关键词: 隐私保护, 生成对抗网络, 差分隐私, 梯度裁剪

Abstract: A differential privacy protection algorithm, DPGAN-AGC (Differential Privacy GAN based on Adaptive Gradient Clipping), is proposed on the basis of DPSGD (Differential Privacy Stochastic Gradient Descent) model, in order to better balance privacy preserving and data availability. When Gaussian noise is injected into the gradient of GAN through the differential privacy mechanism during its game-theoretic learning process, an adaptive strategy of updating gradient threshold is adopted, which can iteratively optimize the threshold of gradient clipping based on the public sample set as well as current gradient value. As a result, it is advantageous to control the scale of injected noise flexibly and improve the availability of generated data evidently. Meanwhile, the Moments Accountant is introduced to automatically track loss of the privacy. The DPGAN-AGC algorithm can not only balance utility and security properties of generative models, but also provide a solution to existing problems including inappropriate impact of noise designing, etc. Experimental results show that the proposed DPGAN-AGC outperforms DPSGD in several behaviors including better image quality in terms of higher Inception Score, higher availability of generated data demonstrated by a 2%-8% improvement in classification accuracy, and stronger resistance to Membership Inference Attacks (MIAs) measured by closer success rate to 50%.

Key words: privacy preserving, Generative Adversarial Networks, Differential privacy, Gradient Clipping