CN110807484B - Privacy protection VGG-based dense image recognition method and system - Google Patents

Privacy protection VGG-based dense image recognition method and system Download PDF

Info

Publication number
CN110807484B
CN110807484B CN201911051284.6A CN201911051284A CN110807484B CN 110807484 B CN110807484 B CN 110807484B CN 201911051284 A CN201911051284 A CN 201911051284A CN 110807484 B CN110807484 B CN 110807484B
Authority
CN
China
Prior art keywords
server
image
function
vgg
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911051284.6A
Other languages
Chinese (zh)
Other versions
CN110807484A (en
Inventor
熊金波
赵明烽
刘西蒙
毕仁万
田有亮
金彪
林劼
李琦
应作斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN201911051284.6A priority Critical patent/CN110807484B/en
Publication of CN110807484A publication Critical patent/CN110807484A/en
Application granted granted Critical
Publication of CN110807484B publication Critical patent/CN110807484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/29Graphical models, e.g. Bayesian networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Image Processing (AREA)

Abstract

The invention relates to a privacy protection VGG-based secret state image recognition method and a system, wherein the method comprises the steps that firstly, a sender encrypts an original image into two secret state component images and sends the two secret state component images to a first server and a second server respectively; the trusted server then discloses the pretraining parameters, the fine tuning training parameters and the preset super parameters of the VGG network, and generates and distributes random security parameters to the first server and the second server; then the first server and the second server respectively execute safe convolution, activation, pooling and full connection layer operation on the two secret component images; and finally, the receiver receives output results from the first server and the second server respectively and performs decryption operation to obtain feature extraction and identification results of the encrypted image. The method and the system are beneficial to improving the accuracy and the image privacy of the identification of the dense state image.

Description

基于隐私保护VGG的密态图像识别方法及系统Secret image recognition method and system based on privacy protection VGG

技术领域technical field

本发明涉及深度学习技术领域,具体涉及一种基于隐私保护VGG的密态图像识别方法及系统。The present invention relates to the technical field of deep learning, in particular to a privacy protection VGG-based secret image recognition method and system.

背景技术Background technique

近年来,深度学习在人工智能领域取得了较大的进展,被应用于语音识别、自然语言处理、计算机视觉、图像与视频分析、多媒体等诸多领域。其中,图像识别作为人工智能的一个重要方向,在经历了文字识别、数字图像处理与识别、物体识别等三个阶段后,深度学习的发展为图像识别算法质的飞跃提供了驱动力,实现了更自然地智能交互。现有的深度学习模型属于神经网络的范畴,利用著名的反向传播算法,我们可以训练神经网络模拟大脑认知的机理解决各种目标学习任务,并不断的提高学习效率和准确率。In recent years, deep learning has made great progress in the field of artificial intelligence, and has been applied to many fields such as speech recognition, natural language processing, computer vision, image and video analysis, and multimedia. Among them, image recognition is an important direction of artificial intelligence. After three stages of character recognition, digital image processing and recognition, and object recognition, the development of deep learning has provided a driving force for the qualitative leap of image recognition algorithms. Interact intelligently more naturally. The existing deep learning model belongs to the category of neural network. Using the famous backpropagation algorithm, we can train the neural network to simulate the mechanism of brain cognition to solve various target learning tasks, and continuously improve the learning efficiency and accuracy.

图像识别的关键是从图像中提取CNN特征,VGG模型是首选算法。该网络具有小卷积核、小池化核、层数更深特征图更宽以及全连接转卷积的特点,在多个迁移学习任务中的表现也要优于另一种优秀的卷积神经网络模型,GoogLeNet。随着待识别图像的特征愈加复杂,图像检测的精度愈加提高,所包含的信息隐私程度也愈高。然而,传统VGG网络的图像检测算法无法为待测图像信息提供安全保障,待检测图像信息的隐私问题亟待解决。因此,为了保证待测图像在使用VGG网络进行图像识别过程中的隐私安全性,应当设计一种隐私保护VGG方法与系统。目前,针对该网络实现待测图像隐私性的解决方案几乎没有。The key to image recognition is to extract CNN features from images, and the VGG model is the preferred algorithm. The network has the characteristics of small convolution kernel, small pool kernel, wider feature map with deeper layers, and fully connected convolution. It also performs better than another excellent convolutional neural network in multiple migration learning tasks. Model, GoogLeNet. As the features of the image to be recognized become more complex, the accuracy of image detection increases and the degree of privacy of the information contained in it increases. However, the image detection algorithm of the traditional VGG network cannot provide security guarantee for the image information to be tested, and the privacy problem of the image information to be detected needs to be solved urgently. Therefore, in order to ensure the privacy and security of the image to be tested in the process of using the VGG network for image recognition, a privacy-preserving VGG method and system should be designed. At present, there are few solutions to achieve the privacy of the image under test for this network.

发明内容Contents of the invention

本发明的目的在于提供一种基于隐私保护VGG的密态图像识别方法及系统,该方法及系统有利于提高密态图像识别的准确性和图像隐私性。The purpose of the present invention is to provide a method and system for identifying dense images based on privacy-protected VGG, which is beneficial to improving the accuracy and privacy of image recognition for dense images.

为实现上述目的,本发明采用的技术方案是:一种基于隐私保护VGG的密态图像识别方法,首先发送方α将原始图像I加密成两个密态分量图像I1、I2,并分别发送给第一服务器S1和第二服务器S2;而后可信服务器T公开VGG网络的预训练参数、微调训练参数以及预设的超参数,生成并分发随机安全参数给第一服务器S1和第二服务器S2;然后第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积、激活、池化和全连接层操作;最后接收方β分别接收到来自第一服务器S1和第二服务器S2的输出结果O1、O2,并进行解密操作,得到密态图像的特征提取和识别结果O=O1+O2In order to achieve the above purpose, the technical solution adopted by the present invention is: a secret image recognition method based on privacy protection VGG. First, the sender α encrypts the original image I into two secret component images I 1 and I 2 , and respectively Send to the first server S 1 and the second server S 2 ; then the trusted server T discloses the pre-training parameters, fine-tuning training parameters and preset hyperparameters of the VGG network, generates and distributes random security parameters to the first server S 1 and The second server S 2 ; then the first server S 1 and the second server S 2 respectively perform security convolution, activation, pooling and fully connected layer operations on the two dense component images I 1 and I 2 ; finally the receiver β The output results O 1 and O 2 from the first server S 1 and the second server S 2 are respectively received and decrypted to obtain the feature extraction and recognition result O=O 1 +O 2 of the encrypted state image.

进一步地,发送方α采用(2,2)-秘密分割门限方案将原始图像I加密成两个密态分量图像I1、I2,其方法为:Further, the sender α adopts the (2,2)-secret partition threshold scheme to encrypt the original image I into two encrypted component images I 1 and I 2 , and the method is as follows:

对于一个原始图像I,发送方α利用随机数生成器生成一个与原图尺寸大小相同的随机像素矩阵,即密态分量图像I1,并发送给第一服务器S1,然后用原始图像I减去密态分量图像I1,得到密态分量图像I2,并发送给第二服务器S2,其中随机数的选择域范围为[-2n-1,2n-1-1],n=8,16,32,...。For an original image I, the sender α uses a random number generator to generate a random pixel matrix with the same size as the original image, that is, the dense-state component image I 1 , and sends it to the first server S 1 , and then uses the original image I to subtract De-densify the component image I 1 to obtain the dense-state component image I 2 , and send it to the second server S 2 , where the selection range of the random number is [-2 n-1 ,2 n-1 -1], n= 8, 16, 32, . . .

进一步地,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积操作的方法为:Further, the methods for the first server S 1 and the second server S 2 to respectively perform secure convolution operations on the two dense-state component images I 1 and I 2 are as follows:

可信服务器T公开VGG网络的预训练参数、微调训练参数以及超参数设定,已知公开后的卷积核参数(w;b),接收到的图像输入值为x,发送方根据(2,2)-秘密分割门限方案,对原始图像I各位置点像素进行拆分操作,得到分量x1和x2,且x=x1+x2;第一服务器S1使用参数(w;b)对接收到的输入分量x1执行卷积操作;第二服务器S2使用参数(w;0)对接收到的输入分量x2执行卷积操作。The trusted server T discloses the pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network. Knowing the public convolution kernel parameters (w; b), the received image input value is x, and the sender according to (2 , 2)-secret segmentation threshold scheme, splitting the pixels at each position of the original image I to obtain components x 1 and x 2 , and x=x 1 +x 2 ; the first server S 1 uses parameters (w; b ) performs a convolution operation on the received input component x1 ; the second server S2 performs a convolution operation on the received input component x2 using the parameter (w; 0).

进一步地,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全激活操作的方法为:Further, the methods for the first server S 1 and the second server S 2 to respectively perform security activation operations on the two dense-state component images I 1 and I 2 are as follows:

对接收到的激活层输入u,完整的激活操作即计算函数max(u,0),将u<0的像素位置置0,u≥0的位置保持不变;第一服务器S1和第二服务器S2分别接收到激活层的输入分量,交互式的使用安全比较函数SecComp获得两个输入分量对应原始图像的像素位置的符号位;如果符号位等于1,那么S1和S2分别将其分量置0,否则保持不变。For the received activation layer input u, the complete activation operation is to calculate the function max(u,0), set the pixel position of u<0 to 0, and the position of u≥0 remains unchanged; the first server S 1 and the second The server S 2 respectively receives the input components of the activation layer, and interactively uses the security comparison function SecComp to obtain the sign bit of the pixel position corresponding to the original image of the two input components; if the sign bit is equal to 1, then S 1 and S 2 respectively Components are set to 0, otherwise remain unchanged.

进一步地,所述安全激活操作中使用的安全比较函数SecComp包括安全二进制乘法函数SecBitMul、安全二进制加法函数SecBitAdd和安全比特位提取函数SecBitExtra,其中函数SecBitMul按如下步骤执行:Further, the security comparison function SecComp used in the security activation operation includes a security binary multiplication function SecBitMul, a security binary addition function SecBitAdd and a security bit extraction function SecBitExtra, wherein the function SecBitMul is executed according to the following steps:

步骤A1:可信服务器T随机生成乘法三元组,第三个数为前两个数之积;再生成三个随机数,分发给第一服务器S1;将三个随机数与乘法三元组依次对应执行异或操作,得到三个新的随机数并发送给第二服务器S2Step A1: The trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; generate three random numbers and distribute them to the first server S 1 ; combine the three random numbers with the multiplication triplet Groups perform XOR operations correspondingly in turn to obtain three new random numbers and send them to the second server S 2 ;

步骤A2:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个乘数的输入分量,利用随机乘法三元组以及相应随机数,S1和S2最后分别得到输出结果,满足两个输出结果相异或的值等于两个乘法输入分量相与的值,实现二进制比特位的进位运算;Step A2: The first server S 1 and the second server S 2 respectively receive the input components of the two multipliers calling the function SecBitMul, use the random multiplication triplet and the corresponding random number, S 1 and S 2 finally obtain the output results respectively , satisfying that the value of the XOR of the two output results is equal to the value of the AND of the two multiplication input components, realizing the carry operation of the binary bit;

函数SecBitAdd按如下步骤执行:The function SecBitAdd is executed as follows:

步骤B1:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个加数的输入分量,S1、S2分别对两个输入分量进行异或操作,得到未包含进位的加数和;通过调用函数SecBitMul,将当前存在进位的比特位置1;S1、S2都分别执行左移一位的操作,并将移位后的结果分别传送给对方进行交互;Step B1: The first server S 1 and the second server S 2 respectively receive the input components of the two addends calling the function SecBitMul, and S 1 and S 2 respectively perform XOR operation on the two input components to obtain the Addend sum; by calling the function SecBitMul, the bit position of the current carry is set to 1; both S 1 and S 2 respectively perform the operation of shifting one bit to the left, and transmit the shifted results to the other party for interaction;

步骤B2:S1、S2分别对两个新的分量进行异或操作,并判断还是否存在进位,若存在,则迭代调用函数SecBitMul和左移操作,直到S1、S2将各自加法操作的所有进位值加上,跳出循环;S1、S2分别输出加法的分量结果;Step B2: S 1 and S 2 perform XOR operation on the two new components respectively, and judge whether there is a carry, if there is, iteratively call the function SecBitMul and the left shift operation until S 1 and S 2 perform the addition operation Add all the carry values of , and jump out of the loop; S 1 and S 2 respectively output the component results of the addition;

函数SecBitExtra按如下步骤执行:The function SecBitExtra is executed in the following steps:

步骤C1:可信服务器T随机生成三个随机数r1、r2和γ1,计算r1异或r2得到r,r减去γ1得到γ2,将r1和γ1分发给S1,将r2和γ2分发给S2Step C1: Trusted server T randomly generates three random numbers r 1 , r 2 and γ 1 , calculates r 1 XOR r 2 to get r, subtracts γ 1 from r to get γ 2 , and distributes r 1 and γ 1 to S 1 , distribute r 2 and γ 2 to S 2 ;

步骤C2:第一服务器S1和第二服务器S2接收到各自的输入分量,分别用输入分量减去γ1、γ2得到t1、t2;S2将t2传递给S1;S1计算t1、t2之和为v,并生成随机数v1,计算v异或v1得到v2,并传递给S2;S1和S2交互地使用函数SecBitAdd,即S1输入r1和v1,S2输入r2和v2;S1、S2分别获得分量输出值;Step C2: The first server S 1 and the second server S 2 receive their respective input components, respectively subtract γ 1 and γ 2 from the input components to obtain t 1 and t 2 ; S 2 transfers t 2 to S 1 ; S 1 Calculate the sum of t 1 and t 2 as v, and generate a random number v 1 , calculate v XOR v 1 to get v 2 , and pass it to S 2 ; S 1 and S 2 use the function SecBitAdd interactively, that is, S 1 input r 1 and v 1 , S 2 inputs r 2 and v 2 ; S 1 and S 2 obtain component output values respectively;

步骤C3:S1、S2分别收到调用函数SecBitAdd后的分量输出,各自判断输出结果的正负,若小于零则将各自符号位置1,反之置0;S1、S2交互式的传递各自的符号位,并同时进行两方的符号位的异或操作,得到最终的符号位结果;S1、S2分别输出共同的最终符号位结果。Step C3: S 1 and S 2 respectively receive the component output after calling the function SecBitAdd, and judge whether the output result is positive or negative. If it is less than zero, the respective symbol positions are set to 1, otherwise they are set to 0; S 1 and S 2 transmit interactively respective sign bits, and perform the XOR operation of the sign bits of both parties at the same time to obtain the final sign bit result; S 1 and S 2 respectively output the common final sign bit result.

进一步地,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全池化操作的方法为:Further, the methods for the first server S 1 and the second server S 2 to respectively perform security pooling operations on the two dense component images I 1 and I 2 are as follows:

接收到池化层的输入后,完整的MAX-POOL操作为选择池化窗口内的最大值作为该区域池化后的结果;S1和S2分别接收到池化层的输入分量后,标记各自池化窗口内的左上角像素点为最大值位置;然后S1、S2遵循从左至右,从上至下的规则,同时对各自的池化窗口内的像素位置执行两两相减操作,并互相传递对应的两两差值进行求和,若求和结果小于零,则标记被减数所在像素点为最大值位置,否则最大值位置保持初始值不变;S1、S2迭代执行该操作直到遍历完池化窗口;S1、S2输出池化窗口内的最大值位置所在的像素值替代该池化窗口;S1、S2滑动池化窗口,遍历各自的分量图像区域,各自输出池化层结果。After receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the result of pooling in this area; after S 1 and S 2 respectively receive the input components of the pooling layer, mark The upper left pixel point in each pooling window is the maximum value position; then S 1 and S 2 follow the rules from left to right and from top to bottom, and perform pairwise subtraction on the pixel positions in their respective pooling windows operation, and pass the corresponding pairwise differences to each other for summing, if the summation result is less than zero, mark the pixel where the minuend is located as the maximum value position, otherwise the maximum value position remains the same as the initial value; S 1 , S 2 Perform this operation iteratively until the pooling window is traversed; S 1 and S 2 output the pixel value at the position of the maximum value in the pooling window to replace the pooling window; S 1 and S 2 slide the pooling window to traverse their respective component images Regions, each output the result of the pooling layer.

进一步地,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全全连接操作的方法为:Further, the methods for the first server S 1 and the second server S 2 to respectively perform secure full-connection operations on the two dense-state component images I 1 and I 2 are as follows:

可信服务器T公开的全连接层参数(w;b),对接收到的全连接层的输入x,完整的全连接层的操作是计算y=w·x+b;第一服务器S1接收到输入分量x1,使用参数(w;b)执行全连接操作,即计算y1=w·x1+b;第二服务器S2接收到输入分量x2,使用参数(w;0)执行全连接操作,即计算y2=w·x2+0,且满足x=x1+x2The fully connected layer parameter (w; b) disclosed by the trusted server T, for the received input x of the fully connected layer, the operation of the complete fully connected layer is to calculate y=w x+b; the first server S1 receives To the input component x 1 , use the parameter (w; b) to execute the full connection operation, that is, calculate y 1 =w·x 1 +b; the second server S 2 receives the input component x 2 , and use the parameter (w; 0) to execute The full connection operation is to calculate y 2 =w·x 2 +0 and satisfy x=x 1 +x 2 .

进一步地,接收方β进行解密操作的方法为:第一服务器S1将密态分量图像I1执行完VGG网络前向过程的输出结果O1发送给接收方β;第二服务器S2将密态分量图像I2执行完VGG网络前向过程的输出结果O2发送给接收方β;β执行解密操作,即计算O=O1+O2,得到原始图像I的密态图像特征提取和识别结果。Further, the method for the receiver β to perform the decryption operation is as follows: the first server S 1 sends the output result O 1 of the encrypted component image I 1 to the receiver β after the VGG network forward process; the second server S 2 sends the encrypted After the state component image I 2 executes the output result O 2 of the VGG network forward process, it is sent to the receiver β; β performs the decryption operation, that is, calculates O=O 1 +O 2 , and obtains the dense image feature extraction and recognition of the original image I result.

本发明还提供了一种采用上述方法的密态图像识别系统,包括:The present invention also provides a dense state image recognition system adopting the above method, comprising:

发送方α,用于进行图像加密操作,即将原始图像随机拆分加密成两个密态分量图像;The sender α is used to perform image encryption operations, that is, to randomly split and encrypt the original image into two dense-state component images;

可信服务器T,用于公开模型训练参数,生成并分发各层的安全函数涉及到的随机安全参数;The trusted server T is used to disclose model training parameters, generate and distribute random security parameters involved in the security functions of each layer;

第一服务器S1和第二服务器S2,用于并行执行隐私保护VGG网络,分别输出密态分量图像的特征提取和识别结果;以及The first server S 1 and the second server S 2 are used to execute the privacy protection VGG network in parallel, and respectively output the feature extraction and recognition results of the dense state component image; and

接收方β,用于进行图像解密操作,即对第一服务器S1和第二服务器S2的输出结果进行合并,得到与原始图像识别结果相同的密态图像识别结果。The receiver β is used to perform image decryption operations, that is, to combine the output results of the first server S 1 and the second server S 2 to obtain the same encrypted image recognition result as the original image recognition result.

与现有技术相比,本发明具有以下有益效果:本发明利用秘密分割门限方案对原始图像进行加密处理,并利用两个随机拆分的密态分量图像并行执行隐私保护VGG网络,最后通过合并密态分量图像的输出结果得到与原始图像相同的特权提取和识别效果。对于任一分量输出结果,其没有任何实际的意义,不会泄露原始图像隐私。本发明不仅保证了原始待测图像在识别过程中的隐私安全性,同时还保证拆分操作不对识别检测的准确率产生影响,做到不以牺牲检测精度为代价实现安全性。Compared with the prior art, the present invention has the following beneficial effects: the present invention uses the secret segmentation threshold scheme to encrypt the original image, and uses two randomly split secret-state component images to execute the privacy protection VGG network in parallel, and finally through the combination The output of the dense-state component image obtains the same privilege extraction and recognition effect as the original image. For any component output result, it has no practical significance and will not reveal the privacy of the original image. The invention not only ensures the privacy and security of the original image to be tested during the identification process, but also ensures that the splitting operation does not affect the accuracy of identification and detection, so as to achieve security without sacrificing detection accuracy.

附图说明Description of drawings

图1是本发明实施例的方法实现流程图。Fig. 1 is a flow chart of the implementation of the method of the embodiment of the present invention.

图2是本发明实施例的系统构造原理图。Fig. 2 is a schematic diagram of the system structure of the embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图及具体实施例对本发明作进一步的详细说明。The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

本发明将待测图像随机拆分成两个无法辨别的分量图像,并交由两台竞争型服务器分别进行VGG网络处理。通过构造具有交互性质的安全函数替换传统VGG网络各个类型的层,实现两个分量图像并行执行VGG网络处理后再合并的效果等价于原始图像进行VGG网络处理后的效果。The invention randomly splits the image to be tested into two indistinguishable component images, and sends them to two competing servers for VGG network processing respectively. By constructing an interactive security function to replace each type of layer in the traditional VGG network, the effect of combining two component images after VGG network processing in parallel is equivalent to the effect of the original image after VGG network processing.

基于以上思路,本发明提供了一种基于隐私保护VGG的密态图像识别方法,如图1所示,首先发送方α将原始图像I加密成两个密态分量图像I1、I2,并分别发送给第一服务器S1和第二服务器S2;而后可信服务器T公开VGG网络的预训练参数、微调训练参数以及预设的超参数,生成并分发随机安全参数给第一服务器S1和第二服务器S2;然后第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积、激活、池化和全连接层操作;最后接收方β分别接收到来自第一服务器S1和第二服务器S2的输出结果O1、O2,并进行解密操作,得到密态图像的特征提取和识别结果O=O1+O2Based on the above ideas, the present invention provides a secret image recognition method based on privacy protection VGG, as shown in Figure 1, first, the sender α encrypts the original image I into two secret component images I 1 , I 2 , and Send them to the first server S 1 and the second server S 2 respectively; then the trusted server T discloses the pre-training parameters, fine-tuning training parameters and preset hyperparameters of the VGG network, generates and distributes random security parameters to the first server S 1 and the second server S 2 ; then the first server S 1 and the second server S 2 perform security convolution, activation, pooling and fully connected layer operations on the two dense component images I 1 and I 2 respectively; finally the receiver β receives the output results O 1 and O 2 from the first server S 1 and the second server S 2 respectively, and performs a decryption operation to obtain the feature extraction and recognition results of the encrypted image O=O 1 +O 2 .

在本实施例中,发送方α采用(2,2)-秘密分割门限方案将原始图像I加密成两个密态分量图像I1、I2,其方法为:In this embodiment, the sender α adopts the (2,2)-secret segmentation threshold scheme to encrypt the original image I into two secret-state component images I 1 and I 2 , and the method is as follows:

对于一个原始图像I,发送方α利用随机数生成器生成一个与原图尺寸大小相同的随机像素矩阵,即密态分量图像I1,并发送给第一服务器S1,然后用原始图像I减去密态分量图像I1,得到密态分量图像I2,并发送给第二服务器S2,其中随机数的选择域范围为[-2n-1,2n-1-1],n=8,16,32,...。For an original image I, the sender α uses a random number generator to generate a random pixel matrix with the same size as the original image, that is, the dense-state component image I 1 , and sends it to the first server S 1 , and then uses the original image I to subtract De-densify the component image I 1 to obtain the dense-state component image I 2 , and send it to the second server S 2 , where the selection range of the random number is [-2 n-1 ,2 n-1 -1], n= 8, 16, 32, . . .

在本实施例中,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积操作的方法为:In this embodiment, the methods for the first server S 1 and the second server S 2 to respectively perform secure convolution operations on the two dense-state component images I 1 and I 2 are as follows:

可信服务器T公开VGG网络的预训练参数、微调训练参数以及超参数设定,已知公开后的卷积核参数(w;b),接收到的图像输入值为x,发送方根据(2,2)-秘密分割门限方案,对原始图像I各位置点像素进行拆分操作,得到分量x1和x2,且x=x1+x2;第一服务器S1使用参数(w;b)对接收到的输入分量x1执行卷积操作;第二服务器S2使用参数(w;0)对接收到的输入分量x2执行卷积操作。The trusted server T discloses the pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network. Knowing the public convolution kernel parameters (w; b), the received image input value is x, and the sender according to (2 , 2)-secret segmentation threshold scheme, splitting the pixels at each position of the original image I to obtain components x 1 and x 2 , and x=x 1 +x 2 ; the first server S 1 uses parameters (w; b ) performs a convolution operation on the received input component x1 ; the second server S2 performs a convolution operation on the received input component x2 using the parameter (w; 0).

在本实施例中,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全激活操作的方法为:In this embodiment, the methods for the first server S 1 and the second server S 2 to respectively perform security activation operations on the two dense-state component images I 1 and I 2 are as follows:

对接收到的激活层输入u,完整的激活操作即计算函数max(u,0),将u<0的像素位置置0,u≥0的位置保持不变;第一服务器S1和第二服务器S2分别接收到激活层的输入分量,交互式的使用安全比较函数SecComp获得两个输入分量对应原始图像的像素位置的符号位;如果符号位等于1,那么S1和S2分别将其分量置0,否则保持不变。For the received activation layer input u, the complete activation operation is to calculate the function max(u,0), set the pixel position of u<0 to 0, and the position of u≥0 remains unchanged; the first server S 1 and the second The server S 2 respectively receives the input components of the activation layer, and interactively uses the security comparison function SecComp to obtain the sign bit of the pixel position corresponding to the original image of the two input components; if the sign bit is equal to 1, then S 1 and S 2 respectively Components are set to 0, otherwise remain unchanged.

其中,所述安全激活操作中使用的安全比较函数SecComp包括安全二进制乘法函数SecBitMul、安全二进制加法函数SecBitAdd和安全比特位提取函数SecBitExtra。Wherein, the security comparison function SecComp used in the security activation operation includes a security binary multiplication function SecBitMul, a security binary addition function SecBitAdd and a security bit extraction function SecBitExtra.

函数SecBitMul按如下步骤执行:The function SecBitMul is executed as follows:

步骤A1:可信服务器T随机生成乘法三元组,第三个数为前两个数之积;再生成三个随机数,分发给第一服务器S1;将三个随机数与乘法三元组依次对应执行异或操作,得到三个新的随机数并发送给第二服务器S2Step A1: The trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; generate three random numbers and distribute them to the first server S 1 ; combine the three random numbers with the multiplication triplet Groups perform XOR operations correspondingly in turn to obtain three new random numbers and send them to the second server S 2 ;

步骤A2:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个乘数的输入分量(例.已知乘数r=r1+r2、v=v1+v2,S1收到r1、v1,S2收到r2、v2),利用随机乘法三元组以及相应随机数,S1和S2最后分别得到输出结果,满足两个输出结果相异或的值等于两个乘法输入分量相与的值,实现二进制比特位的进位运算。Step A2: The first server S 1 and the second server S 2 respectively receive the input components of the two multipliers calling the function SecBitMul (for example. known multipliers r=r 1 +r 2 , v=v 1 +v 2 , S 1 receives r 1 , v 1 , S 2 receives r 2 , v 2 ), using random multiplication triplets and corresponding random numbers, S 1 and S 2 finally get output results respectively, satisfying that the two output results are identical The value of XOR is equal to the value of the addition of two multiplication input components, realizing the carry operation of binary bits.

函数SecBitAdd按如下步骤执行:The function SecBitAdd is executed as follows:

步骤B1:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个加数的输入分量(例.已知加数r=r1+r2、v=v1+v2,S1收到r1、v1,S2收到r2、v2),S1、S2分别对两个输入分量进行异或操作,得到未包含进位的加数和;通过调用函数SecBitMul,将当前存在进位的比特位置1;S1、S2都分别执行左移一位的操作,并将移位后的结果分别传送给对方进行交互;Step B1: The first server S 1 and the second server S 2 respectively receive the input components of the two addends that call the function SecBitMul (for example, known addends r=r 1 +r 2 , v=v 1 +v 2 , S 1 receives r 1 , v 1 , S 2 receives r 2 , v 2 ), S 1 , S 2 respectively perform XOR operation on the two input components to obtain the addend sum without carry; by calling the function SecBitMul, set the bit position of the current carry to 1; S 1 and S 2 respectively perform the operation of shifting one bit to the left, and transmit the shifted results to the other party for interaction;

步骤B2:S1、S2分别对两个新的分量进行异或操作,并判断还是否存在进位,若存在,则迭代调用函数SecBitMul和左移操作,直到S1、S2将各自加法操作的所有进位值加上,跳出循环;S1、S2分别输出加法的分量结果。Step B2: S 1 and S 2 perform XOR operation on the two new components respectively, and judge whether there is a carry, if there is, iteratively call the function SecBitMul and the left shift operation until S 1 and S 2 perform the addition operation Add all the carry values of , and jump out of the loop; S 1 and S 2 respectively output the component results of the addition.

函数SecBitExtra按如下步骤执行:The function SecBitExtra is executed in the following steps:

步骤C1:可信服务器T随机生成三个随机数r1、r2和γ1,计算r1异或r2得到r,r减去γ1得到γ2,将r1和γ1分发给S1,将r2和γ2分发给S2Step C1: Trusted server T randomly generates three random numbers r 1 , r 2 and γ 1 , calculates r 1 XOR r 2 to get r, subtracts γ 1 from r to get γ 2 , and distributes r 1 and γ 1 to S 1 , distribute r 2 and γ 2 to S 2 ;

步骤C2:第一服务器S1和第二服务器S2接收到各自的输入分量,分别用输入分量减去γ1、γ2得到t1、t2;S2将t2传递给S1;S1计算t1、t2之和为v,并生成随机数v1,计算v异或v1得到v2,并传递给S2;S1和S2交互地使用函数SecBitAdd,即S1输入r1和v1,S2输入r2和v2;S1、S2分别获得分量输出值;Step C2: The first server S 1 and the second server S 2 receive their respective input components, subtract γ 1 and γ 2 from the input components respectively to obtain t 1 and t 2 ; S 2 transfers t 2 to S 1 ; S 1 Calculate the sum of t 1 and t 2 as v, and generate a random number v 1 , calculate v XOR v 1 to get v 2 , and pass it to S 2 ; S 1 and S 2 use the function SecBitAdd interactively, that is, S 1 input r 1 and v 1 , S 2 inputs r 2 and v 2 ; S 1 and S 2 obtain component output values respectively;

步骤C3:S1、S2分别收到调用函数SecBitAdd后的分量输出,各自判断输出结果的正负,若小于零则将各自符号位置1,反之置0;S1、S2交互式的传递各自的符号位,并同时进行两方的符号位的异或操作,得到最终的符号位结果;S1、S2分别输出共同的最终符号位结果。Step C3: S 1 and S 2 respectively receive the component output after calling the function SecBitAdd, and judge whether the output result is positive or negative. If it is less than zero, the respective symbol positions are set to 1, otherwise they are set to 0; S 1 and S 2 transmit interactively respective sign bits, and perform the XOR operation of the sign bits of both parties at the same time to obtain the final sign bit result; S 1 and S 2 respectively output the common final sign bit result.

在本实施例中,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全池化操作的方法为:In this embodiment, the methods for the first server S 1 and the second server S 2 to respectively perform security pooling operations on the two dense component images I 1 and I 2 are as follows:

接收到池化层的输入后,完整的MAX-POOL操作为选择池化窗口内的最大值作为该区域池化后的结果;S1和S2分别接收到池化层的输入分量后,标记各自池化窗口内的左上角像素点为最大值位置;然后S1、S2遵循从左至右,从上至下的规则,同时对各自的池化窗口内的像素位置执行两两相减操作,并互相传递对应的两两差值进行求和,若求和结果小于零,则标记被减数所在像素点为最大值位置,否则最大值位置保持初始值不变;S1、S2迭代执行该操作直到遍历完池化窗口;S1、S2输出池化窗口内的最大值位置所在的像素值替代该池化窗口;S1、S2滑动池化窗口,遍历各自的分量图像区域,各自输出池化层结果。After receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the result of pooling in this area; after S 1 and S 2 respectively receive the input components of the pooling layer, mark The upper left pixel point in each pooling window is the maximum value position; then S 1 and S 2 follow the rules from left to right and from top to bottom, and perform pairwise subtraction on the pixel positions in their respective pooling windows operation, and pass the corresponding pairwise differences to each other for summing, if the summation result is less than zero, mark the pixel where the minuend is located as the maximum value position, otherwise the maximum value position remains the same as the initial value; S 1 , S 2 Perform this operation iteratively until the pooling window is traversed; S 1 and S 2 output the pixel value at the position of the maximum value in the pooling window to replace the pooling window; S 1 and S 2 slide the pooling window to traverse their respective component images Regions, each output the result of the pooling layer.

在本实施例中,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全全连接操作的方法为:In this embodiment, the methods for the first server S 1 and the second server S 2 to perform secure full-connection operations on the two dense-state component images I 1 and I 2 are as follows:

可信服务器T公开的全连接层参数(w;b),对接收到的全连接层的输入x,完整的全连接层的操作是计算y=w·x+b;第一服务器S1接收到输入分量x1,使用参数(w;b)执行全连接操作,即计算y1=w·x1+b;第二服务器S2接收到输入分量x2,使用参数(w;0)执行全连接操作,即计算y2=w·x2+0,且满足x=x1+x2The fully connected layer parameter (w; b) disclosed by the trusted server T, for the received input x of the fully connected layer, the operation of the complete fully connected layer is to calculate y=w x+b; the first server S1 receives To the input component x 1 , use the parameter (w; b) to execute the full connection operation, that is, calculate y 1 =w·x 1 +b; the second server S 2 receives the input component x 2 , and use the parameter (w; 0) to execute The full connection operation is to calculate y 2 =w·x 2 +0 and satisfy x=x 1 +x 2 .

在本实施例中,接收方β进行解密操作的方法为:第一服务器S1将密态分量图像I1执行完VGG网络前向过程的输出结果O1发送给接收方β;第二服务器S2将密态分量图像I2执行完VGG网络前向过程的输出结果O2发送给接收方β;β执行解密操作,即计算O=O1+O2,得到原始图像I的密态图像特征提取和识别结果。In this embodiment, the method for the receiver β to perform the decryption operation is as follows: the first server S 1 sends the output result O 1 of the dense-state component image I 1 to the receiver β after the VGG network forward process is completed; the second server S 2 Send the output result O 2 of the dense-state component image I 2 after the VGG network forward process is executed to the receiver β; β performs the decryption operation, that is, calculates O=O 1 +O 2 , and obtains the dense-state image features of the original image I Extract and identify results.

本发明还提供了采用上述方法的密态图像识别系统,如图2所示,包括发送方α、可信服务器T、第一服务器S1、第二服务器S2和接收方β。The present invention also provides a secret image recognition system adopting the above method, as shown in FIG. 2 , including a sender α, a trusted server T, a first server S 1 , a second server S 2 and a receiver β.

所述发送方α用于进行图像加密操作,即将原始图像随机拆分加密成两个密态分量图像;The sender α is used to perform an image encryption operation, that is, the original image is randomly split and encrypted into two encrypted component images;

所述可信服务器T用于公开模型训练参数,生成并分发各层的安全函数涉及到的随机安全参数;The trusted server T is used to disclose model training parameters, generate and distribute random security parameters involved in the security functions of each layer;

所述第一服务器S1和第二服务器S2用于并行执行隐私保护VGG网络,分别输出密态分量图像的特征提取和识别结果;The first server S 1 and the second server S 2 are used to execute the privacy protection VGG network in parallel, and output feature extraction and recognition results of dense state component images respectively;

所述接收方β用于进行图像解密操作,即对第一服务器S1和第二服务器S2的输出结果进行合并,得到与原始图像识别结果相同的密态图像识别结果。The receiver β is used for image decryption operation, that is, combining the output results of the first server S 1 and the second server S 2 to obtain the same encrypted image recognition result as the original image recognition result.

以上是本发明的较佳实施例,凡依本发明技术方案所作的改变,所产生的功能作用未超出本发明技术方案的范围时,均属于本发明的保护范围。The above are the preferred embodiments of the present invention, and all changes made according to the technical solution of the present invention, when the functional effect produced does not exceed the scope of the technical solution of the present invention, all belong to the protection scope of the present invention.

Claims (9)

1.一种基于隐私保护VGG的密态图像识别方法,其特征在于,首先发送方α将原始图像I加密成两个密态分量图像I1、I2,并分别发送给第一服务器S1和第二服务器S2;而后可信服务器T公开VGG网络的预训练参数、微调训练参数以及预设的超参数,生成并分发随机安全参数给第一服务器S1和第二服务器S2;然后第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积、激活、池化和全连接层操作;最后接收方β分别接收到来自第一服务器S1和第二服务器S2的输出结果O1、O2,并进行解密操作,得到密态图像的特征提取和识别结果O=O1+O21. A confidential image recognition method based on privacy-preserving VGG, characterized in that first, the sender α encrypts the original image I into two encrypted component images I 1 and I 2 , and sends them to the first server S 1 respectively and the second server S 2 ; then the trusted server T discloses the pre-training parameters, fine-tuning training parameters and preset hyperparameters of the VGG network, generates and distributes random security parameters to the first server S 1 and the second server S 2 ; then The first server S 1 and the second server S 2 perform security convolution, activation, pooling and fully connected layer operations on the two dense component images I 1 and I 2 respectively; finally, the receiver β respectively receives data from the first server The output results O 1 and O 2 of S 1 and the second server S 2 are decrypted to obtain the feature extraction and recognition result O=O 1 +O 2 of the encrypted state image. 2.根据权利要求1所述的基于隐私保护VGG的密态图像识别方法,其特征在于,发送方α采用(2,2)-秘密分割门限方案将原始图像I加密成两个密态分量图像I1、I2,其方法为:2. The secret image recognition method based on privacy protection VGG according to claim 1, wherein the sender α adopts (2,2)-secret segmentation threshold scheme to encrypt the original image I into two secret component images I 1 , I 2 , the method is: 对于一个原始图像I,发送方α利用随机数生成器生成一个与原图尺寸大小相同的随机像素矩阵,即密态分量图像I1,并发送给第一服务器S1,然后用原始图像I减去密态分量图像I1,得到密态分量图像I2,并发送给第二服务器S2,其中随机数的选择域范围为[-2n-1,2n-1-1],n=8,16,32,...。For an original image I, the sender α uses a random number generator to generate a random pixel matrix with the same size as the original image, that is, the dense-state component image I 1 , and sends it to the first server S 1 , and then uses the original image I to subtract De-densify the component image I 1 to obtain the dense-state component image I 2 , and send it to the second server S 2 , where the selection range of the random number is [-2 n-1 ,2 n-1 -1], n= 8, 16, 32, . . . 3.根据权利要求2所述的基于隐私保护VGG的密态图像识别方法,其特征在于,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全卷积操作的方法为:3. The confidential image recognition method based on privacy protection VGG according to claim 2, characterized in that, the first server S 1 and the second server S 2 respectively identify the two confidential component images I 1 , I 2 The method to perform a secure convolution operation is: 可信服务器T公开VGG网络的预训练参数、微调训练参数以及超参数设定,已知公开后的卷积核参数(w;b),接收到的图像输入值为x,发送方根据(2,2)-秘密分割门限方案,对原始图像I各位置点像素进行拆分操作,得到分量x1和x2,且x=x1+x2;第一服务器S1使用参数(w;b)对接收到的输入分量x1执行卷积操作;第二服务器S2使用参数(w;0)对接收到的输入分量x2执行卷积操作。The trusted server T discloses the pre-training parameters, fine-tuning training parameters and hyper-parameter settings of the VGG network. Knowing the public convolution kernel parameters (w; b), the received image input value is x, and the sender according to (2 , 2)-secret segmentation threshold scheme, splitting the pixels at each position of the original image I to obtain components x 1 and x 2 , and x=x 1 +x 2 ; the first server S 1 uses parameters (w; b ) performs a convolution operation on the received input component x1 ; the second server S2 performs a convolution operation on the received input component x2 using the parameter (w; 0). 4.根据权利要求3所述的基于隐私保护VGG的密态图像识别方法,其特征在于,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全激活操作的方法为:4. The confidential image recognition method based on privacy protection VGG according to claim 3, characterized in that, the first server S 1 and the second server S 2 respectively identify two confidential component images I 1 , I 2 The method to perform security activation operation is: 对接收到的激活层输入u,完整的激活操作即计算函数max(u,0),将u<0的像素位置置0,u≥0的位置保持不变;第一服务器S1和第二服务器S2分别接收到激活层的输入分量,交互式的使用安全比较函数SecComp获得两个输入分量对应原始图像的像素位置的符号位;如果符号位等于1,那么S1和S2分别将其分量置0,否则保持不变。For the received activation layer input u, the complete activation operation is to calculate the function max(u,0), set the pixel position of u<0 to 0, and the position of u≥0 remains unchanged; the first server S 1 and the second The server S 2 respectively receives the input components of the activation layer, and interactively uses the security comparison function SecComp to obtain the sign bit of the pixel position corresponding to the original image of the two input components; if the sign bit is equal to 1, then S 1 and S 2 respectively Components are set to 0, otherwise remain unchanged. 5.根据权利要求4所述的基于隐私保护VGG的密态图像识别方法,其特征在于,所述安全激活操作中使用的安全比较函数SecComp包括安全二进制乘法函数SecBitMul、安全二进制加法函数SecBitAdd和安全比特位提取函数SecBitExtra,其中函数SecBitMul按如下步骤执行:5. The secret image recognition method based on privacy protection VGG according to claim 4, wherein the security comparison function SecComp used in the security activation operation comprises a security binary multiplication function SecBitMul, a security binary addition function SecBitAdd and a security The bit extraction function SecBitExtra, in which the function SecBitMul is executed according to the following steps: 步骤A1:可信服务器T随机生成乘法三元组,第三个数为前两个数之积;再生成三个随机数,分发给第一服务器S1;将三个随机数与乘法三元组依次对应执行异或操作,得到三个新的随机数并发送给第二服务器S2Step A1: The trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; generate three random numbers and distribute them to the first server S 1 ; combine the three random numbers with the multiplication triplet Groups perform XOR operations correspondingly in turn to obtain three new random numbers and send them to the second server S 2 ; 步骤A2:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个乘数的输入分量,利用随机乘法三元组以及相应随机数,S1和S2最后分别得到输出结果,满足两个输出结果相异或的值等于两个乘法输入分量相与的值,实现二进制比特位的进位运算;Step A2: The first server S 1 and the second server S 2 respectively receive the input components of the two multipliers calling the function SecBitMul, use the random multiplication triplet and the corresponding random number, S 1 and S 2 finally obtain the output results respectively , satisfying that the value of the XOR of the two output results is equal to the value of the AND of the two multiplication input components, realizing the carry operation of the binary bit; 函数SecBitAdd按如下步骤执行:The function SecBitAdd is executed as follows: 步骤B1:第一服务器S1、第二服务器S2分别接收到调用函数SecBitMul的两个加数的输入分量,S1、S2分别对两个输入分量进行异或操作,得到未包含进位的加数和;通过调用函数SecBitMul,将当前存在进位的比特位置1;S1、S2都分别执行左移一位的操作,并将移位后的结果分别传送给对方进行交互;Step B1: The first server S 1 and the second server S 2 respectively receive the input components of the two addends calling the function SecBitMul, and S 1 and S 2 respectively perform XOR operation on the two input components to obtain the Addend sum; by calling the function SecBitMul, set the bit position of the current carry to 1; S 1 and S 2 respectively perform the operation of shifting one bit to the left, and transmit the shifted results to the other party for interaction; 步骤B2:S1、S2分别对两个新的分量进行异或操作,并判断还是否存在进位,若存在,则迭代调用函数SecBitMul和左移操作,直到S1、S2将各自加法操作的所有进位值加上,跳出循环;S1、S2分别输出加法的分量结果;Step B2: S 1 and S 2 perform XOR operation on the two new components respectively, and judge whether there is a carry, if there is, iteratively call the function SecBitMul and the left shift operation until S 1 and S 2 perform the addition operation Add all the carry values of , and jump out of the loop; S 1 and S 2 respectively output the component results of the addition; 函数SecBitExtra按如下步骤执行:The function SecBitExtra is executed in the following steps: 步骤C1:可信服务器T随机生成三个随机数r1、r2和γ1,计算r1异或r2得到r,r减去γ1得到γ2,将r1和γ1分发给S1,将r2和γ2分发给S2Step C1: Trusted server T randomly generates three random numbers r 1 , r 2 and γ 1 , calculates r 1 XOR r 2 to get r, subtracts γ 1 from r to get γ 2 , and distributes r 1 and γ 1 to S 1 , distribute r 2 and γ 2 to S 2 ; 步骤C2:第一服务器S1和第二服务器S2接收到各自的输入分量,分别用输入分量减去γ1、γ2得到t1、t2;S2将t2传递给S1;S1计算t1、t2之和为v,并生成随机数v1,计算v异或v1得到v2,并传递给S2;S1和S2交互地使用函数SecBitAdd,即S1输入r1和v1,S2输入r2和v2;S1、S2分别获得分量输出值;Step C2: The first server S 1 and the second server S 2 receive their respective input components, respectively subtract γ 1 and γ 2 from the input components to obtain t 1 and t 2 ; S 2 transfers t 2 to S 1 ; S 1 Calculate the sum of t 1 and t 2 as v, and generate a random number v 1 , calculate v XOR v 1 to get v 2 , and pass it to S 2 ; S 1 and S 2 use the function SecBitAdd interactively, that is, S 1 input r 1 and v 1 , S 2 inputs r 2 and v 2 ; S 1 and S 2 obtain component output values respectively; 步骤C3:S1、S2分别收到调用函数SecBitAdd后的分量输出,各自判断输出结果的正负,若小于零则将各自符号位置1,反之置0;S1、S2交互式的传递各自的符号位,并同时进行两方的符号位的异或操作,得到最终的符号位结果;S1、S2分别输出共同的最终符号位结果。Step C3: S 1 and S 2 respectively receive the component output after calling the function SecBitAdd, and judge whether the output result is positive or negative. If it is less than zero, the respective symbol positions are set to 1, otherwise they are set to 0; S 1 and S 2 transmit interactively respective sign bits, and perform the XOR operation of the sign bits of both parties at the same time to obtain the final sign bit result; S 1 and S 2 respectively output the common final sign bit result. 6.根据权利要求5所述的基于隐私保护VGG的密态图像识别方法,其特征在于,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全池化操作的方法为:6. The confidential image recognition method based on privacy protection VGG according to claim 5, characterized in that, the first server S 1 and the second server S 2 respectively identify two confidential component images I 1 , I 2 The method to perform security pooling operation is: 接收到池化层的输入后,完整的MAX-POOL操作为选择池化窗口内的最大值作为该池化窗口池化后的结果;S1和S2分别接收到池化层的输入分量后,标记各自池化窗口内的左上角像素点为最大值位置;然后S1、S2遵循从左至右,从上至下的规则,同时对各自的池化窗口内的像素位置执行两两相减操作,并互相传递对应的两两差值进行求和,若求和结果小于零,则标记被减数所在像素点为最大值位置,否则最大值位置保持初始值不变;S1、S2迭代执行该操作直到遍历完池化窗口;S1、S2输出池化窗口内的最大值位置所在的像素值替代该池化窗口;S1、S2滑动池化窗口,遍历各自的分量图像区域,各自输出池化层结果。After receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the pooling result of the pooling window; after S 1 and S 2 respectively receive the input components of the pooling layer , mark the upper-left pixel point in the respective pooling window as the maximum position; then S 1 and S 2 follow the rules from left to right and from top to bottom, and perform pairwise Subtraction operation, and transfer the corresponding pairwise differences to each other for summation. If the summation result is less than zero, mark the pixel where the minuend is located as the maximum value position, otherwise the maximum value position remains unchanged from the initial value; S 1 , S 2 performs this operation iteratively until the pooling window is traversed; S 1 and S 2 output the pixel value at the position of the maximum value in the pooling window to replace the pooling window; S 1 and S 2 slide the pooling window to traverse their respective The component image regions each output the pooling layer results. 7.根据权利要求6所述的基于隐私保护VGG的密态图像识别方法,其特征在于,所述第一服务器S1和第二服务器S2分别对两个密态分量图像I1、I2执行安全全连接操作的方法为:7. The confidential image recognition method based on privacy-preserving VGG according to claim 6, wherein the first server S 1 and the second server S 2 respectively identify two confidential component images I 1 , I 2 The method to perform secure full connection operation is: 可信服务器T公开的全连接层参数(w;b),对接收到的全连接层的输入x,完整的全连接层的操作是计算y=w·x+b;第一服务器S1接收到输入分量x1,使用参数(w;b)执行全连接操作,即计算y1=w·x1+b;第二服务器S2接收到输入分量x2,使用参数(w;0)执行全连接操作,即计算y2=w·x2+0,且满足x=x1+x2The fully connected layer parameter (w; b) disclosed by the trusted server T, for the received input x of the fully connected layer, the operation of the complete fully connected layer is to calculate y=w x+b; the first server S1 receives To the input component x 1 , use the parameter (w; b) to execute the full connection operation, that is, calculate y 1 =w·x 1 +b; the second server S 2 receives the input component x 2 , and use the parameter (w; 0) to execute The full connection operation is to calculate y 2 =w·x 2 +0 and satisfy x=x 1 +x 2 . 8.根据权利要求7所述的基于隐私保护VGG的密态图像识别方法,其特征在于,接收方β进行解密操作的方法为:第一服务器S1将密态分量图像I1执行完VGG网络前向过程的输出结果O1发送给接收方β;第二服务器S2将密态分量图像I2执行完VGG网络前向过程的输出结果O2发送给接收方β;β执行解密操作,即计算O=O1+O2,得到原始图像I的密态图像特征提取和识别结果。8. The confidential image recognition method based on privacy protection VGG according to claim 7, characterized in that, the receiver β performs the decryption operation as follows: the first server S1 executes the encrypted component image I1 through the VGG network The output result O 1 of the forward process is sent to the receiver β; the second server S 2 sends the output result O 2 of the dense-state component image I 2 after the VGG network forward process is executed to the receiver β; β performs the decryption operation, namely O=O 1 +O 2 is calculated to obtain the dense image feature extraction and recognition results of the original image I. 9.一种采用权利要求1-8任一项所述方法的密态图像识别系统,其特征在于,包括:9. A dense state image recognition system adopting the method according to any one of claims 1-8, characterized in that it comprises: 发送方α,用于进行图像加密操作,即将原始图像随机拆分加密成两个密态分量图像;The sender α is used to perform image encryption operations, that is, to randomly split and encrypt the original image into two dense-state component images; 可信服务器T,用于公开模型训练参数,生成并分发各层的安全函数涉及到的随机安全参数;The trusted server T is used to disclose model training parameters, generate and distribute random security parameters involved in the security functions of each layer; 第一服务器S1和第二服务器S2,用于并行执行隐私保护VGG网络,分别输出密态分量图像的特征提取和识别结果;以及The first server S 1 and the second server S 2 are used to execute the privacy protection VGG network in parallel, and respectively output the feature extraction and recognition results of the dense state component image; and 接收方β,用于进行图像解密操作,即对第一服务器S1和第二服务器S2的输出结果进行合并,得到与原始图像识别结果相同的密态图像识别结果。The receiver β is used to perform image decryption operations, that is, to combine the output results of the first server S 1 and the second server S 2 to obtain the same encrypted image recognition result as the original image recognition result.
CN201911051284.6A 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system Active CN110807484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Publications (2)

Publication Number Publication Date
CN110807484A CN110807484A (en) 2020-02-18
CN110807484B true CN110807484B (en) 2023-05-23

Family

ID=69489803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911051284.6A Active CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Country Status (1)

Country Link
CN (1) CN110807484B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112184701A (en) * 2020-10-22 2021-01-05 中国联合网络通信集团有限公司 Method, device and system for determining detection result
CN113190858B (en) * 2021-04-20 2024-02-02 中国人民大学 Image processing method, system, medium and device based on privacy protection
CN113095430B (en) * 2021-04-26 2022-02-01 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment
CN115017540B (en) * 2022-05-24 2024-07-02 贵州大学 Lightweight privacy protection target detection method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 Image Recognition Method Based on Convolutional Neural Network with Sparsity Random Pooling
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102061345B1 (en) * 2017-12-18 2019-12-31 경희대학교 산학협력단 Method of performing encryption and decryption based on reinforced learning and client and server system performing thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 Image Recognition Method Based on Convolutional Neural Network with Sparsity Random Pooling
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈小凡.卷积神经网络在激光再现防伪图像识别中的应用.《中国优秀硕士论文全文数据库-信息技术辑》.2018,13-55. *

Also Published As

Publication number Publication date
CN110807484A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN110807484B (en) Privacy protection VGG-based dense image recognition method and system
Dhawan et al. SSII: secured and high-quality steganography using intelligent hybrid optimization algorithms for IoT
Sarosh et al. A security management framework for big data in smart healthcare
CN104008520B (en) Color image encryption method based on SHA-384 function, spatiotemporal chaotic system, quantum chaotic system and neural network
Kengnou Telem et al. A simple and robust gray image encryption scheme using chaotic logistic map and artificial neural network
CN107292802A (en) A kind of parallel image encryption method of quantum chaos
Gao et al. Temporal action segmentation for video encryption
Debnath et al. Security analysis with novel image masking based quantum-dot cellular automata information security model
Fadhil et al. Improved security of a deep learning-based steganography system with imperceptibility preservation
CN110991462B (en) Privacy protection CNN-based secret image identification method and system
Yang et al. A general steganographic framework for neural network models
CN116193041A (en) Image encryption method based on multistable memristor and four-dimensional chaotic neural network
Tan et al. Robust coverless image steganography based on human pose estimation
Chen et al. Advances in robust federated learning: Heterogeneity considerations
Wang et al. Applying deep learning to known-plaintext attack on chaotic image encryption schemes
Bashir et al. Towards deep learning-based image steganalysis: practices and open research issues
Bao et al. Color image encryption based on lite dense-ResNet and bit-XOR diffusion
Shao et al. Template protection based on chaotic map for finger vein recognition
CN112906715A (en) Safety image feature extraction and classification method based on deep neural network
TW202443380A (en) Business parameter comparison method, device, system and storage medium
CN115936961B (en) Steganalysis method, equipment and medium based on few-sample comparison learning network
Wang et al. Novel passivity and dissipativity criteria for discrete-time fractional generalized delayed Cohen–Grossberg neural networks
Ren et al. A new data model for the privacy protection of medical images
Gao et al. An Improved Image Processing Based on Deep Learning Backpropagation Technique
Hu et al. Research on encrypted face recognition algorithm based on new combined chaotic map and neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant