CN110807484A - Privacy protection VGG-based secret image identification method and system - Google Patents

Privacy protection VGG-based secret image identification method and system Download PDF

Info

Publication number
CN110807484A
CN110807484A CN201911051284.6A CN201911051284A CN110807484A CN 110807484 A CN110807484 A CN 110807484A CN 201911051284 A CN201911051284 A CN 201911051284A CN 110807484 A CN110807484 A CN 110807484A
Authority
CN
China
Prior art keywords
server
image
component
dense
vgg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911051284.6A
Other languages
Chinese (zh)
Other versions
CN110807484B (en
Inventor
熊金波
赵明烽
刘西蒙
毕仁万
田有亮
金彪
林劼
李琦
应作斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN201911051284.6A priority Critical patent/CN110807484B/en
Publication of CN110807484A publication Critical patent/CN110807484A/en
Application granted granted Critical
Publication of CN110807484B publication Critical patent/CN110807484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/29Graphical models, e.g. Bayesian networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Image Processing (AREA)

Abstract

The invention relates to a method and a system for identifying a secret image based on privacy protection VGG (virtual private graph), wherein in the method, a sender encrypts an original image into two secret component images and respectively sends the two secret component images to a first server and a second server; then the trusted server discloses a pre-training parameter, a fine-tuning training parameter and a preset hyper-parameter of the VGG network, and generates and distributes a random security parameter to the first server and the second server; then the first server and the second server respectively execute safe convolution, activation, pooling and full-connection layer operation on the two secret-state component images; and finally, the receiver receives the output results from the first server and the second server respectively, and performs decryption operation to obtain the feature extraction and identification results of the secret image. The method and the system are beneficial to improving the accuracy of the dense-state image identification and the privacy of the image.

Description

Privacy protection VGG-based secret image identification method and system
Technical Field
The invention relates to the technical field of deep learning, in particular to a dense-state image identification method and system based on privacy protection VGG.
Background
In recent years, deep learning has been greatly advanced in the field of artificial intelligence, and is applied to many fields such as speech recognition, natural language processing, computer vision, image and video analysis, multimedia, and the like. The image recognition is an important direction of artificial intelligence, and after three stages of character recognition, digital image processing and recognition, object recognition and the like, the development of deep learning provides a driving force for the qualitative leap of an image recognition algorithm, and more natural intelligent interaction is realized. The existing deep learning model belongs to the category of neural networks, and by utilizing a famous back propagation algorithm, the model can train the neural network to simulate the mechanism of brain cognition to solve various target learning tasks and continuously improve the learning efficiency and accuracy.
The key of image recognition is to extract CNN features from the image, and the VGG model is the preferred algorithm. The network has the characteristics of small convolution kernel, small pooling kernel, wider feature map with deeper layer number and full-connection convolution, and the performance of the network in a plurality of transfer learning tasks is superior to that of another excellent convolution neural network model, GoogLeNet. With the increasing complexity of the features of the image to be recognized, the accuracy of image detection is increased, and the privacy degree of the contained information is also increased. However, the image detection algorithm of the conventional VGG network cannot provide security guarantee for the image information to be detected, and the privacy problem of the image information to be detected needs to be solved urgently. Therefore, in order to ensure the privacy security of the image to be detected in the process of image identification by using the VGG network, a method and a system for protecting the VGG in privacy should be designed. At present, few solutions for realizing the privacy of the image to be tested aiming at the network exist.
Disclosure of Invention
The invention aims to provide a dense-state image recognition method and a dense-state image recognition system based on privacy protection VGG, and the method and the system are favorable for improving the accuracy of dense-state image recognition and the privacy of images.
In order to achieve the purpose, the invention adopts the technical scheme that a secret state image identification method based on the privacy protection VGG comprises the steps that firstly, a sender α encrypts an original image I into two secret state component images I1、I2And respectively sent to the first server S1And a second server S2(ii) a Then the credible server T discloses the pre-training parameters, the fine-tuning training parameters and the preset hyper-parameters of the VGG network, generates and distributes the random security parameters to the first server S1And a second server S2(ii) a Then the first server S1And a second server S2For two dense component images I respectively1、I2Performing security convolution, activation, pooling and full connection layer operations, and finally the receiver β receives the data from the first server S1And a second server S2Output result of (1) O1、O2And carrying out decryption operation to obtain a characteristic extraction and identification result O ═ O of the secret image1+O2
Further, sender α encrypts original image I into two secret component images I using a (2,2) -secret segmentation threshold scheme1、I2The method comprises the following steps:
for one originalFrom image I, sender α uses a random number generator to generate a random pixel matrix with the same size as the original image, i.e. a dense component image I1And sent to the first server S1Then subtracting the dense component image I from the original image I1Obtaining a dense component image I2And sent to the second server S2Wherein the random number has a selection field range of [ -2 ]n-1,2n-1-1],n=8,16,32,...。
Further, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe convolution operation comprises the following steps:
the trusted server T discloses pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network, the disclosed convolution kernel parameters (w; b) are known, the received image input value is x, the sender carries out splitting operation on the pixels of each position point of the original image I according to the (2,2) -secret segmentation threshold scheme to obtain components x1And x2And x ═ x1+x2(ii) a First server S1Using the parameter (w; b) to the received input component x1Performing a convolution operation; second server S2Using the parameter (w; 0) to the received input component x2A convolution operation is performed.
Further, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the security activation operation comprises the following steps:
for the received activation layer input u, the complete activation operation is to calculate a function max (u,0), the pixel position where u is less than 0 is set to be 0, and the position where u is more than or equal to 0 is kept unchanged; first server S1And a second server S2Respectively receiving input components of the active layer, and interactively obtaining sign bits of pixel positions of the two input components corresponding to the original image by using a safety comparison function SecComp; if the sign bit is equal to 1, then S1And S2The components are set to 0, respectively, otherwise they remain unchanged.
Further, the secure compare function SecComp used in the secure activation operation includes a secure binary multiplication function SecBitMul, a secure binary addition function SecBitAdd, and a secure bit extraction function SecBitExtra, where the function SecBitMul is performed as follows:
step A1: the trusted server T randomly generates a multiplication triple, and the third number is the product of the first two numbers; three random numbers are generated again and distributed to the first server S1(ii) a The three random numbers and the multiplication triples are sequentially and correspondingly executed with XOR operation to obtain three new random numbers and sent to a second server S2
Step A2: first server S1A second server S2Receiving the input components of two multipliers of the calling function SecBitMul, respectively, and using the random multiplication triple and the corresponding random number, S1And S2Finally, output results are respectively obtained, the condition that the XOR value of the two output results is equal to the AND value of the two multiplication input component phases is met, and carry operation of binary bit is realized;
the function SecBitAdd is performed as follows:
step B1: first server S1A second server S2Receiving the two addends of the calling function SecBitMul, respectively, as input components, S1、S2Respectively carrying out exclusive or operation on the two input components to obtain an addend sum which does not contain a carry; calling a function SecBitMul to obtain a bit position 1 with carry currently; s1、S2Respectively executing the operation of shifting left by one bit, and respectively transmitting the shifted results to the opposite side for interaction;
step B2: s1、S2Respectively carrying out XOR operation on the two new components, judging whether carry exists or not, if so, iteratively calling a function SecBitMul and left shift operation until S1、S2Adding all carry values of the respective addition operation, and jumping out of a loop; s1、S2Respectively outputting the component results of the addition;
the function SecBitExtra is performed as follows:
step C1: the trusted server T randomly generates threeRandom number r1、r2And gamma1Calculating r1XOR r2To obtain r, r minus gamma1To obtain gamma2R is to1And gamma1Is distributed to S1R is to2And gamma2Is distributed to S2
Step C2: first server S1And a second server S2Receiving respective input components, subtracting γ from the respective input components1、γ2To obtain t1、t2;S2Will t2Is transmitted to S1;S1Calculating t1、t2Sum is v, and generate a random number v1Calculating v exclusive OR v1To obtain v2And is transmitted to S2;S1And S2Interactively using the function SecBitAdd, i.e. S1Input r1And v1,S2Input r2And v2;S1、S2Respectively obtaining component output values;
step C3: s1、S2Respectively receiving the component output after the calling function SecBitAdd, respectively judging the positive and negative of the output result, if the component output is less than zero, setting the symbol position 1 of each component, and otherwise, setting the symbol position 0; s1、S2Interactively transmitting respective sign bits, and simultaneously carrying out XOR operation on the sign bits of the two parties to obtain a final sign bit result; s1、S2The common final sign bit results are output, respectively.
Further, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe pooling operation comprises the following steps:
after receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the result after pooling the area; s1And S2After receiving the input components of the pooling layers respectively, marking the upper left-corner pixel points in the respective pooling windows as maximum positions; then S1、S2Follow the rule from left to right and from top to bottom, while aligning the pixel positions within the respective pooling windowsExecuting two-two subtraction operation, mutually transmitting corresponding two-two difference values for summation, if the summation result is less than zero, marking the pixel point where the subtracted number is located as the maximum value position, otherwise, keeping the initial value of the maximum value position unchanged; s1、S2Iteratively performing the operation until the pooling window is traversed; s1、S2Outputting the pixel value of the maximum position in the pooling window to replace the pooling window; s1、S2And sliding the pooling windows, traversing the respective component image areas, and respectively outputting pooling layer results.
Further, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe full-connection operation comprises the following steps:
the trusted server T discloses a full connection layer parameter (w; b), and the operation of the complete full connection layer is to calculate y as w.x + b for the received input x of the full connection layer; first server S1Receiving an input component x1Performing a full join operation, i.e. calculating y, using the parameters (w; b)1=w·x1+ b; second server S2Receiving an input component x2Performing a full join operation, i.e. calculating y, using the parameter (w; 0)2=w·x2+0, and x ═ x1+x2
Further, the method for the receiver β to perform decryption operation is that the first server S1Image I of dense component1Output result O of forward process of VGG network after execution1Sent to recipient β, second server S2Image I of dense component2Output result O of forward process of VGG network after execution2Sending to the receiver β, β performing a decryption operation, i.e. calculating O ═ O1+O2And obtaining the dense image feature extraction and identification results of the original image I.
The invention also provides a dense state image recognition system adopting the method, which comprises the following steps:
a sender α, configured to perform an image encryption operation, that is, randomly split and encrypt an original image into two secret component images;
the credible server T is used for disclosing the model training parameters, generating and distributing random security parameters related to the security functions of each layer;
first server S1And a second server S2The device is used for executing the VGG network for privacy protection in parallel and respectively outputting the feature extraction and identification results of the secret component images; and
a receiver β for performing an image decryption operation, i.e. to the first server S1And a second server S2And the output results are merged to obtain a dense image recognition result which is the same as the original image recognition result.
Compared with the prior art, the invention has the following beneficial effects: the invention utilizes a secret segmentation threshold scheme to encrypt the original image, utilizes two randomly split secret component images to execute a privacy protection VGG network in parallel, and finally obtains the same privilege extraction and identification effects as the original image by combining the output results of the secret component images. For any component output result, the method has no practical significance and does not reveal the original image privacy. The method not only ensures the privacy security of the original image to be detected in the identification process, but also ensures that the splitting operation does not influence the accuracy of identification and detection, and realizes the security without sacrificing the detection precision.
Drawings
FIG. 1 is a flow chart of a method implementation of an embodiment of the present invention.
Fig. 2 is a schematic diagram of a system configuration of an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the embodiments.
The invention randomly splits the image to be measured into two component images which can not be distinguished, and the two component images are delivered to two competitive servers to be respectively processed by the VGG network. By constructing a safety function with interactive property to replace layers of various types of the traditional VGG network, the effect of combining two component images after the two component images are processed in parallel by the VGG network is equivalent to the effect of the original image after the VGG network is processed.
Based on the above thought, the present invention provides a secret state image recognition method based on privacy protection VGG, as shown in fig. 1, firstly, a sender α encrypts an original image I into two secret state component images I1、I2And respectively sent to the first server S1And a second server S2(ii) a Then the credible server T discloses the pre-training parameters, the fine-tuning training parameters and the preset hyper-parameters of the VGG network, generates and distributes the random security parameters to the first server S1And a second server S2(ii) a Then the first server S1And a second server S2For two dense component images I respectively1、I2Performing security convolution, activation, pooling and full connection layer operations, and finally the receiver β receives the data from the first server S1And a second server S2Output result of (1) O1、O2And carrying out decryption operation to obtain a characteristic extraction and identification result O ═ O of the secret image1+O2
In this embodiment, sender α encrypts original image I into two secret component images I using a (2,2) -secret split threshold scheme1、I2The method comprises the following steps:
for an original image I, sender α uses a random number generator to generate a random pixel matrix with the same size as the original image, i.e., a dense component image I1And sent to the first server S1Then subtracting the dense component image I from the original image I1Obtaining a dense component image I2And sent to the second server S2Wherein the random number has a selection field range of [ -2 ]n-1,2n-1-1],n=8,16,32,...。
In this embodiment, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe convolution operation comprises the following steps:
the trusted server T discloses pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network, knowing the disclosed convolution kernel parameters (w;b) the received image input value is x, the sender splits the pixels of each position point of the original image I according to the (2,2) -secret division threshold scheme to obtain a component x1And x2And x ═ x1+x2(ii) a First server S1Using the parameter (w; b) to the received input component x1Performing a convolution operation; second server S2Using the parameter (w; 0) to the received input component x2A convolution operation is performed.
In this embodiment, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the security activation operation comprises the following steps:
for the received activation layer input u, the complete activation operation is to calculate a function max (u,0), the pixel position where u is less than 0 is set to be 0, and the position where u is more than or equal to 0 is kept unchanged; first server S1And a second server S2Respectively receiving input components of the active layer, and interactively obtaining sign bits of pixel positions of the two input components corresponding to the original image by using a safety comparison function SecComp; if the sign bit is equal to 1, then S1And S2The components are set to 0, respectively, otherwise they remain unchanged.
Wherein the secure compare function SecComp used in the secure activation operation includes a secure binary multiplication function SecBitMul, a secure binary addition function SecBitAdd, and a secure bit extraction function SecBitExtra.
The function SecBitMul is performed as follows:
step A1: the trusted server T randomly generates a multiplication triple, and the third number is the product of the first two numbers; three random numbers are generated again and distributed to the first server S1(ii) a The three random numbers and the multiplication triples are sequentially and correspondingly executed with XOR operation to obtain three new random numbers and sent to a second server S2
Step A2: first server S1A second server S2The input components of the two multipliers of the call function SecBitMul are received separately (for example1+r2、v=v1+v2,S1Receive r1、v1,S2Receive r2、v2) Using random multiplicative triplets and corresponding random numbers, S1And S2And finally, respectively obtaining output results, and realizing carry operation of binary bit positions, wherein the condition that the XOR value of the two output results is equal to the AND value of the two multiplication input component phases is met.
The function SecBitAdd is performed as follows:
step B1: first server S1A second server S2The input components of the two addends of the call function SecBitMul are received separately (for example1+r2、v=v1+v2,S1Receive r1、v1,S2Receive r2、v2),S1、S2Respectively carrying out exclusive or operation on the two input components to obtain an addend sum which does not contain a carry; calling a function SecBitMul to obtain a bit position 1 with carry currently; s1、S2Respectively executing the operation of shifting left by one bit, and respectively transmitting the shifted results to the opposite side for interaction;
step B2: s1、S2Respectively carrying out XOR operation on the two new components, judging whether carry exists or not, if so, iteratively calling a function SecBitMul and left shift operation until S1、S2Adding all carry values of the respective addition operation, and jumping out of a loop; s1、S2The component results of the addition are output separately.
The function SecBitExtra is performed as follows:
step C1: the trusted server T randomly generates three random numbers r1、r2And gamma1Calculating r1XOR r2To obtain r, r minus gamma1To obtain gamma2R is to1And gamma1Is distributed to S1R is to2And gamma2Is distributed to S2
Step C2: first server S1And a second server S2Receiving respective input components forSubtracting gamma from the input component1、γ2To obtain t1、t2;S2Will t2Is transmitted to S1;S1Calculating t1、t2Sum is v, and generate a random number v1Calculating v exclusive OR v1To obtain v2And is transmitted to S2;S1And S2Interactively using the function SecBitAdd, i.e. S1Input r1And v1,S2Input r2And v2;S1、S2Respectively obtaining component output values;
step C3: s1、S2Respectively receiving the component output after the calling function SecBitAdd, respectively judging the positive and negative of the output result, if the component output is less than zero, setting the symbol position 1 of each component, and otherwise, setting the symbol position 0; s1、S2Interactively transmitting respective sign bits, and simultaneously carrying out XOR operation on the sign bits of the two parties to obtain a final sign bit result; s1、S2The common final sign bit results are output, respectively.
In this embodiment, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe pooling operation comprises the following steps:
after receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the result after pooling the area; s1And S2After receiving the input components of the pooling layers respectively, marking the upper left-corner pixel points in the respective pooling windows as maximum positions; then S1、S2According to the rule from left to right and from top to bottom, performing subtraction operation on pixel positions in respective pooling windows, transmitting corresponding difference values of every two to sum, if the sum result is smaller than zero, marking the pixel point where the subtracted number is located as the maximum value position, otherwise, keeping the initial value of the maximum value position unchanged; s1、S2Iteratively performing the operation until the pooling window is traversed; s1、S2Outputting the pixel value of the maximum position in the pooling window to replace the pooling window; s1、S2And sliding the pooling windows, traversing the respective component image areas, and respectively outputting pooling layer results.
In this embodiment, the first server S1And a second server S2For two dense component images I respectively1、I2The method for executing the safe full-connection operation comprises the following steps:
the trusted server T discloses a full connection layer parameter (w; b), and the operation of the complete full connection layer is to calculate y as w.x + b for the received input x of the full connection layer; first server S1Receiving an input component x1Performing a full join operation, i.e. calculating y, using the parameters (w; b)1=w·x1+ b; second server S2Receiving an input component x2Performing a full join operation, i.e. calculating y, using the parameter (w; 0)2=w·x2+0, and x ═ x1+x2
In this embodiment, the decryption operation performed by the receiver β is performed by the first server S1Image I of dense component1Output result O of forward process of VGG network after execution1Sent to recipient β, second server S2Image I of dense component2Output result O of forward process of VGG network after execution2Sending to the receiver β, β performing a decryption operation, i.e. calculating O ═ O1+O2And obtaining the dense image feature extraction and identification results of the original image I.
The invention also provides a secret image recognition system adopting the method, which comprises a sender α, a trusted server T and a first server S as shown in fig. 21A second server S2And a recipient β.
The sender α is configured to perform an image encryption operation, that is, randomly split and encrypt an original image into two secret component images;
the trusted server T is used for disclosing model training parameters, generating and distributing random security parameters related to security functions of each layer;
the first server S1And a second server S2For parallel execution of hiddenThe private protection VGG network respectively outputs the feature extraction and identification results of the secret component images;
the receiver β is used to perform an image decryption operation, i.e. to the first server S1And a second server S2And the output results are merged to obtain a dense image recognition result which is the same as the original image recognition result.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (9)

1. A secret image identification method based on privacy protection VGG is characterized in that a sender α encrypts an original image I into two secret component images I1、I2And respectively sent to the first server S1And a second server S2(ii) a Then the credible server T discloses the pre-training parameters, the fine-tuning training parameters and the preset hyper-parameters of the VGG network, generates and distributes the random security parameters to the first server S1And a second server S2(ii) a Then the first server S1And a second server S2For two dense component images I respectively1、I2Performing security convolution, activation, pooling and full connection layer operations, and finally the receiver β receives the data from the first server S1And a second server S2Output result of (1) O1、O2And carrying out decryption operation to obtain a characteristic extraction and identification result O ═ O of the secret image1+O2
2. The VGG-based secret image recognition method of claim 1, wherein a sender α encrypts an original image I into two secret component images I by using a (2,2) -secret partition threshold scheme1、I2The method comprises the following steps:
for an original image I, sender α uses a random number generator to generate a random matrix of pixels, i.e., dense components, that is the same size as the original imageImage I1And sent to the first server S1Then subtracting the dense component image I from the original image I1Obtaining a dense component image I2And sent to the second server S2Wherein the random number has a selection field range of [ -2 ]n-1,2n-1-1],n=8,16,32,...。
3. The VGG-based dense state image recognition method of claim 2, wherein the first server S is1And a second server S2For two dense component images I respectively1、I2The method for executing the safe convolution operation comprises the following steps:
the trusted server T discloses pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network, the disclosed convolution kernel parameters (w; b) are known, the received image input value is x, the sender carries out splitting operation on the pixels of each position point of the original image I according to the (2,2) -secret segmentation threshold scheme to obtain components x1And x2And x ═ x1+x2(ii) a First server S1Using the parameter (w; b) to the received input component x1Performing a convolution operation; second server S2Using the parameter (w; 0) to the received input component x2A convolution operation is performed.
4. The VGG-based dense state image recognition method of claim 3, wherein the first server S is1And a second server S2For two dense component images I respectively1、I2The method for executing the security activation operation comprises the following steps:
for the received activation layer input u, the complete activation operation is to calculate a function max (u,0), the pixel position where u is less than 0 is set to be 0, and the position where u is more than or equal to 0 is kept unchanged; first server S1And a second server S2Respectively receiving input components of the active layer, and interactively obtaining sign bits of pixel positions of the two input components corresponding to the original image by using a safety comparison function SecComp; if the sign bit is equal to 1, then S1And S2The components are set to 0, respectively, otherwise they remain unchanged.
5. The VGG-based dense state image recognition method for privacy protection as claimed in claim 4, wherein the SecComp function used in the security activation operation comprises a SecBitMul function, a SecBitADD function, and a SecBitExtra function, wherein the SecBitMul function is performed as follows:
step A1: the trusted server T randomly generates a multiplication triple, and the third number is the product of the first two numbers; three random numbers are generated again and distributed to the first server S1(ii) a The three random numbers and the multiplication triples are sequentially and correspondingly executed with XOR operation to obtain three new random numbers and sent to a second server S2
Step A2: first server S1A second server S2Receiving the input components of two multipliers of the calling function SecBitMul, respectively, and using the random multiplication triple and the corresponding random number, S1And S2Finally, output results are respectively obtained, the condition that the XOR value of the two output results is equal to the AND value of the two multiplication input component phases is met, and carry operation of binary bit is realized;
the function SecBitAdd is performed as follows:
step B1: first server S1A second server S2Receiving the two addends of the calling function SecBitMul, respectively, as input components, S1、S2Respectively carrying out exclusive or operation on the two input components to obtain an addend sum which does not contain a carry; calling a function SecBitMul to obtain a bit position 1 with carry currently; s1、S2Respectively executing the operation of shifting left by one bit, and respectively transmitting the shifted results to the opposite side for interaction;
step B2: s1、S2Respectively carrying out XOR operation on the two new components, judging whether carry exists or not, if so, iteratively calling a function SecBitMul and left shift operation until S1、S2Operating by addition of respective onesAdding all carry values, and jumping out of the loop; s1、S2Respectively outputting the component results of the addition;
the function SecBitExtra is performed as follows:
step C1: the trusted server T randomly generates three random numbers r1、r2And gamma1Calculating r1XOR r2To obtain r, r minus gamma1To obtain gamma2R is to1And gamma1Is distributed to S1R is to2And gamma2Is distributed to S2
Step C2: first server S1And a second server S2Receiving respective input components, subtracting γ from the respective input components1、γ2To obtain t1、t2;S2Will t2Is transmitted to S1;S1Calculating t1、t2Sum is v, and generate a random number v1Calculating v exclusive OR v1To obtain v2And is transmitted to S2;S1And S2Interactively using the function SecBitAdd, i.e. S1Input r1And v1,S2Input r2And v2;S1、S2Respectively obtaining component output values;
step C3: s1、S2Respectively receiving the component output after the calling function SecBitAdd, respectively judging the positive and negative of the output result, if the component output is less than zero, setting the symbol position 1 of each component, and otherwise, setting the symbol position 0; s1、S2Interactively transmitting respective sign bits, and simultaneously carrying out XOR operation on the sign bits of the two parties to obtain a final sign bit result; s1、S2The common final sign bit results are output, respectively.
6. The VGG-based dense state image recognition method of claim 5, wherein the first server S is1And a second server S2For two dense component images I respectively1、I2The method for executing the safe pooling operation comprises the following steps:
receiving poolAfter the input of the stratification layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the result after pooling of the area; s1And S2After receiving the input components of the pooling layers respectively, marking the upper left-corner pixel points in the respective pooling windows as maximum positions; then S1、S2According to the rule from left to right and from top to bottom, performing subtraction operation on pixel positions in respective pooling windows, transmitting corresponding difference values of every two to sum, if the sum result is smaller than zero, marking the pixel point where the subtracted number is located as the maximum value position, otherwise, keeping the initial value of the maximum value position unchanged; s1、S2Iteratively performing the operation until the pooling window is traversed; s1、S2Outputting the pixel value of the maximum position in the pooling window to replace the pooling window; s1、S2And sliding the pooling windows, traversing the respective component image areas, and respectively outputting pooling layer results.
7. The VGG-based dense state image recognition method of claim 6, wherein the first server S is1And a second server S2For two dense component images I respectively1、I2The method for executing the safe full-connection operation comprises the following steps:
the trusted server T discloses a full connection layer parameter (w; b), and the operation of the complete full connection layer is to calculate y as w.x + b for the received input x of the full connection layer; first server S1Receiving an input component x1Performing a full join operation, i.e. calculating y, using the parameters (w; b)1=w·x1+ b; second server S2Receiving an input component x2Performing a full join operation, i.e. calculating y, using the parameter (w; 0)2=w·x2+0, and x ═ x1+x2
8. The VGG-based secret image recognition method of claim 7, wherein the recipient β performs the decryption operation by the first server S1Divide the dense state intoQuantity image I1Output result O of forward process of VGG network after execution1Sent to recipient β, second server S2Image I of dense component2Output result O of forward process of VGG network after execution2Sending to the receiver β, β performing a decryption operation, i.e. calculating O ═ O1+O2And obtaining the dense image feature extraction and identification results of the original image I.
9. A dense image recognition system using the method of any one of claims 1-8, comprising:
a sender α, configured to perform an image encryption operation, that is, randomly split and encrypt an original image into two secret component images;
the credible server T is used for disclosing the model training parameters, generating and distributing random security parameters related to the security functions of each layer;
first server S1And a second server S2The device is used for executing the VGG network for privacy protection in parallel and respectively outputting the feature extraction and identification results of the secret component images; and
a receiver β for performing an image decryption operation, i.e. to the first server S1And a second server S2And the output results are merged to obtain a dense image recognition result which is the same as the original image recognition result.
CN201911051284.6A 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system Active CN110807484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Publications (2)

Publication Number Publication Date
CN110807484A true CN110807484A (en) 2020-02-18
CN110807484B CN110807484B (en) 2023-05-23

Family

ID=69489803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911051284.6A Active CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Country Status (1)

Country Link
CN (1) CN110807484B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112184701A (en) * 2020-10-22 2021-01-05 中国联合网络通信集团有限公司 Method, device and system for determining detection result
CN113095430A (en) * 2021-04-26 2021-07-09 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment
CN113190858A (en) * 2021-04-20 2021-07-30 中国人民大学 Image processing method, system, medium and device based on privacy protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 The image-recognizing method of convolutional neural networks based on openness random pool
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network
US20190190700A1 (en) * 2017-12-18 2019-06-20 University-Industry Cooperation Group Of Kyung-Hee University Reinforcement learning-based encryption and decryption method and client and server system performing the same

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 The image-recognizing method of convolutional neural networks based on openness random pool
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
US20190190700A1 (en) * 2017-12-18 2019-06-20 University-Industry Cooperation Group Of Kyung-Hee University Reinforcement learning-based encryption and decryption method and client and server system performing the same
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈小凡: "卷积神经网络在激光再现防伪图像识别中的应用" *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112184701A (en) * 2020-10-22 2021-01-05 中国联合网络通信集团有限公司 Method, device and system for determining detection result
CN113190858A (en) * 2021-04-20 2021-07-30 中国人民大学 Image processing method, system, medium and device based on privacy protection
CN113190858B (en) * 2021-04-20 2024-02-02 中国人民大学 Image processing method, system, medium and device based on privacy protection
CN113095430A (en) * 2021-04-26 2021-07-09 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment

Also Published As

Publication number Publication date
CN110807484B (en) 2023-05-23

Similar Documents

Publication Publication Date Title
Mansouri et al. A novel one-dimensional sine powered chaotic map and its application in a new image encryption scheme
Ma et al. Lightweight privacy-preserving ensemble classification for face recognition
Lerch-Hostalot et al. Unsupervised steganalysis based on artificial training sets
US9787647B2 (en) Secure computer evaluation of decision trees
Xiong et al. Toward lightweight, privacy-preserving cooperative object classification for connected autonomous vehicles
CN110807484B (en) Privacy protection VGG-based dense image recognition method and system
Liu et al. Intelligent and secure content-based image retrieval for mobile users
CN115580687B (en) Multi-image encryption method based on variable parameter hyperchaotic system and S-shaped diffusion
CN112532383B (en) Privacy protection calculation method based on secret sharing
CN111130748A (en) Quantum chaotic parallel image encryption method
Kumar et al. A GRU and chaos-based novel image encryption approach for transport images
Shao et al. A survey of what to share in federated learning: perspectives on model utility, privacy leakage, and communication efficiency
Pereteanu et al. Split HE: Fast secure inference combining split learning and homomorphic encryption
Liu et al. Image encryption via complementary embedding algorithm and new spatiotemporal chaotic system
CN110991462B (en) Privacy protection CNN-based secret image identification method and system
Reyad et al. Hash-enhanced elliptic curve bit-string generator for medical image encryption
Ahmad et al. A Pixel-based Encryption Method for Privacy-Preserving Deep Learning Models
Kiran et al. Lightweight encryption mechanism with discrete-time chaotic maps for Internet of Robotic Things
Kosuru et al. Digital Image Steganography with Error Correction on Extracted Data
Hu et al. Research on encrypted face recognition algorithm based on new combined chaotic map and neural network
CN114358323A (en) Third-party-based efficient Pearson coefficient calculation method in federated learning environment
Reddy et al. Image encryption using orthogonal Hill Cipher algorithm
Guo et al. Optical image encryption and authentication scheme with computational ghost imaging
Sahay et al. Multidimensional comparative analysis of image encryption using gauss iterated and logistic maps
Fadhil et al. Improved Security of a Deep Learning-Based Steganography System with Imperceptibility Preservation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant