CN110807484B - Privacy protection VGG-based dense image recognition method and system - Google Patents

Privacy protection VGG-based dense image recognition method and system Download PDF

Info

Publication number
CN110807484B
CN110807484B CN201911051284.6A CN201911051284A CN110807484B CN 110807484 B CN110807484 B CN 110807484B CN 201911051284 A CN201911051284 A CN 201911051284A CN 110807484 B CN110807484 B CN 110807484B
Authority
CN
China
Prior art keywords
server
image
component
secret
vgg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911051284.6A
Other languages
Chinese (zh)
Other versions
CN110807484A (en
Inventor
熊金波
赵明烽
刘西蒙
毕仁万
田有亮
金彪
林劼
李琦
应作斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Normal University
Original Assignee
Fujian Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Normal University filed Critical Fujian Normal University
Priority to CN201911051284.6A priority Critical patent/CN110807484B/en
Publication of CN110807484A publication Critical patent/CN110807484A/en
Application granted granted Critical
Publication of CN110807484B publication Critical patent/CN110807484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/29Graphical models, e.g. Bayesian networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Image Processing (AREA)

Abstract

The invention relates to a privacy protection VGG-based secret state image recognition method and a system, wherein the method comprises the steps that firstly, a sender encrypts an original image into two secret state component images and sends the two secret state component images to a first server and a second server respectively; the trusted server then discloses the pretraining parameters, the fine tuning training parameters and the preset super parameters of the VGG network, and generates and distributes random security parameters to the first server and the second server; then the first server and the second server respectively execute safe convolution, activation, pooling and full connection layer operation on the two secret component images; and finally, the receiver receives output results from the first server and the second server respectively and performs decryption operation to obtain feature extraction and identification results of the encrypted image. The method and the system are beneficial to improving the accuracy and the image privacy of the identification of the dense state image.

Description

Privacy protection VGG-based dense image recognition method and system
Technical Field
The invention relates to the technical field of deep learning, in particular to a privacy protection VGG-based dense state image recognition method and system.
Background
In recent years, deep learning has been greatly advanced in the field of artificial intelligence, and is applied to various fields such as speech recognition, natural language processing, computer vision, image and video analysis, multimedia, and the like. The image recognition is an important direction of artificial intelligence, and after three stages of character recognition, digital image processing and recognition, object recognition and the like are carried out, the development of deep learning provides a driving force for leap of image recognition algorithm quality, and more natural intelligent interaction is realized. The existing deep learning model belongs to the category of neural networks, and by using a well-known back propagation algorithm, the neural networks can be trained to simulate the mechanism of brain cognition to solve various target learning tasks, and the learning efficiency and accuracy are continuously improved.
The key of image recognition is to extract CNN features from images, and VGG model is the preferred algorithm. The network has the characteristics of small convolution kernel, small pooling kernel, deeper layer number feature map, wider full connection convolution, and better performance in a plurality of migration learning tasks than another excellent convolution neural network model, googLeNet. As the features of the image to be identified become more complex, the accuracy of image detection increases more and more, and the degree of privacy of the information contained therein increases more and more. However, the image detection algorithm of the conventional VGG network cannot provide security for the image information to be detected, and the privacy problem of the image information to be detected needs to be solved. Therefore, in order to ensure privacy security of the image to be detected in the process of image identification by using the VGG network, a privacy protection VGG method and system should be designed. Currently, few solutions for achieving the privacy of the image to be measured for this network exist.
Disclosure of Invention
The invention aims to provide a privacy protection VGG-based method and a privacy protection VGG-based system for recognizing a dense state image, which are beneficial to improving the accuracy and the image privacy of the dense state image recognition.
In order to achieve the above purpose, the invention adopts the following technical scheme: a privacy protection VGG-based secret state image recognition method comprises the steps that firstly, a sender alpha encrypts an original image I into two secret state component images I 1 、I 2 And respectively send to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the trusted server T discloses the pretraining parameters, the fine tuning training parameters and the preset super parameters of the VGG network, and generates and distributes random security parameters to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 Performing security convolution, activation, pooling, and full connection layer operations; finally, the receiver beta receives the data from the first server S 1 And a second server S 2 Output result O of (2) 1 、O 2 And performing decryption operation to obtain feature extraction and recognition result o=o of the dense state image 1 +O 2
Further, the sender α encrypts the original image I into two secret component images I using a (2, 2) -secret segmentation threshold scheme 1 、I 2 The method comprises the following steps:
for an original image I, the transmitter Fang uses a random number generator to generate a random matrix of pixels of the same size as the original image, i.e., a dense component image I 1 And sends to the first server S 1 Then subtracting the dense component image I from the original image I 1 Obtaining a dense component image I 2 And send to the second server S 2 Wherein the random number has a selection field range of [ -2 n-1 ,2 n-1 -1],n=8,16,32,...。
Further, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the safe convolution operation comprises the following steps:
trusted server T public VThe pretraining parameter, the fine tuning training parameter and the super parameter of GG network are set, known as the convolution kernel parameter (w; b) after disclosure, the received image input value is x, and the sender performs splitting operation on the pixels of each position point of the original image I according to the (2, 2) -secret division threshold scheme to obtain the component x 1 And x 2 And x=x 1 +x 2 The method comprises the steps of carrying out a first treatment on the surface of the First server S 1 Using parameters (w; b) for the received input component x 1 Performing a convolution operation; second server S 2 Using a parameter (w; 0) for the received input component x 2 A convolution operation is performed.
Further, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security activation operation comprises the following steps:
the method comprises the steps of inputting u to a received activation layer, calculating a function max (u, 0) through complete activation operation, and keeping the pixel position 0 with u less than 0 and the position with u more than or equal to 0 unchanged; first server S 1 And a second server S 2 Respectively receiving input components of an activation layer, and interactively using a security comparison function SecComp to obtain sign bits of pixel positions of the original images corresponding to the two input components; if the sign bit is equal to 1, S 1 And S is 2 The components are set to 0 respectively, otherwise they remain unchanged.
Further, the secure comparison function SecComp used in the secure activation operation includes a secure binary multiplication function secbiitmul, a secure binary addition function secbiitadd, and a secure bit extraction function secbiitextra, wherein the function secbiitmul is performed as follows:
step A1: the trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; three random numbers are regenerated and distributed to the first server S 1 The method comprises the steps of carrying out a first treatment on the surface of the Performing exclusive OR operation on the three random numbers and the multiplication triplets in sequence, obtaining three new random numbers and sending the new random numbers to the second server S 2
Step A2: first server S 1 Second server S 2 Input branches respectively receiving two multipliers of calling function SecBItMulQuantity, S, using a random multiplication triplet and corresponding random number 1 And S is 2 Finally, respectively obtaining output results, wherein the value of the exclusive OR of the two output results is equal to the value of the two multiplication input component phases, and carrying operation of binary bit is realized;
the function SecBItAdd is performed as follows:
step B1: first server S 1 Second server S 2 Respectively receiving input components of two summands of calling function SecBItMul, S 1 、S 2 Exclusive OR operation is carried out on the two input components respectively to obtain an addend sum which does not contain carry; by calling a function SecBItMul, the bit position 1 where carry exists currently is set; s is S 1 、S 2 The left shift operation is respectively executed, and the shifted results are respectively transmitted to the other side for interaction;
step B2: s is S 1 、S 2 Performing exclusive OR operation on the two new components, judging whether carry exists, and if so, iteratively calling the functions SecBItMul and left shift operation until S 1 、S 2 Adding all carry values of respective addition operations, and jumping out of the loop; s is S 1 、S 2 Respectively outputting the added component results;
the function SecBItExtra is performed as follows:
step C1: the trusted server T randomly generates three random numbers r 1 、r 2 And gamma 1 Calculating r 1 Exclusive OR r 2 Obtain r, r minus gamma 1 Obtaining gamma 2 Will r 1 And gamma 1 Distribution to S 1 Will r 2 And gamma 2 Distribution to S 2
Step C2: first server S 1 And a second server S 2 Receiving respective input components, subtracting γ from the input components, respectively 1 、γ 2 Obtaining t 1 、t 2 ;S 2 Let t 2 Pass to S 1 ;S 1 Calculating t 1 、t 2 The sum is v, and generates a random number v 1 Calculating v exclusive OR v 1 Obtain v 2 Parallel transmissionPass to S 2 ;S 1 And S is 2 Interactively using the function SecBItAdd, i.e. S 1 Input r 1 And v 1 ,S 2 Input r 2 And v 2 ;S 1 、S 2 Respectively obtaining component output values;
step C3: s is S 1 、S 2 Respectively receiving the component output after the function SecBItAdd is called, respectively judging the positive and negative of the output result, if the result is smaller than zero, respectively setting the symbol position 1, otherwise setting 0; s is S 1 、S 2 Interactively transmitting the respective sign bit, and simultaneously carrying out exclusive OR operation on the sign bits of the two sides to obtain a final sign bit result; s is S 1 、S 2 And respectively outputting a common final sign bit result.
Further, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security pooling operation comprises the following steps:
after receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the pooled result of the area; s is S 1 And S is 2 After receiving the input components of the pooling layers respectively, marking the pixel point at the upper left corner in each pooling window as the maximum position; then S 1 、S 2 The method comprises the steps of following a rule from left to right and from top to bottom, simultaneously executing two-by-two subtraction operation on pixel positions in respective pooling windows, transmitting corresponding two-by-two difference values mutually to sum, marking the pixel point where the subtracted number is located as a maximum value position if the summation result is smaller than zero, and otherwise, keeping the initial value of the maximum value position unchanged; s is S 1 、S 2 Iteratively performing the operation until the pooling window is traversed; s is S 1 、S 2 Outputting a pixel value of the maximum value position in the pooling window to replace the pooling window; s is S 1 、S 2 Sliding a pooling window, traversing the respective component image areas, and outputting pooling layer results.
Further, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 Execution security integrityThe method for connecting operation comprises the following steps:
the trusted server T discloses the parameters (w; b) of the full connection layer, the input x of the received full connection layer is calculated as y=w.x+b; first server S 1 Receiving an input component x 1 Performing full join operations using parameters (w; b), i.e. calculating y 1 =w·x 1 +b; second server S 2 Receiving an input component x 2 Performing full join operations using parameters (w; 0), i.e. calculating y 2 =w·x 2 +0, and satisfies x=x 1 +x 2
Further, the method for decryption operation by the receiver beta comprises the following steps: first server S 1 Image I of the dense state component 1 Output result O of VGG network forward procedure 1 Transmitting to the receiver beta; second server S 2 Image I of the dense state component 2 Output result O of VGG network forward procedure 2 Transmitting to the receiver beta; beta performs a decryption operation, i.e. calculates o=o 1 +O 2 And obtaining the dense state image characteristic extraction and identification result of the original image I.
The invention also provides a system for recognizing the dense state image by adopting the method, which comprises the following steps:
the sender alpha is used for carrying out image encryption operation, namely randomly splitting and encrypting an original image into two secret state component images;
the trusted server T is used for disclosing model training parameters, generating and distributing random security parameters related to security functions of each layer;
first server S 1 And a second server S 2 The privacy protection VGG network is used for executing privacy protection in parallel, and respectively outputting the feature extraction and the recognition results of the secret state component images; and
a receiver beta for performing image decryption operation, i.e. to the first server S 1 And a second server S 2 And combining the output results of the image recognition module to obtain a dense image recognition result which is the same as the original image recognition result.
Compared with the prior art, the invention has the following beneficial effects: the invention uses a secret division threshold scheme to encrypt an original image, uses two random split secret state component images to execute a privacy protection VGG network in parallel, and finally obtains the same privilege extraction and identification effect as the original image by combining the output results of the secret state component images. The result is output for any component, and the original image privacy is not revealed. The invention not only ensures the privacy safety of the original image to be detected in the identification process, but also ensures that the splitting operation does not influence the accuracy of identification detection, thereby realizing the safety without sacrificing the detection precision.
Drawings
FIG. 1 is a flow chart of a method implementation of an embodiment of the present invention.
Fig. 2 is a schematic diagram of the system configuration of an embodiment of the present invention.
Detailed Description
The invention will be described in further detail with reference to the accompanying drawings and specific examples.
The invention randomly splits the image to be detected into two component images which cannot be distinguished, and sends the component images to two competing servers to respectively carry out VGG network processing. By constructing a safety function with interaction property to replace layers of each type of the traditional VGG network, the effect that two component images are combined after being processed by the VGG network in parallel is equivalent to the effect that the original image is processed by the VGG network.
Based on the above thought, the present invention provides a privacy protection VGG-based method for recognizing a secret image, as shown in FIG. 1, firstly, a sender α encrypts an original image I into two secret component images I 1 、I 2 And respectively send to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the trusted server T discloses the pretraining parameters, the fine tuning training parameters and the preset super parameters of the VGG network, and generates and distributes random security parameters to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 Performing secure convolution, activation, pooling, and perfonningA connection layer operation; finally, the receiver beta receives the data from the first server S 1 And a second server S 2 Output result O of (2) 1 、O 2 And performing decryption operation to obtain feature extraction and recognition result o=o of the dense state image 1 +O 2
In this embodiment, the sender α encrypts the original image I into two secret component images I using a (2, 2) -secret segmentation threshold scheme 1 、I 2 The method comprises the following steps:
for an original image I, the transmitter Fang uses a random number generator to generate a random matrix of pixels of the same size as the original image, i.e., a dense component image I 1 And sends to the first server S 1 Then subtracting the dense component image I from the original image I 1 Obtaining a dense component image I 2 And send to the second server S 2 Wherein the random number has a selection field range of [ -2 n-1 ,2 n-1 -1],n=8,16,32,...。
In this embodiment, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the safe convolution operation comprises the following steps:
the trusted server T discloses pretraining parameters, fine tuning training parameters and super parameter setting of the VGG network, known as the disclosed convolution kernel parameters (w; b), the received image input value is x, and a sender performs splitting operation on pixels of all positions of an original image I according to a (2, 2) -secret segmentation threshold scheme to obtain a component x 1 And x 2 And x=x 1 +x 2 The method comprises the steps of carrying out a first treatment on the surface of the First server S 1 Using parameters (w; b) for the received input component x 1 Performing a convolution operation; second server S 2 Using a parameter (w; 0) for the received input component x 2 A convolution operation is performed.
In this embodiment, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security activation operation comprises the following steps:
received and received at the receiverThe complete activation operation is to calculate a function max (u, 0), and the pixel position 0 with u less than 0 is kept unchanged, wherein u is more than or equal to 0; first server S 1 And a second server S 2 Respectively receiving input components of an activation layer, and interactively using a security comparison function SecComp to obtain sign bits of pixel positions of the original images corresponding to the two input components; if the sign bit is equal to 1, S 1 And S is 2 The components are set to 0 respectively, otherwise they remain unchanged.
Wherein the secure comparison function SecComp used in the secure activation operation includes a secure binary multiplication function secbmul, a secure binary addition function SecBitAdd, and a secure bit extraction function secbizextra.
The function SecBItMul is performed as follows:
step A1: the trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; three random numbers are regenerated and distributed to the first server S 1 The method comprises the steps of carrying out a first treatment on the surface of the Performing exclusive OR operation on the three random numbers and the multiplication triplets in sequence, obtaining three new random numbers and sending the new random numbers to the second server S 2
Step A2: first server S 1 Second server S 2 The input components of the two multipliers of the calling function secbi mul are received separately (e.g. known multiplier r=r 1 +r 2 、v=v 1 +v 2 ,S 1 Received r 1 、v 1 ,S 2 Received r 2 、v 2 ) S using a random multiplication triplet and corresponding random number 1 And S is 2 And finally, respectively obtaining output results, wherein the value of the exclusive OR of the two output results is equal to the value of the two multiplication input component phases, and carrying operation of binary bit is realized.
The function SecBItAdd is performed as follows:
step B1: first server S 1 Second server S 2 The input components of the two addends of the calling function secbi mul are received separately (e.g. known addend r=r 1 +r 2 、v=v 1 +v 2 ,S 1 Received r 1 、v 1 ,S 2 Received r 2 、v 2 ),S 1 、S 2 Exclusive OR operation is carried out on the two input components respectively to obtain an addend sum which does not contain carry; by calling a function SecBItMul, the bit position 1 where carry exists currently is set; s is S 1 、S 2 The left shift operation is respectively executed, and the shifted results are respectively transmitted to the other side for interaction;
step B2: s is S 1 、S 2 Performing exclusive OR operation on the two new components, judging whether carry exists, and if so, iteratively calling the functions SecBItMul and left shift operation until S 1 、S 2 Adding all carry values of respective addition operations, and jumping out of the loop; s is S 1 、S 2 And outputting the added component results respectively.
The function SecBItExtra is performed as follows:
step C1: the trusted server T randomly generates three random numbers r 1 、r 2 And gamma 1 Calculating r 1 Exclusive OR r 2 Obtain r, r minus gamma 1 Obtaining gamma 2 Will r 1 And gamma 1 Distribution to S 1 Will r 2 And gamma 2 Distribution to S 2
Step C2: first server S 1 And a second server S 2 Receiving respective input components, subtracting γ from the input components, respectively 1 、γ 2 Obtaining t 1 、t 2 ;S 2 Let t 2 Pass to S 1 ;S 1 Calculating t 1 、t 2 The sum is v, and generates a random number v 1 Calculating v exclusive OR v 1 Obtain v 2 And is transferred to S 2 ;S 1 And S is 2 Interactively using the function SecBItAdd, i.e. S 1 Input r 1 And v 1 ,S 2 Input r 2 And v 2 ;S 1 、S 2 Respectively obtaining component output values;
step C3: s is S 1 、S 2 Respectively receiving the component output after calling the function SecBItAdd, respectively judging the positive and negative of the output result, ifIf the symbol position is smaller than zero, the symbol position is 1, otherwise, the symbol position is 0; s is S 1 、S 2 Interactively transmitting the respective sign bit, and simultaneously carrying out exclusive OR operation on the sign bits of the two sides to obtain a final sign bit result; s is S 1 、S 2 And respectively outputting a common final sign bit result.
In this embodiment, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security pooling operation comprises the following steps:
after receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the pooled result of the area; s is S 1 And S is 2 After receiving the input components of the pooling layers respectively, marking the pixel point at the upper left corner in each pooling window as the maximum position; then S 1 、S 2 The method comprises the steps of following a rule from left to right and from top to bottom, simultaneously executing two-by-two subtraction operation on pixel positions in respective pooling windows, transmitting corresponding two-by-two difference values mutually to sum, marking the pixel point where the subtracted number is located as a maximum value position if the summation result is smaller than zero, and otherwise, keeping the initial value of the maximum value position unchanged; s is S 1 、S 2 Iteratively performing the operation until the pooling window is traversed; s is S 1 、S 2 Outputting a pixel value of the maximum value position in the pooling window to replace the pooling window; s is S 1 、S 2 Sliding a pooling window, traversing the respective component image areas, and outputting pooling layer results.
In this embodiment, the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the safe full connection operation comprises the following steps:
the trusted server T discloses the parameters (w; b) of the full connection layer, the input x of the received full connection layer is calculated as y=w.x+b; first server S 1 Receiving an input component x 1 Performing full join operations using parameters (w; b), i.e. calculating y 1 =w·x 1 +b; second server S 2 Receiving inputComponent x 2 Performing full join operations using parameters (w; 0), i.e. calculating y 2 =w·x 2 +0, and satisfies x=x 1 +x 2
In this embodiment, the method for decryption performed by the receiver β is as follows: first server S 1 Image I of the dense state component 1 Output result O of VGG network forward procedure 1 Transmitting to the receiver beta; second server S 2 Image I of the dense state component 2 Output result O of VGG network forward procedure 2 Transmitting to the receiver beta; beta performs a decryption operation, i.e. calculates o=o 1 +O 2 And obtaining the dense state image characteristic extraction and identification result of the original image I.
The invention also provides a system for recognizing the dense state image by adopting the method, as shown in figure 2, comprising a sender alpha, a trusted server T and a first server S 1 Second server S 2 And a receiver β.
The sender alpha is used for performing image encryption operation, namely randomly splitting and encrypting an original image into two secret state component images;
the trusted server T is used for disclosing model training parameters, and generating and distributing random security parameters related to security functions of each layer;
the first server S 1 And a second server S 2 The privacy protection VGG network is used for executing privacy protection in parallel, and feature extraction and recognition results of the secret state component images are respectively output;
the receiver beta is used for performing image decryption operation, namely, to the first server S 1 And a second server S 2 And combining the output results of the image recognition module to obtain a dense image recognition result which is the same as the original image recognition result.
The above is a preferred embodiment of the present invention, and all changes made according to the technical solution of the present invention belong to the protection scope of the present invention when the generated functional effects do not exceed the scope of the technical solution of the present invention.

Claims (9)

1. Privacy protection VGG-based dense image recognition methodCharacterized in that firstly the sender α encrypts the original image I into two secret component images I 1 、I 2 And respectively send to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the trusted server T discloses the pretraining parameters, the fine tuning training parameters and the preset super parameters of the VGG network, and generates and distributes random security parameters to the first server S 1 And a second server S 2 The method comprises the steps of carrying out a first treatment on the surface of the Then the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 Performing security convolution, activation, pooling, and full connection layer operations; finally, the receiver beta receives the data from the first server S 1 And a second server S 2 Output result O of (2) 1 、O 2 And performing decryption operation to obtain feature extraction and recognition result o=o of the dense state image 1 +O 2
2. The privacy-preserving VGG-based secret image recognition method of claim 1, wherein the sender α encrypts the original image I into two secret component images I using a (2, 2) -secret division threshold scheme 1 、I 2 The method comprises the following steps:
for an original image I, the transmitter Fang uses a random number generator to generate a random matrix of pixels of the same size as the original image, i.e., a dense component image I 1 And sends to the first server S 1 Then subtracting the dense component image I from the original image I 1 Obtaining a dense component image I 2 And send to the second server S 2 Wherein the random number has a selection field range of [ -2 n-1 ,2 n-1 -1],n=8,16,32,...。
3. The privacy-preserving VGG-based dense image recognition method of claim 2, wherein the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the safe convolution operation comprises the following steps:
trusted server TdisclosureThe pretraining parameter, the fine tuning training parameter and the super parameter of the VGG network are set, the disclosed convolution kernel parameter (w; b) is known, the received image input value is x, and a sender performs splitting operation on pixels of all position points of an original image I according to a (2, 2) -secret segmentation threshold scheme to obtain a component x 1 And x 2 And x=x 1 +x 2 The method comprises the steps of carrying out a first treatment on the surface of the First server S 1 Using parameters (w; b) for the received input component x 1 Performing a convolution operation; second server S 2 Using a parameter (w; 0) for the received input component x 2 A convolution operation is performed.
4. The privacy-preserving VGG-based dense image recognition method of claim 3, wherein the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security activation operation comprises the following steps:
the method comprises the steps of inputting u to a received activation layer, calculating a function max (u, 0) through complete activation operation, and keeping the pixel position 0 with u less than 0 and the position with u more than or equal to 0 unchanged; first server S 1 And a second server S 2 Respectively receiving input components of an activation layer, and interactively using a security comparison function SecComp to obtain sign bits of pixel positions of the original images corresponding to the two input components; if the sign bit is equal to 1, S 1 And S is 2 The components are set to 0 respectively, otherwise they remain unchanged.
5. The privacy-preserving VGG-based dense-state image recognition method of claim 4, wherein the secure comparison function SecComp used in the secure activation operation includes a secure binary multiplication function secbiitmul, a secure binary addition function secbiitadd, and a secure bit extraction function secbiitextra, wherein the function secbiitmul is performed as follows:
step A1: the trusted server T randomly generates a multiplication triplet, and the third number is the product of the first two numbers; three random numbers are regenerated and distributed to the first server S 1 The method comprises the steps of carrying out a first treatment on the surface of the Three random numbers and multiplication triplets are sequentially combinedCorrespondingly performing exclusive OR operation to obtain three new random numbers and sending the three new random numbers to the second server S 2
Step A2: first server S 1 Second server S 2 Respectively receiving input components of two multipliers of calling function SecBItMul, using random multiplication triplet and corresponding random number, S 1 And S is 2 Finally, respectively obtaining output results, wherein the value of the exclusive OR of the two output results is equal to the value of the two multiplication input component phases, and carrying operation of binary bit is realized;
the function SecBItAdd is performed as follows:
step B1: first server S 1 Second server S 2 Respectively receiving input components of two summands of calling function SecBItMul, S 1 、S 2 Exclusive OR operation is carried out on the two input components respectively to obtain an addend sum which does not contain carry; by calling a function SecBItMul, the bit position 1 where carry exists currently is set; s is S 1 、S 2 The left shift operation is respectively executed, and the shifted results are respectively transmitted to the other side for interaction;
step B2: s is S 1 、S 2 Performing exclusive OR operation on the two new components, judging whether carry exists, and if so, iteratively calling the functions SecBItMul and left shift operation until S 1 、S 2 Adding all carry values of respective addition operations, and jumping out of the loop; s is S 1 、S 2 Respectively outputting the added component results;
the function SecBItExtra is performed as follows:
step C1: the trusted server T randomly generates three random numbers r 1 、r 2 And gamma 1 Calculating r 1 Exclusive OR r 2 Obtain r, r minus gamma 1 Obtaining gamma 2 Will r 1 And gamma 1 Distribution to S 1 Will r 2 And gamma 2 Distribution to S 2
Step C2: first server S 1 And a second server S 2 Receiving respective input components, subtracting γ from the input components, respectively 1 、γ 2 Obtaining t 1 、t 2 ;S 2 Let t 2 Pass to S 1 ;S 1 Calculating t 1 、t 2 The sum is v, and generates a random number v 1 Calculating v exclusive OR v 1 Obtain v 2 And is transferred to S 2 ;S 1 And S is 2 Interactively using the function SecBItAdd, i.e. S 1 Input r 1 And v 1 ,S 2 Input r 2 And v 2 ;S 1 、S 2 Respectively obtaining component output values;
step C3: s is S 1 、S 2 Respectively receiving the component output after the function SecBItAdd is called, respectively judging the positive and negative of the output result, if the result is smaller than zero, respectively setting the symbol position 1, otherwise setting 0; s is S 1 、S 2 Interactively transmitting the respective sign bit, and simultaneously carrying out exclusive OR operation on the sign bits of the two sides to obtain a final sign bit result; s is S 1 、S 2 And respectively outputting a common final sign bit result.
6. The privacy-preserving VGG-based dense image recognition method of claim 5, wherein the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the security pooling operation comprises the following steps:
after receiving the input of the pooling layer, the complete MAX-POOL operation is to select the maximum value in the pooling window as the pooled result of the pooling window; s is S 1 And S is 2 After receiving the input components of the pooling layers respectively, marking the pixel point at the upper left corner in each pooling window as the maximum position; then S 1 、S 2 The method comprises the steps of following a rule from left to right and from top to bottom, simultaneously executing two-by-two subtraction operation on pixel positions in respective pooling windows, transmitting corresponding two-by-two difference values mutually to sum, marking the pixel point where the subtracted number is located as a maximum value position if the summation result is smaller than zero, and otherwise, keeping the initial value of the maximum value position unchanged; s is S 1 、S 2 Iteratively performing the operation until the pooling window is traversed; s is S 1 、S 2 Outputting a pixel value of the maximum value position in the pooling window to replace the pooling window; s is S 1 、S 2 Sliding a pooling window, traversing the respective component image areas, and outputting pooling layer results.
7. The privacy-preserving VGG-based dense image recognition method of claim 6, wherein the first server S 1 And a second server S 2 For two secret component images I respectively 1 、I 2 The method for executing the safe full connection operation comprises the following steps:
the trusted server T discloses the parameters (w; b) of the full connection layer, the input x of the received full connection layer is calculated as y=w.x+b; first server S 1 Receiving an input component x 1 Performing full join operations using parameters (w; b), i.e. calculating y 1 =w·x 1 +b; second server S 2 Receiving an input component x 2 Performing full join operations using parameters (w; 0), i.e. calculating y 2 =w·x 2 +0, and satisfies x=x 1 +x 2
8. The privacy-preserving VGG-based secret image recognition method of claim 7, wherein the method for the receiver β to perform the decryption operation is as follows: first server S 1 Image I of the dense state component 1 Output result O of VGG network forward procedure 1 Transmitting to the receiver beta; second server S 2 Image I of the dense state component 2 Output result O of VGG network forward procedure 2 Transmitting to the receiver beta; beta performs a decryption operation, i.e. calculates o=o 1 +O 2 And obtaining the dense state image characteristic extraction and identification result of the original image I.
9. A dense image recognition system employing the method of any of claims 1-8, comprising:
the sender alpha is used for carrying out image encryption operation, namely randomly splitting and encrypting an original image into two secret state component images;
the trusted server T is used for disclosing model training parameters, generating and distributing random security parameters related to security functions of each layer;
first server S 1 And a second server S 2 The privacy protection VGG network is used for executing privacy protection in parallel, and respectively outputting the feature extraction and the recognition results of the secret state component images; and
a receiver beta for performing image decryption operation, i.e. to the first server S 1 And a second server S 2 And combining the output results of the image recognition module to obtain a dense image recognition result which is the same as the original image recognition result.
CN201911051284.6A 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system Active CN110807484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911051284.6A CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Publications (2)

Publication Number Publication Date
CN110807484A CN110807484A (en) 2020-02-18
CN110807484B true CN110807484B (en) 2023-05-23

Family

ID=69489803

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911051284.6A Active CN110807484B (en) 2019-10-31 2019-10-31 Privacy protection VGG-based dense image recognition method and system

Country Status (1)

Country Link
CN (1) CN110807484B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112184701A (en) * 2020-10-22 2021-01-05 中国联合网络通信集团有限公司 Method, device and system for determining detection result
CN113190858B (en) * 2021-04-20 2024-02-02 中国人民大学 Image processing method, system, medium and device based on privacy protection
CN113095430B (en) * 2021-04-26 2022-02-01 北京瑞莱智慧科技有限公司 Model updating method capable of protecting privacy, object identification method, system, device, medium and equipment
CN115017540B (en) * 2022-05-24 2024-07-02 贵州大学 Lightweight privacy protection target detection method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 The image-recognizing method of convolutional neural networks based on openness random pool
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102061345B1 (en) * 2017-12-18 2019-12-31 경희대학교 산학협력단 Method of performing encryption and decryption based on reinforced learning and client and server system performing thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107871136A (en) * 2017-03-22 2018-04-03 中山大学 The image-recognizing method of convolutional neural networks based on openness random pool
CN107958259A (en) * 2017-10-24 2018-04-24 哈尔滨理工大学 A kind of image classification method based on convolutional neural networks
CN109831422A (en) * 2019-01-17 2019-05-31 中国科学院信息工程研究所 A kind of encryption traffic classification method based on end-to-end sequence network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈小凡.卷积神经网络在激光再现防伪图像识别中的应用.《中国优秀硕士论文全文数据库-信息技术辑》.2018,13-55. *

Also Published As

Publication number Publication date
CN110807484A (en) 2020-02-18

Similar Documents

Publication Publication Date Title
CN110807484B (en) Privacy protection VGG-based dense image recognition method and system
Dhawan et al. SSII: secured and high-quality steganography using intelligent hybrid optimization algorithms for IoT
Huang et al. A lightweight privacy-preserving CNN feature extraction framework for mobile sensing
Ma et al. Lightweight privacy-preserving ensemble classification for face recognition
US12113891B2 (en) Encrypting and decrypting information
US9787647B2 (en) Secure computer evaluation of decision trees
Xiong et al. Toward lightweight, privacy-preserving cooperative object classification for connected autonomous vehicles
Liu et al. Intelligent and secure content-based image retrieval for mobile users
CN114936650A (en) Method and device for jointly training business model based on privacy protection
CN110991462B (en) Privacy protection CNN-based secret image identification method and system
CN109919824B (en) Color image zero watermarking method based on fast quaternion generalized extremely complex exponential transformation
CN115580687B (en) Multi-image encryption method based on variable parameter hyperchaotic system and S-shaped diffusion
CN115510502B (en) PCA method and system for privacy protection
Guo et al. Optical image encryption and authentication scheme with computational ghost imaging
CN112800444A (en) Color image encryption method based on two-dimensional chaotic mapping
Kumar et al. A GRU and chaos-based novel image encryption approach for transport images
Ibarrondo et al. Banners: Binarized neural networks with replicated secret sharing
Cao et al. Privacy-preserving healthcare monitoring for IoT devices under edge computing
Wang et al. Color image encryption based on discrete memristor logistic map and DNA encoding
Fadhil et al. Improved Security of a Deep Learning-Based Steganography System with Imperceptibility Preservation
Yang et al. A general steganographic framework for neural network models
Reyad et al. Hash-enhanced elliptic curve bit-string generator for medical image encryption
CN112906715A (en) Safety image feature extraction and classification method based on deep neural network
Ahmad et al. A pixel-based encryption method for privacy-preserving deep learning models
CN117675270A (en) Multi-mode data encryption transmission method and system for longitudinal federal learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant