect machine learning private data: differential privacy-based methods, homomorphic encryption-based methods, and privacy protection technology based on secure multiparty computing. The characteristics of each technology are summarized in Table 1. Among them, differential privacy technology is a data distortion approach that ensures the privacy of data used for model training, weight parameters, goal function, or model output during model training through manual intervention or adding noise. Homomorphic encryption and security Multiparty computing techniques belong to cryptography methods, which protect data privacy during operation through security protocols. The above methods are often used in combination, like using multiple privacy-secure multiparty computing methods at the same time and homomorphic encryption combined with secure multiparty computing.

3. Algorithm Description

In this part, we discussed the related definitions, algorithm implementation, and experimental results and analysis in detail.

3.1. Related Definitions

Differential privacy technology was put forward by Microsoft in 2006 as a distortion based on the data privacy protection method; this method is based on solid mathematics and privacy protection for the strict definition, provides a quantitative assessment method, makes the different parameters under the processing of datasets provided by the level of privacy protection have comparability. The solution to this problem is to add irrelevant noise to the original data and protect the sensitive information by interfering with the original data [16]. This noise-increasing mechanism is very flexible and does not affect the insertion and deletion of data in the dataset, nor does it affect the output of the calculation. In addition, the attacker's model and characteristics are not considered when designing the privacy protection model.

is defined as differential privacy. Given two training datasets and , where and differ by at most one record, given an algorithm , the value range of is . If algorithm outputs any result () on datasets and that meets , where is the degree of privacy protection, is the error value, and both are nonnegative values, then algorithm meets -differential privacy, and the smaller the value of is, the better the privacy protection degree of algorithm is.

There are two ways to combine difference theory and deep learning: one is the current comparison; that is, the neural network is regarded as a black box, and noise is added in the training process. The other is the approach that requires prior knowledge, which regards the neural network as a white box and adds noise in the optimization process. The former has the characteristics of deep learning, and all parameter learning depends on training data, so large-scale creation cannot be added to prevent damage to model availability. When adding too little noise data, the privacy protection of the training dataset cannot be achieved [17]. The added noise gauge is too small to form the conversion of training data and thus cannot protect private data. Therefore, this article uses a differential privacy protection mechanism in the neural network training process and proposes a -depth differential privacy protection model, whose formal definition is as follows.

Definition 2. -depth differential privacy. For a deep learning network, given an algorithm , Gaussian noise of the distribution function is added during each optimization calculation . Given two datasets and , there is at most one record difference between and . If satisfies and , algorithm satisfies -depth differential privacy, where is a Gaussian distribution with a mean value of 0, variance of , and sensitivity coefficient of .

3.2. Algorithm Implementation

There are two difficulties in the implementation of the above -depth differential privacy protection model:(1)Noise location selection in neural networks.(2)Reasonable distribution of computing power and transmission. Due to the shortcomings of this method, the privacy budget of the network model is calculated using the common features of differential privacy and Gaussian distribution during the stage of neural network parameter optimization, and Gaussian noise is added during the learning process to reduce the overall privacy budget [18]. Then, based on the data processed by the DA algorithm, the trained features are extracted, the data are generated by DCGAN, and the attack results that are closest to the real dataset are selected. Finally, the differences among data are analyzed. If the similarity exceeds the set threshold, the parameters of the DI privacy model are adjusted again until the conditions are met. The algorithm implementation process is shown in Figure 3. The algorithm can protect the sensitive information of users by setting parameters according to users' wishes in the process of deep learning training.

A three-layer neural network model, consisting of an input layer, a single hidden layer, and an output layer, is the most basic structure of a deep learning model. The hidden layer can be modified accordingly on demand, and a multilayer network can be used. In the process of adjusting the parameters, the neural network can extract the features of the original sample and form the feature space of the sample, which makes the data more refined and convenient for classification and prediction [19]. In the process of fusion with differential privacy theory, a complex of sensitive information privacy protection problems usually require multiple application difference algorithm to solve; in this case, in order to ensure the whole process of privacy protection level control within a given budget , we need to will all reasonable budget allocations to the various steps of the algorithm.

Thanks to the composability of differential privacy, a differential privacy algorithm combined with deep learning is implemented. The algorithm is implemented in combination with differential privacy theory and is studied in the process of obtaining the parameters that minimize the loss function of the model. The stochastic gradient descent method also used in this article is selected and noise is added to the calculation process [20, 21]. The algorithm implementation process is as follows: first, the selection is based on the stochastic gradient descent method to select a less than the normal sample size, and the gradient value of each sample is calculated ; secondly, it determines whether meets threshold . If not, adjust to obtain a new gradient value 5 within the range of the gradient threshold . Then, Gaussian noise is added to the gradient value . Finally, the noise gradient is added further in the opposite direction for the next calculation. In addition to outputting the gradient value of the model, you also need to calculate the privacy cost.

The realization process of stochastic gradient descent in the depth difference privacy algorithm is as follows: first, calculate the gradient value of each batch (small batch sample); then, a batch is randomly selected to form a lot, the value of which affects the descent speed of the random gradient. By summating the batch gradient values in this group, the gradient value of the lot is obtained and noise is added to it. Each lot is subject to independent distribution, probability is , and is the size of the input dataset. Finally, the average gradient value is used to update network parameters. The running time is calculated in this technique by calculating the training iteration period, where each iteration period comprises the lot calculation time of . A difficult difficulty in the depth difference privacy algorithm is determining the model's total privacy loss, which is a key indicator of the model's privacy protection effect. Thanks to the independence of differential privacy, the overall privacy loss can be directly calculated in the training process, and the gradient descent method can be used many times in the training process, resulting in the accumulation of the privacy budget.

The loss of privacy mainly depends on the size of the noise added to the algorithm. The loss of privacy can be calculated using the combinable theorem. This method is suitable for Gaussian differential privacy with random sampling and can provide a tighter privacy loss estimate for deep difference privacy stabilization algorithms. Algorithm satisfies the -difference privacy equivalent to the privacy loss random variable at the tail boundary of algorithm . The tail boundary is an important feature of a Gaussian distribution, but calculating it directly causes the border to diverge. To compute the loss of differential privacy, first acquire the linear log value of privacy loss of random variables and then calculate the tail boundary using this value and the conventional Markov equation. In this article, the hierarchical order of deep learning model training is successively calculated according to the composability of differential privacy, and the state of privacy loss is constantly updated.

It is difficult to achieve a balance between generator and discriminator in practical GAN applications because GAN optimizes and alternately and achieves good synchronization. But in practice, it is often necessary to train several times before updating , and if and are not properly balanced, then may eventually collapse to a saddle point. Based on the data processed by the deep difference privacy algorithm, this article generates data through DCGAN and selects the attack result that is closest to the real data set. The similarity between the attack result and the original dataset is compared. If the similarity exceeds the set threshold, the parameters of the depth difference privacy model are adjusted again until the conditions are met.

3.3. Experimental Results and Analysis

3.3.1. Introduction to the Experimental Environment and Dataset

In this section, specific experiments will be conducted to analyze, verify, and explain the effect of the DCGAN feedback-based depth difference privacy protection algorithm. The experimental environment was Intel(R) Xeon(R) CPU E5-2603 V3 1.6 GHz,8 GB memory, 2 TITAN X, Ubuntu16.04 64-bit operating system, Tensor-Flow 1.0 framework, and Bazel0.3.1 compiler; the algorithm is implemented by Python.

The dataset used in the experiment is MNIST, which contains 60,000 training examples and 10,000 test examples. The files of the training set contain 60,000 label contents, and the value of each label is a number from 0 to 9, and each example is a 28 ×28 grayscale image.

3.3.2. Related Experiments and Analysis of Results

Based on the MNIST dataset, the gradient threshold was set as 4 and PCA was set as 60 dimensions in this experiment. In the differential privacy theory, the privacy budget reflects the degree of privacy protection. The smaller the value is, the higher the degree of privacy protection is. Generally, the value ranges from 0 to 10. The usability of the algorithm was measured by changing the privacy budget , privacy bias , and noise addition scale . In the experiment, was fixed as 10⁻⁵, was fixed as 0.5, and was set as 8, 4, and 2, respectively, to test the performance of the algorithm under different noise scales.

Figure 4 is the experimental result when . It can be seen from the experimental results that when the noise scale is large, the algorithm performs poorly in the training set, but it achieves good results in the test set.

Figure 5 is the experimental result when . It can be seen from the learning curve that the difference in algorithm performance between the test set and training set is decreasing.

The above situation is most obvious in . As shown in Figure 6, there is almost no difference between the depth differential privacy method and the training set and the test set. This shows that our model has higher usability and can protect privacy data well against the noise of different scales.

In addition to experiments on the noise of different sizes, this article also used single sample label reasoning attacks against the success rate of the model and calculated the attack; with numerical quantitative reasoning to the higher success rate of the model of reasoning attack defense ability and the higher success rate, the model of reasoning attack defensive ability is weaker, the higher success rate is lower, the model of reasoning attack defensive ability is stronger. In the experiment, 10,000, 20,000, and 30,000 samples were used to train the pretrained neural network with 10, 25, and 50 epochs, and the results were collected as model classification accuracy and inference attack success rate.

As shown in Table 2, the accuracy of the observation model and the model of reasoning to attack the success rate of data can be found that there is a significant negative correlation between the two relations; the foundation of this reasoning is verified against machine learning model fitting and with the reduction of model generalization ability for reasoning attack defense ability, becomes gradually weak. When the data size was 10000 and the epoch was 10, the overall classification accuracy of the model was 98.75%, the model's classification performance was optimal, and the model's defense capacity against inference attack was also optimal. The classification accuracy of the entire model falls as the number of neural network samples and training rounds rise, the degree of overfitting increases, the success rate of inference attacks against the model increases, and the model's defense capabilities against inference attacks weaken. When the number of training samples of pretraining neural network data size is 10000 and the number of training cycles epoch is 10, the success rate of inference attack against this model decreases to 13.14%. Because MNIST is a 10-classification dataset, the attack effect is equal to the attack effect of random guess, which means that the private-protection machine learning model based on knowledge difference trained under this parameter will make the inference attack against this model invalid.

Table 3 lists the model classification accuracy of the CNN model and the model in this article in different training set sizes and training rounds and the success rate of inference attacks against these two models on MNIST data sets. As shown in Table 3, compared with CNN, when the training set has the same capacity and the same number of training rounds, our method has high classification accuracy and can effectively improve the defense ability against attacks so that the accuracy of inference attack is reduced to below 14%. In the MNIST dataset, when the number of training rounds of the CNN model is 50, the attack accuracy will be significantly reduced, but at this time, the CNN model has been fitted, its generalization ability is weakened, and the classification accuracy is also reduced.

4. Conclusions

The improvement of machine learning performance cannot be separated from the training of large-scale data. While serving our daily life, it also makes the disclosure of sensitive personal information more likely. The differential privacy algorithm is used to safeguard privacy in machine learning. It is simple to degrade the accuracy of model classification when this strategy improves the privacy protection ability of a machine learning model by adding noise. To solve this problem, this article proposes a sensitive information protection method combining differential privacy and deep learning, which realizes the purpose of deep protection of users' sensitive information in training datasets. During parameter optimization of the network model, the method combines the idea of differential privacy and adds noise data. By analyzing the discrepancies between attack outcomes and original data, experimental data show that privacy model settings can be balanced between the availability and privacy protection of training data sets. While the categorization accuracy is guaranteed, information leakage can be limited.

Data Availability

The datasets used during the current study are available from the corresponding author on reasonable request.

Conflicts of Interest

The author declares that he has no conflicts of interest.

References

B. A. Malin, “An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future,” Journal of the American Medical Informatics Association, vol. 12, no. 1, pp. 28–34, 2004.
View at: Publisher Site | Google Scholar
D. Wang, J. Zhao, and Y. Wang, “A survey on privacy protection of blockchain: the technology and application,” IEEE Access, vol. 8, pp. 108766–108781, 2020.
View at: Publisher Site | Google Scholar
A. R. Miller and C. Tucker, “Privacy protection and technology diffusion: the case of electronic medical records,” Management Science, vol. 55, no. 7, pp. 1077–1093, 2009.
View at: Publisher Site | Google Scholar
C. Bettini and D. Riboni, “Privacy protection in pervasive systems: state of the art and technical challenges,” Pervasive and Mobile Computing, vol. 17, pp. 159–174, 2015.
View at: Publisher Site | Google Scholar
R. Gupta, S. Tanwar, F. Al-Turjman, and P. A. S. W. Italiya, “Smart contract privacy protection using AI in cyber-physical systems: tools, techniques and challenges,” IEEE Access, vol. 8, pp. 24746–24772, 2020.
View at: Publisher Site | Google Scholar
C. Yin, J. Xi, R. Sun, and J. Wang, “Location privacy protection based on differential privacy strategy for big data in industrial internet of things,” IEEE Transactions on Industrial Informatics, vol. 14, no. 8, pp. 3628–3636, 2018.
View at: Publisher Site | Google Scholar
B. Claerhout and G. J. E. DeMoor, “Privacy protection for clinical and genomic data,” International Journal of Medical Informatics, vol. 74, no. 2-4, pp. 257–265, 2005.
View at: Publisher Site | Google Scholar
Q. Feng, D. He, S. Zeadally, and M. K. N. Khan, “A survey on privacy protection in blockchain system,” Journal of Network and Computer Applications, vol. 126, pp. 45–58, 2019.
View at: Publisher Site | Google Scholar
H.-T. Wu and C.-W. Tsai, “Toward b for health-care systems: applying the bilinear pairing technology to ensure privacy protection and accuracy in data sharing,” IEEE Consumer Electronics Magazine, vol. 7, no. 4, pp. 65–71, 2018.
View at: Publisher Site | Google Scholar
C. Yin, L. Shi, R. Sun, and J. Wang, “Improved collaborative filtering recommendation algorithm based on differential privacy protection,” The Journal of Supercomputing, vol. 76, no. 7, pp. 5161–5174, 2020.
View at: Publisher Site | Google Scholar
P. C. M. Arachchige, P. Bertok, I. Khalil, D. Liu, S. Camtepe, and M. Atiquzzaman, “Local differential privacy for deep learning,” IEEE Internet of Things Journal, vol. 7, no. 7, pp. 5827–5842, 2019.
View at: Google Scholar
Z. Bu, H. Wang, and Q. Long, “On the convergence of deep learning with differential privacy,” 2021, https://arxiv.org/abs/2106.07830.
View at: Google Scholar
T. Zhu, D. Ye, W. Wang, W. Zhou, and P. S. Yu, “More than privacy: applying differential privacy in key areas of artificial intelligence,” 2020, https://arxiv.org/abs/2008.01916.
View at: Google Scholar
A. K. Owusu, Z. Qin, H. Xiong, Y. Liu, T. Zhaung, and Z. Qin, “MSDP: multi-scheme privacy-preserving deep learning via differential privacy,” Personal and Ubiquitous Computing, pp. 1–13, 2021.
View at: Publisher Site | Google Scholar
A. D. Sarwate and K. Chaudhuri, “Signal processing and machine learning with differential privacy: algorithms and challenges for continuous data,” IEEE Signal Processing Magazine, vol. 30, no. 5, pp. 86–94, 2013.
View at: Publisher Site | Google Scholar
L. Cui, Y. Qu, M. R. Nosouhi, and S. J.-W. G. Yu, “Improving data utility through game theory in personalized differential privacy,” Journal of Computer Science and Technology, vol. 34, no. 2, pp. 272–286, 2019.
View at: Publisher Site | Google Scholar
Z. Ji, Z. C. Lipton, and C. Elkan, “Differential privacy and machine learning: a survey and review,” 2014, https://arxiv.org/abs/1412.7584.
View at: Google Scholar
R. Hall, A. Rinaldo, and L. Wasserman, “Differential privacy for functions and functional data,” Journal of Machine Learning Research, vol. 14, no. 1, pp. 703–727, 2013.
View at: Google Scholar
S. Gopi, Y. T. Lee, and L. Wutschitz, “Numerical composition of differential privacy,” Advances in Neural Information Processing Systems, vol. 34, 2021.
View at: Google Scholar
W. Wang, L. Ying, and J. Zhang, “On the relation between i, differential privacy, and mutual-information privacy,” IEEE Transactions on Information Theory, vol. 62, no. 9, pp. 5018–5029, 2016.
View at: Publisher Site | Google Scholar
J. Pei, K. Zhong, M. A. Jan, and J. Li, “Personalized federated learning framework for network traffic anomaly detection,” Computer Networks, vol. 209, 2022, https://doi.org/10.1016/j.comnet.2022.108906.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Qiang liu. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies