CN114626507A - Method, system, device and storage medium for generating confrontation network fairness analysis - Google Patents
Method, system, device and storage medium for generating confrontation network fairness analysis Download PDFInfo
- Publication number
- CN114626507A CN114626507A CN202210253524.6A CN202210253524A CN114626507A CN 114626507 A CN114626507 A CN 114626507A CN 202210253524 A CN202210253524 A CN 202210253524A CN 114626507 A CN114626507 A CN 114626507A
- Authority
- CN
- China
- Prior art keywords
- analyzed
- attribute
- generated
- network
- confrontation network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Abstract
The invention belongs to the field of machine learning, and discloses a method, a system, equipment and a storage medium for generating confrontation network fairness analysis, which comprises the following steps: analyzing attributes to be analyzed, and constructing an attribute classifier; analyzing whether a confrontation network to be analyzed can obtain a large number of generated samples; a large number of generation samples to be analyzed to generate the countermeasure network can be obtained and collected; otherwise, according to the characteristics of the generated confrontation network to be analyzed, a shadow model is built locally, the input noise of the generated confrontation network to be analyzed is optimized by the shadow model, and then the optimized noise is used for acquiring and collecting a small amount of generated samples of the generated confrontation network to be analyzed; and utilizing the attribute classifier and the attribute extraction function to realize fairness analysis of the countermeasure network to be analyzed. According to the analysis method, two analysis processes based on a large number of samples and a small number of optimized samples are constructed according to the actual use scene of the confrontation network to be analyzed and generated, and the applicability and the success rate of the confrontation network fairness analysis to be analyzed and generated are effectively improved.
Description
Technical Field
The invention belongs to the field of machine learning, and relates to a method, a system, equipment and a storage medium for generating confrontation network fairness analysis.
Background
In recent years, the research on the relevant theory of the deep generation model has made a great breakthrough. The deep generation model represented by the generation countermeasure network and the variational self-encoder not only has strong data distribution learning capability, but also provides possibility for generating high-quality data samples. In addition to being used as a data enhancement technology for small sample learning, the deep generative model also shows excellent performance on various information synthesis tasks such as video face changing, music synthesis, style conversion and the like. While the depth generation model is successfully applied to the key technical fields of medical image reconstruction, portrait enhancement, identification and the like, the fairness of the depth generation model gradually gets wide attention.
While the depth generation model is successfully applied to the key technical fields of medical image reconstruction, portrait enhancement, recognition and the like, the privacy protection problem of sensitive information such as clinical data, face photos and the like is gradually paid attention to by the public, the society and governments. Current research work shows that even if the system is operated as a black box service, training data or internal model information of a machine learning system may still be attacked in various forms, so that privacy leakage is caused, and typical data privacy-oriented model reverse attack and model privacy-oriented model extraction attack are available. The leakage of the training data can directly infringe the data privacy of the user, the leakage of the model information can cause economic loss of a service provider, and an attacker can even analyze the weakness of the stolen model and launch further attacks, such as sample attack resistance.
Therefore, the privacy protection of the training data set is enhanced by the existing generation of the countermeasure network, and the user cannot determine whether the training data set differs on certain attributes to a certain extent, such as inequality of the data set on certain attributes, and then the fairness of the generation of the countermeasure network cannot be effectively judged, while the training process of part of the machine learning model depends on the samples generated by the generation of the countermeasure network, and the machine learning model trained by the data generated by the unfair generation of the countermeasure network is likely to inherit the prejudice of sensitive attributes, such as age, gender, skin color and region, and then the machine learning model has serious discrimination effect and serious fairness problem, and further causes people to worry about the application of the machine learning model in the real world.
Disclosure of Invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and to provide a method, system, device and storage medium for generating a fairness analysis of a countermeasure network.
In order to achieve the purpose, the invention adopts the following technical scheme to realize the purpose:
in a first aspect of the present invention, a method for generating a fairness analysis of a countermeasure network includes:
s1: acquiring attributes to be analyzed, and constructing an attribute classifier of the attributes to be analyzed;
s2: acquiring a to-be-analyzed generated countermeasure network, and performing S6 when the to-be-analyzed generated countermeasure network allows at least a first preset number of generated samples to be acquired; otherwise, go to S3;
s3: acquiring the structural characteristics and the training target of the generated confrontation network to be analyzed, constructing a plurality of shadow models of the generated confrontation network to be analyzed according to the structural characteristics and the training target of the generated confrontation network to be analyzed, and constructing a training set of the plurality of shadow models according to the requirement of 0-100% by the proportion distribution of the attributes to be analyzed in the training set;
s4: acquiring input noise of the countermeasure network to be analyzed, and optimizing the input noise of the countermeasure network to be analyzed through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise;
s5: inquiring the generated confrontation network to be analyzed by optimizing the noise to obtain a second preset number of generated samples;
s6: obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through an attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed;
s7: and determining the fairness of the countermeasure network to be analyzed according to the distribution of the attributes to be analyzed in the training set of the countermeasure network to be analyzed.
Optionally, the S4 specifically includes:
s401: randomly selecting a shadow model, inputting input noise into the current shadow model, and generating a plurality of shadow generating samples of the current shadow model;
s402: obtaining the confidence coefficient of the current shadow generating sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of the current shadow generating sample as the attribute to be analyzed;
s403: constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise;
s404: and replacing the original input noise by the optimized input noise, and iterating S201-S203 until the preset iteration times are reached or the error between the predicted proportion of the attribute to be analyzed and the actual proportion of the attribute to be analyzed is in a preset range, and outputting the currently optimized input noise as the optimized noise.
Optionally, the preset attribute extraction function is a mean value calculation function.
Optionally, the loss function is a square of a difference between a predicted proportion of the attribute to be analyzed in the training set of the current shadow model and an actual proportion of the attribute to be analyzed.
Optionally, the first preset number is more than 5000, and the second preset number is 100-150.
Optionally, the structural characteristics of the confrontation network to be analyzed and generated include a network structure of the confrontation network to be analyzed and a training process, and when a plurality of shadow models of the confrontation network to be analyzed and generated are constructed according to the structural characteristics and the training targets of the confrontation network to be analyzed, the network structure, the training process and the training targets of each shadow model are the same as those of the confrontation network to be analyzed and generated.
In a second aspect of the invention, a system for generating fairness analysis of a confrontation network comprises a first obtaining module, a second obtaining module, a shadow model constructing module, an optimizing module, a query module, a distribution analysis module and a fairness analysis module; wherein:
the first acquisition module is used for acquiring the attribute to be analyzed and constructing an attribute classifier of the attribute to be analyzed;
the second acquisition module is used for acquiring the confrontation network to be analyzed, and triggering the distribution analysis module when the confrontation network to be analyzed allows at least a first preset number of generated samples to be acquired; otherwise, triggering the shadow model building module;
the shadow model building module is used for obtaining the structural characteristics and the training target of the generated confrontation network to be analyzed, building a plurality of shadow models of the generated confrontation network to be analyzed according to the structural characteristics and the training target of the generated confrontation network to be analyzed, and building a training set of the plurality of shadow models according to the requirement of 0-100% by the proportion distribution of the attributes to be analyzed in the training set;
the optimization module is used for acquiring input noise of the countermeasure network to be analyzed and optimizing the input noise of the countermeasure network to be analyzed through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise;
the query module is used for querying the generated confrontation network to be analyzed through optimizing noise to obtain a second preset number of generated samples;
the distribution analysis module is used for obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through the attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed;
and the fairness analysis module is used for determining the fairness of the confrontation network to be analyzed according to the distribution of the attributes to be analyzed in the confrontation network training set to be analyzed.
Optionally, the optimization module includes an iteration module and an iteration control module; wherein:
the iteration module is used for randomly selecting a shadow model, inputting input noise into the current shadow model and generating a plurality of shadow generating samples of the current shadow model; obtaining the confidence coefficient of each shadow generation sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of each shadow generation sample as the attribute to be analyzed; constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise;
the iteration control module is used for replacing the original input noise by the optimized input noise, and iteratively triggering the iteration module until a preset iteration frequency is reached or an error between a prediction proportion of the attribute to be analyzed and an actual proportion of the attribute to be analyzed is within a preset range, and outputting the currently optimized input noise as the optimized noise.
In a third aspect of the present invention, a computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for generating a countermeasure network fairness analysis when executing the computer program.
In a fourth aspect of the present invention, a computer readable storage medium stores a computer program which, when executed by a processor, implements the steps of the method for generating a countering network fairness analysis described above.
Compared with the prior art, the invention has the following beneficial effects:
the invention discloses a method for analyzing fairness of a generated confrontation network, which comprises the steps of constructing a plurality of shadow models of the generated confrontation network to be analyzed by constructing an attribute classifier of attributes to be analyzed when the generated confrontation network to be analyzed is only allowed to obtain a small amount of generated samples, constructing a training set of the plurality of shadow models according to the requirement of 0% -100% by using the distribution of the attributes to be analyzed in the training set, optimizing the input noise of the generated confrontation network to be analyzed by using the plurality of shadow models and the attribute classifier of the attributes to be analyzed to obtain optimized noise, further inquiring the generated confrontation network to be analyzed by using the optimized noise to obtain a small amount of generated samples which are used as the analysis basis of the fairness of the generated confrontation network to be analyzed, then obtaining the confidence coefficient of each generated sample as the attributes to be analyzed by using the attribute classifier of the attributes to be analyzed, and combining a preset attribute extraction function, and finally, determining the fairness of the antagonistic network to be generated through analysis according to the distribution of the attributes to be analyzed in the antagonistic network training set to be generated through analysis. The method is based on the basic principle that the distribution of generated samples is similar to the distribution of a bottom data set, the generated samples are collected through a shadow model, the input noise is optimized through the shadow model, the inquiry times of a countermeasure network to be analyzed are greatly reduced, the usability of the method is improved, then an attribute classifier related to the attributes to be analyzed is used for detecting the collected generated samples, and then the corresponding attribute extraction functions are used for completing the whole analysis process of the attributes to be analyzed in the data set. In the whole analysis process, the prior knowledge of the details of the specific parameters of the confrontation network to be analyzed and generated is not required to be acquired, and the method has extremely strong generalization performance. Meanwhile, two units with strong universality, namely an attribute classifier and an attribute extraction function, are introduced, and the incapability function can be designed according to specific contents of the attributes to be analyzed, so that the generality of analyzing different attributes to be analyzed and the confrontation network to be analyzed is ensured.
Drawings
FIG. 1 is a flow chart of a method for generating a fairness analysis of a countermeasure network according to an embodiment of the invention;
FIG. 2 is a diagram illustrating a shadow model training set construction and model training method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating a process of generating an input noise of an anti-network based on shadow model optimization according to an embodiment of the present invention;
fig. 4 is a flow chart of a male and female distribution fairness analysis performed for generating an anti-network according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention is described in further detail below with reference to the accompanying drawings:
referring to fig. 1, in an embodiment of the present invention, a method for analyzing fairness of a generation countermeasure network is provided, which can effectively analyze fairness of the generation countermeasure network on a certain attribute. Specifically, the method for analyzing fairness of the generative confrontation network comprises the following steps:
s1: and acquiring the attribute to be analyzed, and constructing an attribute classifier of the attribute to be analyzed.
Specifically, the training process of the attribute classifier is directly related to the attribute to be analyzed, and when the attribute to be analyzed is the number distribution of the data set, the task of the attribute classifier is to judge the probability that the generated sample is each number. The model structure of the attribute classifier does not directly affect the effect of the whole method, but needs to ensure enough discrimination accuracy. On the other hand, the training set of the attribute classifier does not need to be related to the confrontation network to be analyzed, and even if the training set of the confrontation network to be analyzed is MNIST, the attribute classifier can complete training by using the EMNIST variant data set, but still needs to have enough generalization capability and discrimination accuracy for the attribute to be analyzed.
S2: acquiring a to-be-analyzed generated confrontation network, and performing S6 when the to-be-analyzed generated confrontation network allows at least a first preset number of generated samples to be acquired; otherwise, S3 is performed.
Specifically, in general, the access times of the confrontation network to be analyzed and generated to the user are not limited, so that a large number of generated samples can be directly obtained for subsequent analysis; however, with the current artificial intelligence privacy problem being concerned widely, part of the artificial intelligence online service APIs have a monitoring mechanism for abnormal access, so that fewer generated samples need to be used for generating the countermeasure network to be analyzed to be protected to realize fairness analysis, and a large number of generated samples can be directly obtained and collected for generating the countermeasure network to be analyzed, so that a more accurate analysis result is realized.
Wherein the first preset number is generally set to be more than 5000.
S3: the method comprises the steps of obtaining structural characteristics and a training target of a to-be-analyzed generated countermeasure network, constructing a plurality of shadow models of the to-be-analyzed generated countermeasure network according to the structural characteristics and the training target of the to-be-analyzed generated countermeasure network, and constructing a training set of the plurality of shadow models according to the requirement of 0% -100% of the distribution of attributes to be analyzed in the training set.
The structural characteristics of the confrontation network to be analyzed comprise a network structure of the confrontation network to be analyzed and a training process, and when a plurality of shadow models of the confrontation network to be analyzed are constructed according to the structural characteristics and the training target of the confrontation network to be analyzed, the network structure, the training process and the training target of each shadow model are the same as those of the confrontation network to be analyzed.
Specifically, common generative countermeasure network structures include PGGAN (progressive generation countermeasure network), DCGAN (deep convolution generation countermeasure network), and wgang (modified WGAN), etc., and according to the network structure and the training process of the generative countermeasure network to be analyzed, the shadow model should also conform to the corresponding network structure and the training process.
The training target of the shadow model needs to be consistent with the confrontation network to be analyzed, but the data sets can be different, and the attribute characteristics of the shadow model need to be adjusted continuously in the process of training the shadow model. Specifically, the training target for generating the countermeasure network refers to a normal use scenario to be analyzed for generating the countermeasure network, such as generating a human face, generating patient data, generating human attributes, and the like. The training data sets may be different in that they do not require more detail to be analyzed to generate the countermeasure network, and therefore the analysis process does not know the training set information to be analyzed to generate the countermeasure network.
The training process of the shadow model needs to control the attribute characteristic requirements of the training set of the shadow model: and controlling the data distribution ratio of the training set of the shadow model according to the attribute to be analyzed, for example, if the attribute to be analyzed is the male-female ratio of the data set, the male ratio of the training set of the shadow model should be controlled to be 0-100%.
S4: and acquiring input noise of the antagonistic network to be analyzed and generated, and optimizing the input noise of the antagonistic network to be analyzed and generated through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise.
The method comprises the following steps of obtaining input noise of a to-be-analyzed generated countermeasure network, optimizing the input noise of the to-be-analyzed generated countermeasure network through a plurality of shadow models and attribute classifiers of to-be-analyzed attributes, and obtaining optimized noise, wherein the step of obtaining the optimized noise comprises the following steps:
s401: randomly selecting a shadow model, inputting input noise into the current shadow model, and generating a plurality of shadow generating samples of the current shadow model.
S402: and obtaining the confidence coefficient of the current shadow generating sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model by a preset attribute extraction function according to the confidence coefficient of the current shadow generating sample as the attribute to be analyzed.
S403: and constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing the input noise through the loss function to obtain the optimized input noise.
S404: and replacing the original input noise by the optimized input noise, and iterating S201-S203 until the preset iteration times are reached or the error between the predicted proportion of the attribute to be analyzed and the actual proportion of the attribute to be analyzed is in a preset range, and outputting the currently optimized input noise as the optimized noise.
Specifically, the optimization process is composed of four parts: the method comprises the steps of inputting noise, generating a countermeasure network, an attribute classifier and an attribute extraction function, and constructing a loss function by utilizing the actual proportion of the attribute to be analyzed corresponding to the attribute extraction function and the shadow model when different shadow models are used through an optimization process consisting of four parts, so that the optimization process of the input noise is realized. Specifically, the optimization goal for the input noise is to make the sum of the deviations of the predicted proportion of the attribute to be analyzed, which is estimated by the optimization noise, and the actual proportion of the attribute to be analyzed as small as possible for all the shadow models, the optimization process can extract only one shadow model at a time to complete the back propagation, and the forward propagation process is to give the extracted shadow model a squared difference value between the predicted proportion of the attribute to be analyzed, which is inferred by the optimization noise calculation, and the actual proportion of the attribute to be analyzed.
S5: and inquiring the generated countermeasure network to be analyzed by optimizing the noise to obtain a second preset number of generated samples.
Specifically, the optimized noise is utilized to query the generated confrontation network under analysis, a second preset number of generated samples based on the optimized noise is obtained and collected, and the second preset number is generally set to be 100-150.
S6: and obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through an attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed.
Specifically, the attribute classifier performs attribute acquisition on each sample generated by the generation countermeasure network, and the attribute extraction function can obtain the overall distribution of the underlying data set of the target model by using the attributes of each individual sample. One possible attribute extraction function may be a mean calculation function for averaging the confidence of each individual sample. For example, if it is desired to obtain the proportion of males in the data set to be analyzed to generate the confrontation network, the attribute extraction function may be weighted average of the confidence levels of the attribute classifiers of each single generated sample that are determined to be males, where the attribute extraction function is an average calculation function.
S7: and determining the fairness of the countermeasure network to be analyzed according to the distribution of the attributes to be analyzed in the training set of the countermeasure network to be analyzed.
Specifically, fairness of the to-be-analyzed generated confrontation network is determined based on distribution of to-be-analyzed attributes in the to-be-analyzed generated confrontation network training set, and if the to-be-analyzed attributes are males, whether fairness on gender attributes of the to-be-analyzed generated confrontation network training set is judged according to whether the proportion of the males in the to-be-analyzed generated confrontation network training set is 50% or not.
In summary, the method for analyzing fairness of a spanning network of the present invention constructs a plurality of shadow models of the spanning network to be analyzed by constructing an attribute classifier of the attribute to be analyzed when the spanning network to be analyzed is allowed to obtain only a small number of spanning samples, constructs a training set of the plurality of shadow models according to the requirement of 0% -100% of the distribution of the attribute to be analyzed in the training set, optimizes the input noise of the spanning network to be analyzed by the plurality of shadow models and the attribute classifier of the attribute to be analyzed to obtain the optimized noise, further queries the spanning network to be analyzed by the optimized noise to obtain a small number of spanning samples, and uses the generated samples as the analysis basis of fairness of the spanning network to be analyzed, then obtains the confidence coefficient of each spanning sample as the attribute to be analyzed by the attribute classifier of the attribute to be analyzed, and combines the preset attribute extraction function, and finally, determining the fairness of the to-be-analyzed generated confrontation network according to the distribution of the to-be-analyzed attributes in the to-be-analyzed generated confrontation network training set.
The method is based on the basic principle that the distribution of generated samples is similar to the distribution of a bottom data set, the generated samples are collected through a shadow model, the input noise is optimized through the shadow model, the inquiry times of a countermeasure network to be analyzed are greatly reduced, the usability of the method is improved, then an attribute classifier related to the attributes to be analyzed is used for detecting the collected generated samples, and then the corresponding attribute extraction functions are used for completing the whole analysis process of the proportion of the attributes to be analyzed in the data set. In the whole analysis process, the prior knowledge of the details of the specific parameters of the confrontation network to be analyzed and generated is not required to be acquired, and the method has extremely strong generalization performance. Meanwhile, two units with extremely strong universality, namely an attribute classifier and an attribute extraction function, are introduced, and the function incapability can be designed according to specific contents of the attributes to be analyzed, so that the generality of analyzing different attributes to be analyzed and the generated countermeasure network to be analyzed is ensured.
The fairness of the confrontation network can be effectively audited and generated, for example, in the field of face generation, on one hand, the fairness of the confrontation network can be generated through visual reaction of the bottom attribute of the training data set which can be obtained by the method, and if the proportion of men and women in the training set is extremely unbalanced through audit, the generated confrontation network has serious gender discrimination; on the other hand, generation of many models is now expected to build richer data sets using generated samples for generating confrontation networks, which would lead to further inequality of subsequent applications if there were discrimination and unfairness in generating confrontation networks. Therefore, the method can well realize fairness audit work on the generation countermeasure network, and further guarantee that discrimination does not exist in the deep generation model and subsequent application thereof.
Meanwhile, the method has low requirement on the generated countermeasure network to be analyzed, the attribute privacy analysis method can be applied to the existing generation countermeasure networks such as PGGAN (progressively growing generation countermeasure network), DCGAN (deep convolution generation countermeasure network) and WGANGP (improved WGAN), and the key of the analysis process lies in high accuracy and high generalization of the attribute classifier.
Referring to fig. 2, in yet another embodiment of the present invention, DCGAN trained on an MNIST data set (only including numbers 0 and 1) is used as a to-be-analyzed generated countermeasure network, a ratio of number 0 and number 1 in the training data set is used as an attribute to be analyzed, and a construction process of a shadow model in the method for generating fairness analysis of the countermeasure network is as follows:
firstly, the training task of generating the confrontation network according to the analysis to be generated is to generate a number 0 and a number 1, and the confrontation network to be analyzed is DCGAN, the structure of the shadow model is determined to use DCGAN, and the data set uses a variant digital data set EMNIST. Secondly, according to the basic situation of the generation sample of the generated countermeasure network to be analyzed, the approximate range of the distribution of the data set is analyzed, and generally, 0% to 100% can be directly selected. And finally, controlling and recording the digital distribution using the training set by using the selected model structure DCGAN and the training data set EMNIST, wherein the interval of the digital distribution is required to be 10%, and 15 to 20 shadow models are generated in each proportion. Specifically, when the setting range is 0% to 100%, the proportion of the bottom layer needs to be controlled to be 0: 100, 10: 90, 20: 80, 30: 70, 40: 60, 50: 50, 60: 40, 70: 30, 80: 20, 90: 10, 100: 0, and 20 shadow models are trained per training set distribution.
Referring to FIG. 3, a specific flow of optimizing input noise using a shadow model is shown. The forward feedback process of the input noise is consistent with the analysis process of the countermeasure network to be analyzed and generated, and the feedback process of the optimized noise depends on the reverse gradient of the forward feedback to solve. When a feedback optimization process is constructed, a loss function is required to be relied on, the loss function can be constructed by using the analysis result of the attribute extraction function and the real bottom layer attribute of the shadow model, and the square of the difference between the prediction proportion of the attribute to be analyzed and the actual proportion of the attribute to be analyzed in the training set of the shadow model can be used. In the feedback optimization process, the shadow model used for feedback can be continuously replaced, and the loss function is constructed by using the bottom layer attribute corresponding to the new shadow model to finish gradient reduction.
Referring to fig. 4, in another embodiment of the present invention, the method for generating a confrontation network fairness analysis method includes the following steps:
first, the input noise to be analyzed to generate the countermeasure network may be random (corresponding to an analysis algorithm using a large number of samples), or may be optimized noise obtained through optimization. Secondly, a series of generated samples generated by the generated confrontation network to be analyzed are obtained and collected, and the possibility that the generated samples are male is judged by using the attribute classifier. Specifically, the attribute classifier is a gender classifier, and can return the possibility that the face is male for the input sample with high accuracy and high generalization. And finally, synthesizing the analysis result of each generated sample by using an attribute extraction function to obtain the gender distribution analysis result of the data set. Specifically, the attribute extraction function may select an averaging function, that is, an average value is calculated for the probability that each generated sample is male, and the average value is 40%, then the analysis considers that the proportion of males and females in the data set to be analyzed to generate the confrontation network is 4: 6.
the following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. For details not disclosed in the device embodiments, reference is made to the method embodiments of the invention.
In another embodiment of the present invention, a system for generating anti-network fairness analysis is provided, which can be used to implement the method for generating anti-network fairness analysis described above, and specifically includes a first obtaining module, a second obtaining module, a shadow model constructing module, an optimizing module, a querying module, a distribution analyzing module, and a fairness analyzing module.
The first acquisition module is used for acquiring the attribute to be analyzed and constructing an attribute classifier of the attribute to be analyzed; the second acquisition module is used for acquiring the confrontation network to be analyzed, and triggering the distribution analysis module when the confrontation network to be analyzed allows at least a first preset number of generated samples to be acquired; otherwise, triggering a shadow model construction module; the shadow model building module is used for obtaining the structural characteristics and the training target of the confrontation network to be analyzed, building a plurality of shadow models of the confrontation network to be analyzed according to the structural characteristics and the training target of the confrontation network to be analyzed, and building a training set of the plurality of shadow models according to the requirement of 0-100% of the distribution of the attributes to be analyzed in the training set; the optimization module is used for acquiring input noise of the countermeasure network to be analyzed, and optimizing the input noise of the countermeasure network to be analyzed through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise; the query module is used for querying the generated confrontation network to be analyzed by optimizing noise to obtain a second preset number of generated samples; the distribution analysis module is used for obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through the attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed; the fairness analysis module is used for determining the fairness of the confrontation network to be analyzed according to the distribution of the attributes to be analyzed in the confrontation network training set to be analyzed.
In a possible implementation, the optimization module is specifically configured to: randomly selecting a shadow model, inputting input noise into the current shadow model, and generating a plurality of shadow generating samples of the current shadow model; obtaining the confidence coefficient of the current shadow generating sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of the current shadow generating sample as the attribute to be analyzed; constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise; and replacing the original input noise by the optimized input noise, and iterating the steps until the preset iteration times are reached or the error between the predicted proportion of the attribute to be analyzed and the actual proportion of the attribute to be analyzed is within a preset range, and outputting the currently optimized input noise as the optimized noise.
In a possible embodiment, the preset attribute extraction function is a mean value calculation function.
In one possible embodiment, the loss function is a square of a difference between a predicted proportion of the attribute to be analyzed in the training set of the current shadow model and an actual proportion of the attribute to be analyzed.
In a possible embodiment, the first predetermined number is greater than or equal to 5000, and the second predetermined number is 100 to 150.
In a possible implementation manner, the structural characteristics of the countermeasure network to be analyzed include a network structure of the countermeasure network to be analyzed and a training process, and when a plurality of shadow models of the countermeasure network to be analyzed are constructed according to the structural characteristics and the training target of the countermeasure network to be analyzed, the network structure, the training process and the training target of each shadow model are all the same as those of the countermeasure network to be analyzed.
In one possible embodiment, the optimization module comprises an iteration module and an iteration control module; wherein: the iteration module is used for randomly selecting a shadow model, inputting input noise into the current shadow model and generating a plurality of shadow generating samples of the current shadow model; obtaining the confidence coefficient of each shadow generation sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of each shadow generation sample as the attribute to be analyzed; constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise; the iteration control module is used for replacing the original input noise by the optimized input noise, and iteratively triggering the iteration module until a preset iteration frequency is reached or an error between a prediction proportion of the attribute to be analyzed and an actual proportion of the attribute to be analyzed is within a preset range, and outputting the currently optimized input noise as the optimized noise.
All relevant contents of each step involved in the embodiment of the foregoing method for generating an anti-network fairness analysis method can be cited to the functional description of the functional module corresponding to the system for generating an anti-network fairness analysis in the embodiment of the present invention, and are not described herein again.
The division of the modules in the embodiments of the present invention is schematic, and only one logical function division is provided, and in actual implementation, there may be another division manner, and in addition, each functional module in each embodiment of the present invention may be integrated in one processor, or may exist alone physically, or two or more modules are integrated in one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
In yet another embodiment of the present invention, a computer device is provided that includes a processor and a memory for storing a computer program comprising program instructions, the processor for executing the program instructions stored by the computer storage medium. The Processor may be a Central Processing Unit (CPU), or may be other general-purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable gate array (FPGA) or other Programmable logic device, a discrete gate or transistor logic device, a discrete hardware component, etc., which is a computing core and a control core of the terminal, and is specifically adapted to load and execute one or more instructions in a computer storage medium to implement a corresponding method flow or a corresponding function; the processor described in embodiments of the present invention may be used to generate operations for a method of countering network fairness analysis.
In still another embodiment of the present invention, the present invention further provides a storage medium, specifically a computer-readable storage medium (Memory), which is a Memory device in a computer device and is used for storing programs and data. It is understood that the computer readable storage medium herein can include both built-in storage media in the computer device and, of course, extended storage media supported by the computer device. The computer-readable storage medium provides a storage space storing an operating system of the terminal. Also, one or more instructions, which may be one or more computer programs (including program code), are stored in the memory space and are adapted to be loaded and executed by the processor. It should be noted that the computer-readable storage medium may be a high-speed RAM memory, or may be a non-volatile memory (non-volatile memory), such as at least one disk memory. One or more instructions stored in a computer-readable storage medium may be loaded and executed by a processor to perform the corresponding steps in the above embodiments with respect to generating a method for countering network fairness analysis.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (10)
1. A method for generating a fairness analysis across networks, comprising:
s1: acquiring attributes to be analyzed, and constructing an attribute classifier of the attributes to be analyzed;
s2: acquiring a to-be-analyzed generated countermeasure network, and performing S6 when the to-be-analyzed generated countermeasure network allows at least a first preset number of generated samples to be acquired; otherwise, go to S3;
s3: acquiring the structural characteristics and the training target of the generated confrontation network to be analyzed, constructing a plurality of shadow models of the generated confrontation network to be analyzed according to the structural characteristics and the training target of the generated confrontation network to be analyzed, and constructing a training set of the plurality of shadow models according to the requirement of 0-100% by the proportion distribution of the attributes to be analyzed in the training set;
s4: acquiring input noise of the countermeasure network to be analyzed, and optimizing the input noise of the countermeasure network to be analyzed through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise;
s5: inquiring the generated confrontation network to be analyzed by optimizing the noise to obtain a second preset number of generated samples;
s6: obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through an attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed;
s7: and determining the fairness of the countermeasure network to be analyzed according to the distribution of the attributes to be analyzed in the training set of the countermeasure network to be analyzed.
2. The method for generating an analysis of fairness across networks as claimed in claim 1, wherein said S4 specifically includes:
s401: randomly selecting a shadow model, inputting input noise into the current shadow model, and generating a plurality of shadow generating samples of the current shadow model;
s402: obtaining the confidence coefficient of the current shadow generating sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of the current shadow generating sample as the attribute to be analyzed;
s403: constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise;
s404: and replacing the original input noise by the optimized input noise, and iterating S201-S203 until the preset iteration times are reached or the error between the predicted proportion of the attribute to be analyzed and the actual proportion of the attribute to be analyzed is in a preset range, and outputting the currently optimized input noise as the optimized noise.
3. The method for generating a fairness analysis for a countermeasure network according to claim 1 or 2, wherein the predetermined attribute extraction function is a mean calculation function.
4. The method of generating a fairness analysis for a antagonistic network as claimed in claim 2, wherein the loss function is a square of a difference between a predicted proportion of the attributes to be analyzed in the training set of the current shadow model and an actual proportion of the attributes to be analyzed.
5. The method of claim 2, wherein the first predetermined number is greater than 5000 and the second predetermined number is 100-150.
6. The method for generating the confrontation network fairness analysis method according to claim 2, wherein the structural features of the confrontation network to be analyzed include a network structure of the confrontation network to be analyzed and a training process, and when a plurality of shadow models of the confrontation network to be analyzed are constructed according to the structural features and the training target of the confrontation network to be analyzed, the network structure, the training process and the training target of each shadow model are all the same as the confrontation network to be analyzed.
7. A generating confrontation network fairness analysis system is characterized by comprising a first acquisition module, a second acquisition module, a shadow model construction module, an optimization module, a query module, a distribution analysis module and a fairness analysis module; wherein:
the first acquisition module is used for acquiring the attribute to be analyzed and constructing an attribute classifier of the attribute to be analyzed;
the second acquisition module is used for acquiring the generated confrontation network to be analyzed, and triggering the distribution analysis module when the generated confrontation network to be analyzed allows at least a first preset number of generated samples to be acquired; otherwise, triggering the shadow model building module;
the shadow model building module is used for obtaining the structural characteristics and the training target of the generated confrontation network to be analyzed, building a plurality of shadow models of the generated confrontation network to be analyzed according to the structural characteristics and the training target of the generated confrontation network to be analyzed, and building a training set of the plurality of shadow models according to the requirement of 0-100% by the proportion distribution of the attributes to be analyzed in the training set;
the optimization module is used for acquiring input noise of the countermeasure network to be analyzed and optimizing the input noise of the countermeasure network to be analyzed through a plurality of shadow models and attribute classifiers of attributes to be analyzed to obtain optimized noise;
the query module is used for querying the generated confrontation network to be analyzed by optimizing the noise to obtain a second preset number of generated samples;
the distribution analysis module is used for obtaining the confidence coefficient of each generated sample as the attribute to be analyzed through the attribute classifier of the attribute to be analyzed, obtaining the distribution of the attribute to be analyzed in the generated samples through a preset attribute extraction function according to the confidence coefficient of each generated sample as the attribute to be analyzed, and using the distribution as the distribution of the attribute to be analyzed in the training set of the generated confrontation network to be analyzed;
and the fairness analysis module is used for determining the fairness of the confrontation network to be analyzed according to the distribution of the attributes to be analyzed in the confrontation network training set to be analyzed.
8. The system for generating a cyber-countermeasure fairness analysis system of claim 7, wherein the optimization module includes an iteration module and an iteration control module; wherein:
the iteration module is used for randomly selecting a shadow model, inputting input noise into the current shadow model and generating a plurality of shadow generating samples of the current shadow model; obtaining the confidence coefficient of each shadow generation sample as the attribute to be analyzed by adopting an attribute classifier of the attribute to be analyzed, and obtaining the prediction proportion of the attribute to be analyzed in the training set of the current shadow model through a preset attribute extraction function according to the confidence coefficient of each shadow generation sample as the attribute to be analyzed; constructing a loss function according to the prediction proportion of the attributes to be analyzed in the training set of the current shadow model and the actual proportion of the attributes to be analyzed, and optimizing input noise through the loss function to obtain optimized input noise;
the iteration control module is used for replacing the original input noise by the optimized input noise, and iteratively triggering the iteration module until a preset iteration frequency is reached or an error between a prediction proportion of the attribute to be analyzed and an actual proportion of the attribute to be analyzed is within a preset range, and outputting the currently optimized input noise as the optimized noise.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of generating a method for countering network fairness analysis as recited in any one of claims 1-7.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of generating a method for analysis of countering network fairness as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210253524.6A CN114626507A (en) | 2022-03-15 | 2022-03-15 | Method, system, device and storage medium for generating confrontation network fairness analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210253524.6A CN114626507A (en) | 2022-03-15 | 2022-03-15 | Method, system, device and storage medium for generating confrontation network fairness analysis |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114626507A true CN114626507A (en) | 2022-06-14 |
Family
ID=81901285
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210253524.6A Pending CN114626507A (en) | 2022-03-15 | 2022-03-15 | Method, system, device and storage medium for generating confrontation network fairness analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114626507A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115017290A (en) * | 2022-07-15 | 2022-09-06 | 浙江星汉信息技术股份有限公司 | File question-answering system optimization method and device based on cooperative confrontation training |
| CN116778544A (en) * | 2023-03-07 | 2023-09-19 | 浙江大学 | Face recognition privacy protection-oriented antagonism feature generation method |
| WO2024060670A1 (en) * | 2022-09-19 | 2024-03-28 | 北京沃东天骏信息技术有限公司 | Method and apparatus for training classification model, and device and storage medium |
-
2022
- 2022-03-15 CN CN202210253524.6A patent/CN114626507A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115017290A (en) * | 2022-07-15 | 2022-09-06 | 浙江星汉信息技术股份有限公司 | File question-answering system optimization method and device based on cooperative confrontation training |
| CN115017290B (en) * | 2022-07-15 | 2022-11-08 | 浙江星汉信息技术股份有限公司 | File question-answering system optimization method and device based on cooperative confrontation training |
| WO2024060670A1 (en) * | 2022-09-19 | 2024-03-28 | 北京沃东天骏信息技术有限公司 | Method and apparatus for training classification model, and device and storage medium |
| CN116778544A (en) * | 2023-03-07 | 2023-09-19 | 浙江大学 | Face recognition privacy protection-oriented antagonism feature generation method |
| CN116778544B (en) * | 2023-03-07 | 2024-04-16 | 浙江大学 | Face recognition privacy protection-oriented antagonism feature generation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114626507A (en) | Method, system, device and storage medium for generating confrontation network fairness analysis | |
| Liu et al. | Privacy-preserving object detection for medical images with faster R-CNN | |
| CN109726819B (en) | Method and device for realizing event reasoning | |
| CN113297571B (en) | Method and device for detecting backdoor attack of neural network model of facing graph | |
| Meek et al. | Structure and parameter learning for causal independence and causal interaction models | |
| CN109117742A (en) | Gestures detection model treatment method, apparatus, equipment and storage medium | |
| Herbert et al. | Analysis of data-driven parameters in game-theoretic rough sets | |
| CN113822355A (en) | Composite attack prediction method and device based on improved hidden Markov model | |
| CN116582349A (en) | Attack path prediction model generation method and device based on network attack graph | |
| CN115766104A (en) | Self-adaptive generation method based on improved Q-learning network security decision | |
| Ding et al. | Efficient BiSRU combined with feature dimensionality reduction for abnormal traffic detection | |
| Xing et al. | A hierarchical Bayesian Markovian model for motifs in biopolymer sequences | |
| Lee et al. | Word2Vec-based efficient privacy-preserving shared representation learning for federated recommendation system in a cross-device setting | |
| CN111144243B (en) | Household pattern recognition method and device based on counterstudy | |
| US20210110287A1 (en) | Causal Reasoning and Counterfactual Probabilistic Programming Framework Using Approximate Inference | |
| Thuraisingham et al. | Towards a framework for developing cyber privacy metrics: A vision paper | |
| CN112995987A (en) | Self-adaptive road network semantic position privacy protection method based on multi-objective optimization problem | |
| Rafati et al. | Efficient exploration through intrinsic motivation learning for unsupervised subgoal discovery in model-free hierarchical reinforcement learning | |
| Djiknavorian et al. | Approximation in DSm theory for fusing ESM reports | |
| Karmakar et al. | Statistical validity and consistency of big data analytics: a general framework | |
| WO2006008485A1 (en) | Generation of facial composites | |
| Manté | Application of iterated Bernstein operators to distribution function and density approximation | |
| CN113313236B (en) | Deep reinforcement learning model poisoning detection method and device based on time sequence neural pathway | |
| CN116232742B (en) | False data attack detection method, system, electronic equipment and medium based on state estimation | |
| Wu et al. | Pseudo estimation and variable selection in regression |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |