CN112434323A - Model parameter obtaining method and device, computer equipment and storage medium - Google Patents
Model parameter obtaining method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN112434323A CN112434323A CN202011399934.9A CN202011399934A CN112434323A CN 112434323 A CN112434323 A CN 112434323A CN 202011399934 A CN202011399934 A CN 202011399934A CN 112434323 A CN112434323 A CN 112434323A
- Authority
- CN
- China
- Prior art keywords
- data
- gradient
- target
- database
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 160
- 230000008569 process Effects 0.000 claims abstract description 87
- 238000010801 machine learning Methods 0.000 claims abstract description 55
- 238000012545 processing Methods 0.000 claims abstract description 50
- 238000012549 training Methods 0.000 claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims description 92
- 230000006870 function Effects 0.000 claims description 54
- 230000004044 response Effects 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012216 screening Methods 0.000 claims description 15
- 238000013500 data storage Methods 0.000 claims description 11
- 230000007246 mechanism Effects 0.000 description 26
- 230000008520 organization Effects 0.000 description 19
- 238000004422 calculation algorithm Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 8
- 238000012544 monitoring process Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000013135 deep learning Methods 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 239000011159 matrix material Substances 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a model parameter obtaining method and device, computer equipment and a storage medium, and relates to the technical field of machine learning models. The method comprises the following steps: acquiring a first gradient of original data in a first database; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
Description
Technical Field
The invention relates to the technical field of machine learning models, in particular to a model parameter obtaining method and device, computer equipment and a storage medium.
Background
With the continuous evolution of the big data era, more and more data are contained in the existing database, and it is very common to train the model by calling the data in the database.
Currently, for each independent database, the databases may be regarded as a data island, and different data of the same user may exist in the databases. For example, there are two databases, which contain the same users but have respective data features, and in the process of training the machine learning model, each database may be trained by using its own data features, or the data features of multiple databases may be combined to achieve the effect of combined modeling. In the joint modeling process, when data is encrypted, a homomorphic encryption mode is mainly used.
In the scheme, a homomorphic encryption mode is adopted in the combined modeling process and needs to be established under the condition of a half-honest assumption, so that the risk of data leakage exists, and the problem of low data safety in the modeling process is caused.
Disclosure of Invention
The embodiment of the application provides a method and a device for obtaining model parameters, computer equipment and a storage medium, which can improve the confidentiality of data in a modeling process and increase the security of the data. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides a method for obtaining model parameters, where the method includes:
acquiring a first gradient of original data in a first database;
performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training a machine learning model.
In one aspect, an embodiment of the present application provides a model parameter obtaining apparatus, where the apparatus includes:
the acquisition module is used for acquiring a first gradient of the original data in the first database; performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and the processing module is used for calculating a target parameter according to the first target gradient, wherein the target parameter is a parameter to be determined for training a machine learning model.
In another aspect, an embodiment of the present application provides a computer device, including a memory and a processor, where the memory stores a computer program, and when the computer program is executed by the processor, the processor is enabled to implement the model parameter obtaining method according to the above aspect.
In another aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and when executed by a processor, the computer program implements the model parameter obtaining method according to the above aspect.
In another aspect, the present application provides a computer program product, which when run on a computer, causes the computer to execute the model parameter obtaining method according to the above one aspect.
In another aspect, an embodiment of the present application provides an application publishing platform, where the application publishing platform is configured to publish a computer program product, where when the computer program product runs on a computer, the computer is caused to execute the model parameter obtaining method according to the above aspect.
The technical scheme provided by the embodiment of the application can at least comprise the following beneficial effects:
in the present application, by obtaining a first gradient of raw data in a first database; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a joint modeling to which an exemplary embodiment of the present application relates;
FIG. 2 is a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application;
FIG. 3 is a flowchart of a method for model parameter acquisition according to an exemplary embodiment of the present application;
FIG. 4 is a schematic structural diagram of an A mechanism provided in an exemplary embodiment of the present application;
FIG. 5 is a flowchart of a method for model parameter acquisition according to an exemplary embodiment of the present application;
fig. 6 is a block diagram of a model parameter obtaining apparatus according to an exemplary embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Reference herein to "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The scheme provided by the application can be used in a real scene in which an application program runs in a terminal when people use the terminal in daily life, and for convenience of understanding, some terms and application scenes related to the embodiment of the application are first briefly introduced below.
Machine learning is a multi-disciplinary cross specialty, covers probability theory knowledge, statistical knowledge, approximate theoretical knowledge and complex algorithm knowledge, uses a computer as a tool and is dedicated to a real-time simulation human learning mode, and knowledge structure division is carried out on the existing content to effectively improve learning efficiency.
Federal machine learning (fed machine learning/fed learning), also known as federal learning, joint learning, league learning. Federal machine learning is a machine learning framework, and can effectively help a plurality of organizations to perform data use and machine learning modeling under the condition of meeting the requirements of user privacy protection, data safety and government regulations.
Vertical federal learning (vertical federal learning), which is to say, the training data of each participant is divided vertically, wherein different data characteristics of a common sample of a plurality of participants are combined for federal learning. Vertical federal learning, also known as sample-aligned federal learning (sample-aligned fed learning), i.e., training samples of participants in vertical federal learning are aligned, can increase training data feature dimensions.
Random response technology (randomised response) is a research method used in structured interviews, and is a standard local variance privacy perturbation mechanism.
The gradient is a vector (vector) indicating that the directional derivative of a certain function at that point takes a maximum value along that direction, i.e. the function changes most rapidly and at the point along that direction (the direction of this gradient) with the greatest rate of change (being the modulus of the gradient).
With the continuous evolution of big data era, various industries strive to change ideas in advance, and change from empiric meaning to data intelligent era of carrying out analysis and decision by relying on data.
At present, various organizations, companies, manufacturers and the like have the ability to establish their own databases, and with the increasing number of users and frequent use of users, the data of the users that can be stored in the databases is increasing, and in the aspect of machine learning, the data stored in the databases can be used for model training, so as to obtain the machine learning model that is desired to be obtained. The more data, the richer the feature types and the more accurate the labels are adopted in the training process of the machine learning model, and the stronger the prediction capability and the higher the accuracy of the model generated by different machine learning and deep learning algorithms through the data are.
However, since there is physical isolation between organizations, companies, manufacturers, etc., for example, databases of the organizations do not intercommunicate, and each organization stores respective data, and the data in the database of each organization is equivalent to exist in the form of data islands inside each organization. When two different organizations exist, most of their users are the same, but each has respective characteristics, if modeling of the characteristics can be combined, the model effect is often due to independent modeling, namely federal machine learning, for example, organization A is a bank, and has characteristics in credit; the organization B is an insurance company, and has features of property health, etc., and if the two organizations are located together, users of the two organizations may overlap for a large part. If the joint modeling is to be realized, generally, the organization a directly transmits corresponding data and characteristics to the organization B through a trusted channel, or the two organizations simultaneously transmit respective data to a trusted third party for fusion modeling.
Refer to FIG. 1, which illustrates a schematic structural diagram of a joint modeling in accordance with an exemplary embodiment of the present application. As shown in fig. 1, a number of computer devices 101, a central computer device 102, are included.
Optionally, the plurality of computer devices 101 may be servers or terminals, where a server may be one server, or a plurality of servers, or one virtualization platform, or one cloud computing service center. The terminal may be a mobile phone, a tablet computer, an e-book reader, smart glasses, a smart watch, a notebook computer, a laptop portable computer, a desktop computer, and the like.
The central computer device 102 may also be a server or a terminal as described above.
When the joint model training is performed, the computer device may transmit data and features of a database in an organization corresponding to the computer device through a trusted channel to a computer device (for example, another computer device in the computer devices 101) corresponding to another organization, so as to implement data intercommunication between two or more organizations and further perform joint modeling. Or, the computer device may also send the data and features of the database in the organization corresponding to the computer device to the central computer device 102 (the central computer device 102 serves as a trusted third party), and the central computer device 102 performs joint modeling on the received data of the other computer devices, so as to finally train the model.
Optionally, the computer devices may be connected through a communication network, and optionally, the communication network is a wired network or a wireless network.
Optionally, the wireless network or wired network described above uses standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible Markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet Protocol Security (IPsec). In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.
However, with the release of the european union General Data Protection Regulation (GDPR) and the corresponding data privacy protection regulation of domestic response to departure, it is increasingly not feasible to directly perform fusion modeling of data between different organizations. Therefore, for joint modeling, the methods commonly used in the industry at present are mainly classified into the following two types: 1) by means of manually carrying data, 2) by longitudinal federal learning based on homomorphic encryption.
The method for manually carrying data comprises the following steps: the mechanism A dispatches a modeling worker to carry the identity identification number (ID) and the characteristics of the encrypted sample to a modeling machine of the mechanism B through a physical storage device, the modeling worker of the mechanism B uploads the encrypted sample and the characteristics to the modeling machine, and data integration and modeling are carried out in an encrypted sample alignment mode. The whole process needs the participation of modeling personnel of the mechanisms A and B, and hidden data leakage hazards exist.
The longitudinal federated modeling scheme based on homomorphic encryption is as follows: a longitudinal federal learning framework is deployed in the organization A and the organization B, and model training gradients are encrypted in a homomorphic encryption mode and then are mutually transmitted, so that the purpose of combined modeling is achieved. The scheme needs to be established under the condition of a semi-honest assumption, so that if an attacker with background knowledge exists, the hidden danger of data leakage exists. In addition, under the existing calculation force condition, the realization of homomorphic or semi-homomorphic encryption algorithm can reduce the modeling efficiency and increase the training time of the model.
In order to solve the problem of risk of data leakage and low data security in the joint modeling process in the related art, the present application provides a model parameter obtaining method, please refer to fig. 2, which shows a method flowchart of a model parameter obtaining method provided in an exemplary embodiment of the present application. The method can be applied to a computer device shown in fig. 1, and executed by the computer device, as shown in fig. 2, the model parameter obtaining method can include the following steps.
The first database may be any one of databases, for example, the first database may be a database of a certain bank, a database of an insurance company, a database of a communication company, and the like. The raw data in the database may be data stored in the database in a two-dimensional matrix. Alternatively, the raw data may be stored in the form of samples and variables (data characteristics) in the database. Please refer to table 1, which shows a schematic structure of a kind of original data related to an exemplary embodiment of the present application.
TABLE 1
| Sample(s) | Variable one | Variable two | Variable three | …… |
| Sample one | a | b | c | …… |
| Sample two | d | e | f | …… |
| Sample three | h | i | j | …… |
| …… | …… | …… | …… | …… |
As shown in table 1, for each sample, there may be multiple variables. Where a and b … … j each represent a value corresponding to each variable. Optionally, the computer device may calculate, for each sample, a first gradient corresponding to each sample for the raw data in the first database.
Optionally, the computer device performs Local Differential Privacy (LDP) processing on the obtained first gradient, where the processed first gradient is a first target gradient.
And step 203, calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model.
The process of training the machine learning model can be regarded as a determination process of parameters to be determined in the machine learning model, and the target parameters calculated here are just the parameters to be determined in the machine learning model. Optionally, the computer device may bring the first target gradient into a calculation formula of the target parameter, so as to perform iterative calculation to obtain a final target parameter.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
In a possible implementation manner, the machine learning model is a longitudinal federal learning model, and in the scheme, computer equipment of a first organization (any one of the organizations) is used as an execution main body, and second target gradients of other organizations are acquired, so that data interaction in a process of building a joint model between different organizations is realized. And the second target gradient is obtained after LDP processing is carried out on the second gradient of the original data of the second database.
Referring to fig. 3, a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application is shown. The method can be applied to a computer device shown in fig. 1, and executed by the computer device, as shown in fig. 3, the model parameter obtaining method can include the following steps.
The original data in the first database is as described in the embodiment of fig. 2, and will not be described herein again.
Optionally, the computer device may obtain, according to the original data in the first database, a mathematical index of each data feature corresponding to the original data, where the mathematical index may be one or more of a missing value, a variance, and a standard deviation; and the computer equipment screens all the data characteristics according to the mathematical index to acquire the data characteristics of the original data in the first database.
Optionally, when the mathematical indicator is a missing value, the computer device may obtain, according to the original data in the first database, a missing value of each data feature corresponding to the original data, and perform screening according to the first target threshold, to obtain a data feature of the original data in the first database, where the missing value is smaller than the first target threshold. For example, in table 1 above, the computer device may calculate missing values of the variables one to three, and if the missing value of the variable one is smaller than the first target threshold, the variable one is a data feature acquired by the computer device. Wherein the first target threshold may be preset in the computer device by a developer.
Optionally, when the mathematical indicator is a variance, the computer device may obtain, according to the original data in the first database, a variance of each data feature corresponding to the original data, and perform screening according to the second target threshold, to obtain a data feature of the original data in the first database, where the variance is smaller than the second target threshold. For example, in table 1 above, the computer device may calculate the variance of each of the variable one to the variable three, and if the variance of the variable one is smaller than the second target threshold, the variable one is a data feature acquired by the computer device. Wherein the second target threshold may be preset in the computer device by a developer.
Optionally, when the mathematical index is a standard deviation, the computer device may obtain, according to the original data in the first database, respective standard deviations of data features corresponding to the original data, and perform screening according to a third target threshold, to obtain a data feature of the original data in the first database, where the standard deviation is greater than the third target threshold. For example, in table 1 above, the computer device may calculate respective standard deviations of the first variable to the third variable, and if the standard deviation of the first variable is greater than the third target threshold, the first variable is a data feature acquired by the computer device. Wherein the third target threshold may be preset in the computer device by a developer.
In a possible implementation manner, the above mathematical indicators may also include missing values and variances; the computer device may obtain data features of which the missing value is smaller than a first target threshold and the variance is larger than a second target threshold. In table 1, the computer device may calculate the missing value and the variance of each of the first variable to the third variable, and if the missing value of the first variable is smaller than the first target threshold and the variance of the first variable is larger than the second target threshold, the first variable is a data feature acquired by the computer device. Optionally, the data characteristics obtained by the computer device may also be filtered by matching with one or more other mathematical indicators, which is not limited in this application and is not further exemplified herein.
Optionally, in the computer device, the data transmission port for acquiring the data characteristics of the original data in the first database is a unidirectional transmission port. That is, in a computer device, data is allowed to be transmitted in one direction during the transmission of data features. Before this step, the method further comprises: and acquiring a third data index, and suspending the currently executed step in response to the third data index being larger than a third index threshold value. The third data index comprises one or more items of data transmission size and data transmission frequency in the process of acquiring the data characteristics of the original data in the first database. Correspondingly, the present application may further continue to perform the currently performed step in response to the third data indicator not being greater than the third indicator threshold.
In one possible implementation, the third data index includes a data transmission size during the process of obtaining the data characteristic of the original data in the first database. For example, in the process of acquiring the data characteristic, the computer device may monitor the data characteristic acquiring process through another computer program, acquire a data transmission size in the process, if the acquired data transmission size is greater than a third index threshold, it indicates that the data transmission process is abnormal, stop the step of acquiring the data characteristic of the original data in the first database, which is executed at this time, and if the acquired data transmission size is not greater than the third index threshold, it indicates that the data transmission process is normal, it may continue to execute the step of acquiring the data characteristic of the original data in the first database, which is executed at this time.
In one possible implementation, the third data indicator includes a data transmission frequency during the process of obtaining the data characteristic of the raw data in the first database. Similarly, in the process of acquiring the data characteristics, the computer device may monitor the data characteristic acquiring process through another computer program, acquire the data transmission frequency in the process, and if the acquired data transmission frequency is greater than the third index threshold, it indicates that the data transmission process is abnormal, stop the step of acquiring the data characteristics of the original data in the first database, which is executed at this time. If the acquired data transmission frequency is not greater than the third index threshold, which indicates that the data transmission process is normal, the step of acquiring the data characteristics of the original data in the first database, which is executed at this time, may be continuously executed.
In one possible implementation manner, the third data index includes a data transmission size and a data transmission frequency in the process of acquiring the data characteristics of the original data in the first database. Similarly, in the process of acquiring the data characteristic, the computer device may monitor the data characteristic acquiring process through another computer program, acquire the data transmission size and the data transmission frequency in the process, and compare the acquired data transmission size and data transmission frequency with a third indicator threshold (at this time, the third indicator threshold may include two sub-thresholds respectively used for determining the data transmission size and data transmission frequency acquired this time), if any one of the data transmission size and the data transmission frequency is greater than the third indicator threshold, it indicates that the data transmission process is abnormal, and stop the step of acquiring the data characteristic of the original data in the first database executed at this time. In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
Optionally, after the data feature of the raw data is obtained, the first gradient of the raw data is calculated according to the obtained data feature of the raw data and the raw data. For example, taking table 1 as an example, after the data features are screened, the data features that may be obtained by the computer device have a variable one and a variable three, and the computer device may calculate the first gradient of each sample according to each sample corresponding to the two data features and each sample.
And 303, performing local difference privacy LDP processing on the first gradient to obtain a first target gradient.
That is, by performing LDP processing on the first gradient obtained for each sample, a processed first gradient (also a first target gradient) is obtained.
In a possible implementation manner, the above manner of obtaining the first target gradient may be as follows, by obtaining a perturbation function, and bringing the first gradient into the perturbation function, so as to obtain the first target gradient. Wherein the perturbation function is used for performing noise adding processing on the first gradient. That is, before the computer device performs LDP processing on the first gradient, a perturbation function that needs to be used in the LDP processing process may be obtained, and the LDP processing may be performed on the first gradient through the perturbation function.
Optionally, the perturbation function may be preset by a developer, and when the perturbation function needs to be used, the perturbation function may be directly obtained from a stored location.
Alternatively, the perturbation function may be obtained by a privacy budget value. In one possible implementation, the perturbation function may be obtained as follows: obtaining a privacy budget value, wherein the privacy budget value is used for indicating the degree of adding noise to the first gradient; constructing a target formula according to the privacy budget value; acquiring a first function which accords with a target formula from a preset function list; the first function is taken as a perturbation function.
The privacy budget value is inversely proportional to the noise adding degree of the first gradient in the scheme, that is, the smaller the privacy budget value is, the greater the noise adding degree of the first gradient is, and the greater the noise added on the first gradient is. In addition, each disturbance function stored in advance may be included in the preset function list.
Alternatively, the privacy budget value may be preset by a developer. For example, the privacy budget value is preset as E, and in the process of obtaining the perturbation function, the privacy budget value E is obtained first, and the target formula is constructed through the privacy budget value. Alternatively, the target formula may be as follows:
wherein F represents a perturbation function, giDenotes the first gradient, g, of a samplei+1Denotes a first gradient of another sample, P denotes a probability, and x denotes any one value of 0 to 1.
As shown in the above formula [ 1], after obtaining the privacy budget value, the computer device may construct according to the above formula [ 1], and bring each function in the preset function list into the formula [ 1], determine a function that meets the formula [ 1], select a function from the functions that meet the formula as a perturbation function, and then add noise to the first gradient. Alternatively, the perturbation function may be randomly selected or sequentially selected, and is not limited herein.
In one possible implementation, the perturbation function has a unique corresponding relationship with the privacy budget value. For example, the first database or the computer device further stores a corresponding relationship table between the perturbation function and the privacy budget value, and after the privacy budget value is obtained, the computer device may further obtain the perturbation function corresponding to the privacy budget value by querying the corresponding relationship table. For example, please refer to table 2, which shows a table of correspondence between privacy budget values and perturbation functions according to an exemplary embodiment of the present application.
TABLE 2
| PrivacyBudget value | Disturbance function |
| E1 | F1 |
| E2 | F2 |
| E3 | F3 |
| …… | …… |
As shown in Table 2, if the computer device obtains the privacy budget value E in the above-mentioned manner2Then, the computer device may obtain the privacy budget value E according to the correspondence relationship in table 2 above2Corresponding disturbance function F2。
Optionally, the privacy budget value may also be determined according to a privacy level. For example, the computer device may obtain the privacy budget value by obtaining a privacy level and based on the privacy level. Wherein the privacy level is used to indicate a degree of privacy of the raw data in the first database. In practical application, the data stored in the databases may correspond to their own security degrees, and the higher the security degree of one database is, the more important the data of the database is, the more unavailable the data can be acquired by other attackers. Optionally, the privacy level may be set in the database in advance by a developer, and the computer device may obtain the privacy budget value corresponding to the privacy level by obtaining the privacy level.
For example, the first database or the computer device further stores a correspondence table between the privacy level and the privacy budget value, and after the privacy level is obtained, the computer device may further obtain the privacy budget value corresponding to the privacy level by querying the correspondence table. For example, please refer to table 3, which illustrates a table of correspondence between privacy levels and privacy budget values according to an exemplary embodiment of the present application.
TABLE 3
| Privacy level | Privacy budget value |
| Level one | E1 |
| Class two | E2 |
| Level three | E3 |
| …… | …… |
As shown in table 3, if the obtained privacy level of the computer device is level two, the computer device may obtain the privacy budget value E corresponding to the privacy level two according to the correspondence relationship in table 32。
In a possible implementation manner, the privacy budget value can be determined jointly according to the privacy level and the output level. Optionally, when the computer device obtains the privacy level, an output level may also be obtained, where the output level is used to indicate a credibility of an output result of the machine learning model; and acquiring a privacy precalculated value according to the privacy level and the output level.
The output level may also be regarded as a training effect of the joint model in the joint modeling process, and optionally, the output level may be preset by a developer. The higher the output level is, the better the requirement on the training effect of the combined model in the combined modeling process is, and the lower the output level is, the lower the requirement on the training effect of the combined model in the combined modeling process is. The noise added to the first gradient may be relatively greater for lower output levels and relatively less for higher output levels.
In a possible implementation manner, the first database or the computer device further stores a correspondence table between the output level, the privacy level, and the privacy budget value, and after the output level and the privacy level are obtained, the computer device may further obtain the privacy budget value corresponding to the output level and the privacy level by querying the correspondence table. For example, please refer to table 4, which shows a table of correspondence between output levels, privacy levels and privacy budget values according to an exemplary embodiment of the present application.
TABLE 4
| Output level | Privacy level | Privacy budget value |
| Level one | Level one | E1 |
| Level one | Class two | E2 |
| Class two | Level three | E3 |
| …… | …… | …… |
As shown in table 4, if the computer device obtains the first output level and the second privacy level, the computer device may obtain the privacy budget values E corresponding to the first output level and the second privacy level according to the corresponding relationship in table 32。
Optionally, during the process of obtaining the first target gradient, a second data indicator may be obtained through another program instruction in the computer device, where the second data indicator includes one or more of a data transmission size, a data transmission rate, and a data storage size during the process of obtaining the first target gradient; in response to the second data indicator being greater than the second indicator threshold, suspending the currently executing step. Wherein the data storage size is used to indicate a memory change to store the first target gradient. In addition, the present application may continue to perform the currently performed step in response to the second data indicator not being greater than the second indicator threshold.
In a possible implementation manner, when the second data indicator includes the data transmission size in the process of obtaining the first target gradient, the execution details of the second data indicator are similar to those of the third data indicator including the data transmission size in the process of obtaining the data characteristics of the original data in the first database, and are not repeated here. Optionally, when the second data index includes the data transmission frequency in the process of obtaining the first target gradient, the execution details of the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not described herein again. Optionally, when the second data index includes the data transmission frequency and the data transmission size in the process of obtaining the first target gradient, the second data index is similar to the third data index including the execution details of the data transmission frequency and the data transmission size in the process of obtaining the data characteristics of the original data in the first database, and details thereof are not repeated here.
In one possible implementation manner, the third data index includes a data transmission size, a data transmission frequency, and a data storage size in the process of acquiring the data characteristics of the original data in the first database. Similarly, in the process of acquiring the data characteristics, the computer device may monitor an acquisition process of the first target gradient through another computer program, acquire a data transmission size, a data transmission frequency, and a data storage size in the process, compare the acquired data transmission size, data transmission frequency, and data storage size with a second index threshold (at this time, the second index threshold may include three sub-thresholds respectively used for determining the data transmission size, data transmission frequency, and data storage size acquired this time), and if any one of the data transmission size, data transmission frequency, and data storage size is greater than the second index threshold, indicate that the data transmission process is abnormal, stop the step of acquiring the first target gradient executed at this time. If the data transmission size, the data transmission frequency and the data storage size are not larger than the second index threshold, the data transmission process is normal, and the step of obtaining the first target gradient executed at the moment can be continuously executed.
In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
And 304, acquiring a second target gradient, wherein the second target gradient is obtained after LDP processing is performed on the second gradient of the original data of the second database.
The second target gradient may be obtained by the computer device (another computer device) corresponding to the second database in the second database according to the manner of obtaining the first target gradient in steps 301 to 303, and then the finally obtained second target gradient is sent, so that the computer device obtaining the first target gradient also obtains the second target gradient. Optionally, the second target gradient may be sent by the another computer device actively, or may be sent by the another computer device by receiving a gradient obtaining request sent by the computer device obtaining the first target gradient in this application, and responding to the gradient obtaining request, which is not limited in this application.
In a possible implementation manner, in the process of obtaining the second target gradient, the embodiment of the present application may further obtain, through another instruction of the computer device, a first data indicator, where the first data indicator includes one or more of a data transmission size and a data transmission frequency in the process of receiving the second target gradient; and in response to the first data indicator being greater than the first indicator threshold, suspending the currently executing step. Accordingly, the present application may continue to perform the currently performed steps in response to the first data indicator not being greater than the first indicator threshold.
In a possible implementation manner, when the first data index includes the data transmission size in the process of obtaining the second target gradient, the execution details of the data transmission size in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not repeated here. Optionally, when the first data index includes the data transmission frequency in the process of obtaining the second target gradient, the execution details of the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not described herein again. Optionally, when the first data index includes the data transmission size and the data transmission frequency in the process of obtaining the second target gradient, the execution details of the data transmission size and the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not repeated here. That is to say, the computer device may monitor the data transmission size or the data transmission frequency received by itself in the process of the second target gradient sent by another computer device, and when the data index in the process is found to be not in accordance with the index threshold, stop the step of obtaining the second target gradient executed at this time.
In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
After the first target gradient and the second target gradient are obtained, the computer device can calculate the target parameter through the first target gradient and the second target gradient.
Optionally, the computer device splices according to the first target gradient and the second target gradient to obtain a splicing gradient; and calculating target parameters according to the original parameters and the splicing gradient, wherein the original parameters are default parameters of the parameters to be determined in the process of training the machine learning model.
Optionally, the first target gradient corresponding to each sample (k) in the first database obtained by the computer device may be as follows: g1, g2, g3, … … gk, the computer device may obtain the first target gradient for each sample (n-k) in the second database as follows: gk +1, gk +2, g k +3, … … gn, which the computer device can splice the first target gradient and the second target gradient, the spliced gradient J ([ g1], [ g2], [ g3], … … [ gk ]) · ([ gk +1], [ gk +2], [ g k +3], … … [ gn ]);
wherein "·" denotes a splice (splice).
And after the splicing gradient is calculated, the computer equipment calculates the target parameter according to the original parameter and the splicing gradient. For example, the calculation formula for calculating the target parameter is as follows: theta1=θ0- α J; wherein, theta1Representing a target parameter, theta0Denotes a default parameter, alpha is a learning rate of the machine learning model, theta0May be preset by a developer.
And the computer equipment brings the obtained splicing gradient into the calculation formula, so that a primary target parameter is calculated, the parameter to be determined in the machine learning model can be updated, and iterative training of the model is realized. Optionally, for a first gradient of each sample in the first database and a second gradient of each sample in the second database, the computer device may also iterate one target parameter each time, for example, the first database includes original data of a sample one and a sample two, the second database includes original data of a sample three and a sample four, the first gradient of the sample one is obtained through the first calculation and a corresponding first target gradient is obtained, and the second target gradient of the sample three is obtained, the computer device may calculate one target parameter through the two target gradients, update a parameter to be determined in the machine learning model, obtain the first gradient of the sample two and a corresponding first target gradient during a subsequent second iteration, and obtain the second target gradient of the sample four, the computer device may calculate the target parameter again through the two target gradients, and continuing to determine parameter parameters to be determined in the machine learning model until the set iteration times are reached.
Optionally, in the process of performing the model parameter obtaining, a response index may be further obtained, where the response index includes one or more of output data and a target memory variable during the process of performing the model parameter obtaining method, and the target memory is used for storing the output data; and in response to the response index exceeding the preset index range, suspending the currently executed step. Accordingly, the present application may continue to perform the currently performed step when the first data indicator is not greater than the first indicator threshold.
Optionally, through the whole joint modeling process, the output data and the corresponding target memory variation of each small module in the process may be acquired by the computer device, and when the output data is incorrect or the corresponding target memory variation is incorrect (exceeds a preset index range), an error may be considered to occur in the joint modeling process, so that the current step is suspended. When the output data or the corresponding target memory variation is within the preset index range, the combined modeling process can be considered to be normal, and the current step is continuously executed. For example, in the selection process of the data characteristics, or in the process of calculating the first gradient of the data, similarly to the above-described obtaining of the first data index, the second data index, the third data index, and the like, the computer device determines whether an error occurs in the joint model process by obtaining an output result or a target memory variation in the process, and stops operating in time.
Optionally, when the computer device includes a display module (for example, a display screen), the error information may be displayed in the display module when the currently executed step is stopped, so as to prompt the data abnormality.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
In addition, when the corresponding privacy budget value is determined through the output level and the privacy level, the performance effect of the created combined model can be flexibly lost, the efficiency of combined modeling is improved, and the selectivity of a disturbance function is expanded.
In addition, in each step process, monitoring such as a first data index, a second data index, a third data index and a response index is added, so that the safety of data in the process of training the model can be further improved, and the problem of data leakage is prevented.
Referring to fig. 4, a schematic structural diagram of an a mechanism according to an exemplary embodiment of the present application is shown. Alternatively, the a institution may be a background service system of an insurance company, a bank, and the like, and as shown in fig. 4, the a institution 400 may include a feature screening module 401 and a federal modeling module 402.
The feature screening module 401 may perform feature screening from original data stored in the system, and transmit the screened data features to the federal modeling module 402 through a one-way port, where the process includes monitoring of data transmission size and/or data transmission frequency, so as to improve data security, and the steps executed by the module may refer to the content of step 301 in the embodiment in fig. 3, which is not described herein again.
The federal modeling module 402 may receive the data characteristics sent by the characteristic screening module 401, so as to obtain the data characteristics of the original data in the database, and perform federal modeling. The federal modeling module 402 may also include monitoring of data transmission size and/or data transmission frequency and/or memory variation, so as to improve data security, and the steps executed by the module may refer to the contents of step 302 to step 305 in the embodiment of fig. 3, which are not described herein again.
It should be noted that in the prior art, federal modeling module 402 typically employs a federal artificial intelligence Technology Enabler (FATE) framework that integrates various machine learning algorithms, such as a logistic regression algorithm, a boosting algorithm, a deep learning algorithm, and the like. In addition, in order to achieve lossless training, a homomorphic encryption algorithm is generally used for encrypting and then mutually transmitting training gradients of the model, so that data leakage risks are caused. And the LDP module is used for carrying out LDP processing on the acquired gradient.
The embodiment shown in fig. 2 and 3 will be described below by way of example with the a mechanism as the master and the B mechanism as the slave. Referring to fig. 5, a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application is shown. The method can be applied to the scenario shown in fig. 1, and executed by a computer device therein, as shown in fig. 5, the model parameter obtaining method can include the following steps.
Step 501, the A organization screens out the data characteristics of the original data in the database of the A organization through a characteristic screening module.
And 502, sending the screened data characteristics to a federal modeling module by the A mechanism through a characteristic screening module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency.
At step 503, agency A calculates a first target gradient via the federal modeling module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
In step 504, the B organization screens out the data characteristics of the original data in the database of the B organization through the characteristic screening module.
And 505, sending the screened data characteristics to a federal modeling module by the B organization through a characteristic screening module.
In step 506, the agency B sends the calculated second target gradient to the agency a through the federal modeling module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
Accordingly, the A mechanism receives the second target gradient sent by the B mechanism.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
And 507, performing combined modeling by the organization A through a federal modeling module.
Optionally, the implementation manner of obtaining the first target gradient by the mechanism a may refer to the description of obtaining the first target gradient in the embodiment of fig. 3, and details are not repeated here. The structure of the mechanism B is the same as that of the mechanism A, and the implementation modes of the mechanism B and the mechanism A are the same.
It should be noted that the embodiment of the present application is not limited to joint modeling between two mechanisms, and in actual implementation, joint modeling between three or more mechanisms may also adopt the method provided by the present application, and details are not described here.
In summary, in the present application, a first gradient of the original data in the first database of the mechanism a is obtained; and carrying out local difference privacy LDP processing on the first gradient to obtain a first target gradient, obtaining a second target gradient calculated in the mechanism B, and calculating a target parameter according to the first target gradient and the second target gradient, wherein the target parameter is a parameter to be determined for training a machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database of the mechanism A, the second target gradient is obtained by performing LDP processing on the second gradient of the original data in the second database of the mechanism B through the mechanism B, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient and the second target gradient, and because the first gradient and the second gradient are disturbed through the LDP, the differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the databases of the mechanism A and the mechanism B is reduced, and the safety of data in the combined modeling process is improved.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Referring to fig. 6, a block diagram of a model parameter obtaining apparatus according to an exemplary embodiment of the present application is shown. The model parameter acquiring apparatus 600 may be used in the computer device to execute all or part of the steps executed by the camera module in the method provided by the embodiment shown in fig. 2, fig. 3, or fig. 5. The model parameter obtaining device 600 may include the following modules:
an obtaining module 601, configured to obtain a first gradient of original data in a first database; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient;
and the processing module 602 is configured to calculate a target parameter according to the first target gradient, where the target parameter is a parameter to be determined for training the machine learning model.
Optionally, the obtaining module 601 is configured to,
acquiring a disturbance function, wherein the disturbance function is used for carrying out noise adding processing on the first gradient;
and substituting the first gradient into the disturbance function to obtain a first target gradient.
Optionally, the obtaining module 601 is specifically configured to,
obtaining a privacy budget value, wherein the privacy budget value is used for indicating the degree of adding noise to the first gradient;
constructing a target formula according to the privacy budget value;
acquiring a first function which accords with a target formula from a preset function list;
the first function is taken as a perturbation function.
Optionally, the obtaining module 601 is specifically configured to,
acquiring a privacy level, wherein the privacy level is used for indicating the privacy degree of original data in a first database;
and acquiring a privacy budget value according to the privacy level.
Optionally, the obtaining module 601 is further configured to,
acquiring an output level, wherein the output level is used for indicating the credibility of an output result of the machine learning model;
the obtaining module 601 is specifically configured to obtain the privacy budget value according to the privacy level and the output level.
Optionally, the machine learning model is a longitudinal federal learning model, and the obtaining module 601 is further configured to,
before the processing module 602 calculates the target parameter according to the first target gradient, a second target gradient is obtained after performing LDP processing on a second gradient of the original data of the second database;
a processing module 602 for, in response to the request,
and calculating the target parameter according to the first target gradient and the second target gradient.
Optionally, the processing module 602 is specifically configured to:
splicing according to the first target gradient and the second target gradient to obtain a splicing gradient;
and calculating target parameters according to the original parameters and the splicing gradient, wherein the original parameters are default parameters of the parameters to be determined in the process of training the machine learning model.
Optionally, the obtaining module 601 is further configured to,
acquiring a first data index, wherein the first data index comprises one or more items of data transmission size and data transmission frequency in the process of receiving the second target gradient;
in response to the first data indicator being greater than the first indicator threshold, suspending the currently executing step.
Optionally, the obtaining module 601 is further configured to,
before the processing module 602 calculates the target parameter according to the first target gradient, obtaining a second data indicator, where the second data indicator includes one or more of a data transmission size, a data transmission rate, and a data storage size in the process of obtaining the first target gradient;
in response to the second data indicator being greater than the second indicator threshold, suspending the currently executing step.
Optionally, the obtaining module 601 is specifically configured to,
acquiring data characteristics of original data in a first database;
the processing module 602 is further configured to calculate a first gradient of the raw data according to the raw data and the data characteristics of the raw data.
Optionally, the obtaining module 601 is specifically configured to,
acquiring respective mathematical indexes of each data characteristic corresponding to the original data according to the original data in the first database; the mathematical index is one or more of missing value, variance and standard deviation;
the processing module 602 is configured to filter each data feature according to the mathematical index, and obtain a data feature of the original data in the first database.
Optionally, the data transmission port for acquiring the data characteristics of the original data in the first database is a unidirectional transmission port;
the obtaining module 601 is further configured to,
before screening each data characteristic according to the mathematical index and acquiring the data characteristic of the original data in the first database, acquiring a third data index, wherein the third data index comprises one or more items of data transmission size and data transmission frequency in the process of acquiring the data characteristic of the original data in the first database;
the processing module 602 is further configured to suspend the currently executed step in response to the third data indicator being greater than the third indicator threshold.
Optionally, the mathematical index includes a missing value and a variance;
an obtaining module 601, configured to specifically remove data features of which missing values are greater than a first target threshold and variances are smaller than a second target threshold from each data feature;
and acquiring the data characteristics of the original data in the first database.
Optionally, the obtaining module 601 is further configured to,
acquiring a response index, wherein the response index comprises one or more items of output data and target memory variable quantity in the process of executing the model parameter acquisition method, and the target memory is used for storing the output data;
the processing module 602 is further configured to suspend the currently executed step in response to the response index exceeding the preset index range.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
Fig. 7 is a schematic structural diagram of a computer device according to an exemplary embodiment of the present application. As shown in fig. 7, the computer device 700 includes a Central Processing Unit (CPU) 701, a system Memory 704 including a Random Access Memory (RAM) 702 and a Read Only Memory (ROM) 703, and a system bus 705 connecting the system Memory 704 and the CPU 701. The computer device 700 also includes a basic Input/Output System (I/O) 708 for facilitating information transfer between devices within the computer, and a mass storage device 707 for storing an operating System 712, application programs 713, and other program modules 714.
The basic input/output system 706 comprises a display 708 for displaying information and an input device 709, such as a mouse, keyboard, etc., for a user to input information. Wherein the display 708 and input device 709 are connected to the central processing unit 701 through an input output controller 710 coupled to the system bus 705. The basic input/output system 706 may also include an input/output controller 710 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 710 may also provide output to a display screen, a printer, or other type of output device.
The mass storage device 707 is connected to the central processing unit 701 through a mass storage controller (not shown) connected to the system bus 705. The mass storage device 707 and its associated computer-readable media provide non-volatile storage for the computer device 700. That is, the mass storage device 707 may include a computer-readable medium (not shown) such as a hard disk or a CD-ROM (Compact disk Read-Only Memory) drive.
The computer readable media may include computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM (Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other solid state Memory technology, CD-ROM, DVD (Digital Video Disc) or other optical, magnetic, tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 704 and mass storage device 707 described above may be collectively referred to as memory.
The computer device 700 may be connected to the internet or other network devices through a network interface unit 711 connected to the system bus 705.
The memory further includes one or more programs, the one or more programs are stored in the memory, and the central processing unit 701 implements all or part of the steps performed by the computer device in the methods provided by the above embodiments of the present application by executing the one or more programs.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., Digital Video Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It should be noted that: in the model parameter obtaining method provided in the foregoing embodiment, the steps executed by the pixel module and the terminal are only illustrated in the foregoing embodiments, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable storage medium. Computer-readable storage media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only exemplary of the present application and should not be taken as limiting, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (17)
1. A method for obtaining model parameters, the method comprising:
acquiring a first gradient of original data in a first database;
performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training a machine learning model.
2. The method of obtaining model parameters according to claim 1, wherein the LDP processing the first gradient to obtain a first target gradient comprises:
obtaining a disturbance function, wherein the disturbance function is used for carrying out noise adding processing on the first gradient;
and substituting the first gradient into the disturbance function to obtain the first target gradient.
3. The model parameter acquisition method of claim 2, wherein the acquiring a perturbation function comprises:
obtaining a privacy budget value, wherein the privacy budget value is used for indicating the degree of adding noise to the first gradient;
constructing a target formula according to the privacy budget value;
acquiring a first function which accords with the target formula from a preset function list;
taking the first function as the perturbation function.
4. The model parameter obtaining method according to claim 3, wherein the obtaining of the privacy budget value includes:
obtaining a privacy level, wherein the privacy level is used for indicating the confidentiality degree of original data in the first database;
and acquiring the privacy budget value according to the privacy level.
5. The model parameter acquisition method of claim 4, further comprising:
obtaining an output level, wherein the output level is used for indicating the credibility of an output result of the machine learning model;
the obtaining the privacy budget value according to the privacy level includes:
and acquiring the privacy budget value according to the privacy level and the output level.
6. The method of obtaining model parameters according to claim 1, wherein the machine learning model is a longitudinal federal learning model, and further comprises, before the calculating target parameters according to the first target gradient:
acquiring a second target gradient, wherein the second target gradient is obtained after LDP processing is carried out on a second gradient of original data of a second database;
calculating a target parameter according to the first target gradient, comprising:
calculating the target parameter according to the first target gradient and the second target gradient.
7. The model parameter acquisition method of claim 6, wherein said calculating the target parameter from the first target gradient and the second target gradient comprises:
splicing according to the first target gradient and the second target gradient to obtain a splicing gradient;
and calculating the target parameters according to original parameters and the splicing gradient, wherein the original parameters are default parameters of the parameters to be determined in the process of training the machine learning model.
8. The model parameter acquisition method of claim 6, further comprising:
acquiring a first data index, wherein the first data index comprises one or more of data transmission size and data transmission frequency in the process of receiving the second target gradient;
in response to the first data indicator being greater than a first indicator threshold, suspending the currently executing step.
9. The model parameter acquisition method of claim 1, prior to said calculating target parameters from said first target gradient, further comprising:
acquiring a second data index, wherein the second data index comprises one or more of data transmission size, data transmission rate and data storage size in the process of acquiring the first target gradient;
suspending the currently executed step in response to the second data indicator being greater than a second indicator threshold.
10. The model parameter acquisition method of claim 1, wherein said acquiring a first gradient of raw data in a first database comprises:
acquiring data characteristics of original data in the first database;
calculating a first gradient of the raw data according to the raw data and data characteristics of the raw data.
11. The method of claim 10, wherein the obtaining data characteristics of the raw data in the first database comprises:
according to original data in the first database, acquiring respective mathematical indexes of each data characteristic corresponding to the original data, wherein the mathematical indexes are one or more of missing values, variances and standard deviations;
and screening the data characteristics according to the mathematical indexes to obtain the data characteristics of the original data in the first database.
12. The model parameter obtaining method according to claim 10, wherein the data transmission port for obtaining the data characteristics of the original data in the first database is a unidirectional transmission port;
before the screening of the data features according to the mathematical index to obtain the data features of the original data in the first database, the method further includes:
acquiring a third data index, wherein the third data index comprises one or more of data transmission size and data transmission frequency in the process of acquiring data characteristics of original data in the first database;
in response to the third data metric being greater than a third metric threshold, suspending the currently executing step.
13. The model parameter acquisition method according to claim 11, wherein the mathematical index includes a missing value and a variance;
the screening of the data characteristics according to the mathematical index to obtain the data characteristics of the original data in the first database includes:
and acquiring the data characteristics of which the missing value is smaller than a first target threshold and the variance is larger than a second target threshold in the data characteristics.
14. The model parameter acquisition method according to any one of claims 1 to 13, characterized in that the method further comprises:
acquiring a response index, wherein the response index comprises one or more of output data and target memory variable quantity in the process of executing the model parameter acquisition method, and the target memory is used for storing the output data;
and in response to the response index exceeding a preset index range, suspending the currently executed step.
15. A model parameter acquisition apparatus, characterized in that the apparatus comprises:
the acquisition module is used for acquiring a first gradient of the original data in the first database; performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and the processing module is used for calculating a target parameter according to the first target gradient, wherein the target parameter is a parameter to be determined for training a machine learning model.
16. A computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, causes the processor to implement the model parameter acquisition method of any one of claims 1 to 14.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the model parameter acquisition method according to any one of claims 1 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011399934.9A CN112434323A (en) | 2020-12-01 | 2020-12-01 | Model parameter obtaining method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011399934.9A CN112434323A (en) | 2020-12-01 | 2020-12-01 | Model parameter obtaining method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112434323A true CN112434323A (en) | 2021-03-02 |
Family
ID=74692057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011399934.9A Pending CN112434323A (en) | 2020-12-01 | 2020-12-01 | Model parameter obtaining method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112434323A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836679A (en) * | 2021-10-14 | 2021-12-24 | 国网湖南省电力有限公司 | Method and device for identifying fragile line combination in N-K attack mode |
| CN116679615A (en) * | 2023-08-03 | 2023-09-01 | 中科航迈数控软件(深圳)有限公司 | Optimization method and device of numerical control machining process, terminal equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330516A (en) * | 2016-04-29 | 2017-11-07 | 腾讯科技(深圳)有限公司 | Model parameter training method, apparatus and system |
| CN109684855A (en) * | 2018-12-17 | 2019-04-26 | 电子科技大学 | A kind of combined depth learning training method based on secret protection technology |
| CN110135185A (en) * | 2018-02-08 | 2019-08-16 | 苹果公司 | The machine learning of privatization is carried out using production confrontation network |
| CN110222087A (en) * | 2019-05-15 | 2019-09-10 | 平安科技(深圳)有限公司 | Feature extracting method, device and computer readable storage medium |
| CN111723404A (en) * | 2020-08-21 | 2020-09-29 | 支付宝(杭州)信息技术有限公司 | Method and device for jointly training business model |
| CN111898682A (en) * | 2020-07-31 | 2020-11-06 | 平安科技(深圳)有限公司 | Method and device for correcting new model based on multiple source models and computer equipment |
-
2020
- 2020-12-01 CN CN202011399934.9A patent/CN112434323A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330516A (en) * | 2016-04-29 | 2017-11-07 | 腾讯科技(深圳)有限公司 | Model parameter training method, apparatus and system |
| CN110135185A (en) * | 2018-02-08 | 2019-08-16 | 苹果公司 | The machine learning of privatization is carried out using production confrontation network |
| CN109684855A (en) * | 2018-12-17 | 2019-04-26 | 电子科技大学 | A kind of combined depth learning training method based on secret protection technology |
| CN110222087A (en) * | 2019-05-15 | 2019-09-10 | 平安科技(深圳)有限公司 | Feature extracting method, device and computer readable storage medium |
| CN111898682A (en) * | 2020-07-31 | 2020-11-06 | 平安科技(深圳)有限公司 | Method and device for correcting new model based on multiple source models and computer equipment |
| CN111723404A (en) * | 2020-08-21 | 2020-09-29 | 支付宝(杭州)信息技术有限公司 | Method and device for jointly training business model |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113836679A (en) * | 2021-10-14 | 2021-12-24 | 国网湖南省电力有限公司 | Method and device for identifying fragile line combination in N-K attack mode |
| CN113836679B (en) * | 2021-10-14 | 2024-02-23 | 国网湖南省电力有限公司 | Method and device for identifying vulnerable line combination in N-K attack mode |
| CN116679615A (en) * | 2023-08-03 | 2023-09-01 | 中科航迈数控软件(深圳)有限公司 | Optimization method and device of numerical control machining process, terminal equipment and storage medium |
| CN116679615B (en) * | 2023-08-03 | 2023-10-20 | 中科航迈数控软件(深圳)有限公司 | Optimization method and device of numerical control machining process, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11935142B2 (en) | Systems and methods for correlating experimental biological datasets | |
| Mardani et al. | A novel extended approach under hesitant fuzzy sets to design a framework for assessing the key challenges of digital health interventions adoption during the COVID-19 outbreak | |
| WO2020220810A1 (en) | Data fusion method and apparatus | |
| US20230039182A1 (en) | Method, apparatus, computer device, storage medium, and program product for processing data | |
| WO2020220823A1 (en) | Method and device for constructing decision trees | |
| CA2946224C (en) | Method and apparatus for automating the building of threat models for the public cloud | |
| AU2018365181B2 (en) | Building segment-specific executable program code for modeling outputs | |
| US8370371B1 (en) | Business constructs | |
| CN113157545A (en) | Method, device and equipment for processing service log and storage medium | |
| WO2021135449A1 (en) | Deep reinforcement learning-based data classification method, apparatus, device, and medium | |
| US20220091891A1 (en) | Method, device, apparatus of federated computing, and storage medium | |
| CA3115124A1 (en) | Continuous and anonymous risk evaluation | |
| US11816584B2 (en) | Method, apparatus and computer program products for hierarchical model feature analysis and decision support | |
| CN112434323A (en) | Model parameter obtaining method and device, computer equipment and storage medium | |
| US20160358259A1 (en) | Aggregating account information obtained from multiple institutions | |
| US20190188250A1 (en) | Method and system for generating and submitting a petition | |
| CN114650179A (en) | Risk data monitoring method, device and system, electronic equipment and storage medium | |
| CN107819745A (en) | The defence method and device of abnormal flow | |
| CN114297475A (en) | Object recommendation method and device, electronic equipment and storage medium | |
| WO2019148248A1 (en) | Personal record repository arrangement and method for incentivised data analytics | |
| CN106815765A (en) | A kind of asset allocation method and apparatus | |
| US20130073504A1 (en) | System and method for decision support services based on knowledge representation as queries | |
| US8356042B1 (en) | Business constructs | |
| US20230342224A1 (en) | Enforcing application programming interface limits in a document management system | |
| CN110796557A (en) | Data processing method and device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |