CN116150774A - Data protection model training and data protection method, device and storage medium - Google Patents
Data protection model training and data protection method, device and storage medium Download PDFInfo
- Publication number
- CN116150774A CN116150774A CN202211089109.8A CN202211089109A CN116150774A CN 116150774 A CN116150774 A CN 116150774A CN 202211089109 A CN202211089109 A CN 202211089109A CN 116150774 A CN116150774 A CN 116150774A
- Authority
- CN
- China
- Prior art keywords
- data
- loss
- output data
- sample
- correlation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Bioethics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the specification discloses a data protection model training and data protection method, a device, a storage medium and a terminal, wherein, firstly, each sample original data is input into an initial network model constructed based on a preset protection function to obtain each sample output data; then obtaining first distillation loss on the basis of the standard output data and the sample output data after processing the original data of each sample by a preset protection function; obtaining a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and finally, performing first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model. Since the calculation characteristics of the preset protection function when processing the data can be embodied in the first correlation, the first correlation between the standard output data and the second correlation between the sample output data are used for constructing the loss calculation of the training data protection model.
Description
Technical Field
The embodiment of the specification relates to the technical field of computer information security, in particular to a data protection model training and data protection method, a device and a storage medium.
Background
The artificial intelligence technology has been rapidly developed in recent years and gradually applied to various daily scenes, such as a self-service payment scene, an automatic identity verification scene, an information collection scene, etc., and when user services are automatically performed through various terminal side devices, user information needs to be collected, transmitted, processed and stored, and the user information contains a large amount of private data information, so that in order to avoid disclosure of personal private information of the user, efficient management and protection of the user information are required.
Disclosure of Invention
The embodiment of the specification provides a data protection model training and data protection method, device and storage medium, which can solve the technical problem of poor performance of a data protection model in the related art.
In a first aspect, embodiments of the present disclosure provide a data protection model training method, where the method includes:
acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function;
Obtaining standard output data after the original data of each sample are processed by the preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data;
calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation;
and constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
In a second aspect, embodiments of the present disclosure provide a data protection method, including:
responding to a data encryption request, and carrying out encryption processing on target original data based on a data encryption model to obtain target encrypted data corresponding to the target original data;
responding to a data decryption request, and performing decryption processing on the target encrypted data based on a data decryption model to obtain target decryption data corresponding to the target original data;
wherein the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method according to any one of claims 1 to 9.
In a third aspect, embodiments of the present disclosure provide a data protection model training apparatus, including:
the data acquisition module is used for acquiring at least two sample original data, inputting each sample original data into the initial network model to obtain sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function;
the first loss calculation module is used for obtaining standard output data after the original data of each sample are processed by the preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data;
a second loss calculation module for calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation;
and the first model training module is used for constructing a first loss function according to the first distillation loss and the second distillation loss, and carrying out first training on the initial network model based on the first loss function to obtain a first data protection model.
In a fourth aspect, embodiments of the present disclosure provide a data protection apparatus, the apparatus comprising:
The encryption module is used for responding to the data encryption request, and encrypting the target original data based on the data encryption model to obtain target encrypted data corresponding to the target original data;
the decryption module is used for responding to the data decryption request, and performing decryption processing on the target encrypted data based on a data decryption model to obtain target decrypted data corresponding to the target original data;
wherein the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method according to any one of claims 1 to 9.
In a fifth aspect, embodiments of the present description provide a computer program product comprising instructions which, when run on a computer or a processor, cause the computer or the processor to perform the steps of the method described above.
In a sixth aspect, the present description provides a computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the steps of the method described above.
In a seventh aspect, embodiments of the present description provide a terminal comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being adapted to be loaded by the processor and to perform the steps of the method described above.
The technical scheme provided by some embodiments of the present specification has the following beneficial effects:
the embodiment of the specification provides a training method of a data protection model, which comprises the steps of firstly constructing an initial network model based on a preset protection function, inputting original data of each sample into the initial network model, and obtaining output data of each sample; then obtaining first distillation loss on the basis of the standard output data and the sample output data after processing the original data of each sample by a preset protection function; obtaining a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and finally, performing first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model. The calculation characteristics of the preset protection function when the data are processed can be reflected in the first correlation among the standard output data after the sample original data are processed by the preset protection function, so that the first correlation among the standard output data and the second correlation among the sample output data are used for constructing the loss calculation of the training data protection model, the data protection model can be enabled to more accurately fit the calculation characteristics and the calculation capacity of the preset protection function when the data are processed from the angle of the correlation among the output data, and the more accurate data protection model is obtained.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is an exemplary system architecture diagram of a data protection model training method provided in an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart of a training method for a data protection model according to an embodiment of the present disclosure;
FIG. 3 is a schematic flow chart of a training method for a data protection model according to an embodiment of the present disclosure;
FIG. 4 is a schematic flow chart of a training method for a data protection model according to an embodiment of the present disclosure;
fig. 5 is a flow chart of a data protection method according to an embodiment of the present disclosure;
FIG. 6 is a block diagram of a training device for data protection model according to an embodiment of the present disclosure;
FIG. 7 is a block diagram of a data protection device according to an embodiment of the present disclosure;
Fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
Detailed Description
In order to make the features and advantages of the embodiments of the present specification more comprehensible, the technical solutions in the embodiments of the present specification are described in detail below with reference to the accompanying drawings in the embodiments of the present specification, and it is apparent that the described embodiments are only some embodiments of the present specification, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the embodiments herein.
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with the embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with aspects of the embodiments of the present description as detailed in the accompanying claims.
In recent years, artificial intelligence technology has been rapidly developed, and various related applications have also been developed in a large scale and gradually associated with daily life of people, such as self-service payment scenes, intelligent recommendation scenes, automatic auxiliary driving scenes, and the like. However, since the artificial intelligence algorithm generally needs to analyze based on a large amount of data, the process of user privacy data acquisition, transmission, processing and storage are often involved in the service process, and at this time, the personal privacy information of the user has a security risk of disclosure, so that the user information data needs to be protected and processed to ensure the security of the user information.
In general, when data is protected, encryption computation processing and decryption computation processing are performed on the data by a data protection function. In the field of data protection at present, from the perspective of calculating data types, the data protection strategies can be divided into two types, the first type of strategies is the data protection strategy for calculating on the basis of original data, the method is characterized in that encryption processing is carried out on the original data in the stages of transmission, storage and the like, when analysis and calculation are needed, the encryption data are firstly decrypted and restored to obtain the original data, and then calculation is carried out on the basis of the original data, so that the method can ensure the accuracy of a calculation result, but the method still faces the safety risk of information leakage in the calculation process; the second type of strategy is a data protection strategy for calculating on encrypted data, and the method is characterized in that firstly, the data is encrypted, and the subsequent data processing processes such as transmission, storage, calculation and the like are all carried out on the basis of the encrypted data, so that the strategy can ensure the safety of information data.
For private data of a user, a second type of data protection policy with better encryption performance is generally adopted to ensure data security, for example, homomorphic encryption policy is used, the data can be encrypted by homomorphic encryption and the result obtained after the calculation of the encrypted data is the same as the result obtained after the same calculation of the original data, but because the calculation amount of the homomorphic encryption algorithm is large, the calculation efficiency is low, the calculation capability requirement on operation equipment is higher, in the daily life scene, some terminal side equipment with smaller calculation capability related to the private data of the user generally exists, such as a self-service cash register and the like, which only has basic network access capability and cannot perform general calculation, the homomorphic encryption performance cannot be realized on a large scale in the equipment, and the security of the user data is threatened.
Therefore, the embodiment of the specification provides a training method for a data protection model, which includes the steps of firstly inputting original data of each sample into an initial network model constructed based on a preset protection function to obtain output data of each sample; then obtaining first distillation loss on the basis of the standard output data and the sample output data after processing the original data of each sample by a preset protection function; obtaining a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and finally, performing first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model so as to solve the technical problem of poor performance of the data protection model.
Referring to fig. 1, fig. 1 is an exemplary system architecture diagram of a data protection model training method according to an embodiment of the present disclosure.
As shown in fig. 1, the system architecture may include a terminal 101, a network 102, and a server 103. Network 102 is the medium used to provide communication links between terminals 101 and servers 103. Network 102 may include various types of wired or wireless communication links, such as: the wired communication link includes an optical fiber, a twisted pair wire, or a coaxial cable, and the Wireless communication link includes a bluetooth communication link, a Wireless-Fidelity (Wi-Fi) communication link, a microwave communication link, or the like.
Terminal 101 may interact with server 103 via network 102 to receive messages from server 103 or to send messages to server 103, or terminal 101 may interact with server 103 via network 102 to receive messages or data sent by other users to server 103. The terminal 101 may be hardware or software. When the terminal 101 is hardware, it may be various electronic devices including, but not limited to, a smart watch, a smart phone, a tablet computer, a laptop portable computer, a desktop computer, and the like. When the terminal 101 is software, it may be installed in the above-listed electronic device, and it may be implemented as a plurality of software or software modules (for example, to provide distributed services), or may be implemented as a single software or software module, which is not specifically limited herein.
In this embodiment of the present disclosure, the terminal 101 may first construct an initial network model based on a preset protection function, and input original data of each sample into the initial network model to obtain output data of each sample; then, the terminal 101 obtains a first distillation loss based on each standard output data and each sample output data after processing the original data of each sample by a preset protection function; further, the terminal 101 obtains a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and finally, performing first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model.
The server 103 may be an integrated server providing various services. The server 103 may be hardware or software. When the server 103 is hardware, it may be implemented as a distributed server cluster composed of a plurality of servers, or may be implemented as a single server. When the server 103 is software, it may be implemented as a plurality of software or software modules (for example, to provide a distributed service), or may be implemented as a single software or software module, which is not specifically limited herein.
Alternatively, the system architecture may not include the server 103, in other words, the server 103 may be an optional device in the embodiment of the present specification, that is, the method provided in the embodiment of the present specification may be applied to a system architecture including only the terminal 101, which is not limited in the embodiment of the present specification.
It should be understood that the number of terminals, networks, and servers in fig. 1 is merely illustrative, and any number of terminals, networks, and servers may be used as desired for implementation.
Referring to fig. 2, fig. 2 is a flow chart of a data protection model training method according to an embodiment of the present disclosure. The execution body of the embodiment of the present disclosure may be a terminal that executes data protection model training, or may be a processor in a terminal that executes a data protection model training method, or may be a data protection model training service in a terminal that executes a data protection model training method. For convenience of description, a specific implementation procedure of the data protection model training method will be described below by taking an example that the execution subject is a processor in the terminal.
As shown in fig. 2, the data protection model training method at least may include:
s201, acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function.
Optionally, in order to protect information data security of a user while meeting user requirements, protection processing needs to be performed on the user data, for example, data protection means such as data encryption and data desensitization are needed, and in this process, a data protection function in an algorithm adopted by a data protection strategy with a good encryption effect is generally large in calculation amount and low in calculation efficiency, so that some terminal side devices providing data services for the user cannot achieve a good data encryption effect due to low calculation power. Therefore, in order to deploy the data protection function in some low-power basic electronic devices, it is necessary to reduce the amount of computation required for performing the data protection processing and to increase the computation efficiency.
Further, as the neural network model can autonomously learn a method for solving the preset task based on the preset task, and further for some mathematical problems, compared with traditional and complicated formula calculation, the neural network model can self-learn calculation characteristics in the data processing process in continuous iterative training based on initial data and result data so as to fit the calculation effect of the formula, and as the neural network directly learns based on the calculation result, the calculation amount required by the neural network can be greatly reduced compared with the calculation amount required by the formula when the same calculation effect is achieved, namely the trained neural network model can be deployed in small calculation equipment so that the equipment has high-efficiency calculation effect through lower calculation conditions. Specifically, the type of network architecture may select a neural network suitable for operation in the end-side device, such as a lightweight network like MobileNetV 2.
Based on the above, in order to deploy an efficient data protection policy, such as a homomorphic encryption policy, in the device, a preset protection function corresponding to the efficient data protection policy may be fitted through a neural network model, so as to obtain a data protection model capable of fitting the calculation characteristics of the preset protection function. Before the initial network model is trained, the initial network model is firstly required to be built according to a specific preset protection function, so that the initial network model can be conveniently trained based on sample data. It should be noted that the preset protection function may be a preset encryption function or a preset decryption function, where the preset encryption function may be a homomorphic encryption function, the preset decryption function may be a homomorphic decryption function, and the selection of the preset protection function type is not limited to the embodiment of the present disclosure, and may be selected based on actual requirements.
Optionally, before training the initial network model, input data, that is, sample raw data, is first acquired, and then each sample raw data is input into the initial network model to obtain sample output data output by the initial network model based on the sample raw data. When the number of samples of the sample raw data is selected, the number of the sample raw data is not generally one in consideration of the training effect of the initial network model, and in consideration of the fact that the sample output data needs to be fitted with standard output data output by a preset protection function for the same sample raw data, the calculation characteristics of the preset protection function can be embodied in various ways through the standard output data, for example, the value characteristics of single output data, the correlation characteristics among a plurality of output data, the value characteristics of output data in a fixed initial data interval and the like, so that at least two sample raw data can be obtained, at least two sample output data can be output by the initial network model, and training of the initial network model based on the plurality of sample output data is facilitated.
S202, obtaining standard output data after processing original data of each sample by a preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data.
Optionally, as described in the foregoing embodiment, it may be known that the sample output data is output by the initial network model with respect to the sample raw data, then the fitting target of the sample output data is each standard output data obtained by processing the same sample raw data by the preset protection function, after obtaining the sample output data, each standard output data obtained by processing each sample raw data by the preset protection function needs to be obtained, and then each standard output data and each sample output data may be compared, and the initial network model is trained according to the data comparison result, so that the initial network model learns the calculation feature of the preset protection function based on the data comparison result.
Optionally, when the initial network model is trained, a loss function is generally constructed according to training requirements, the loss function can evaluate the degree of difference between the predicted value and the actual value output by the network model, and the optimization direction of the network model can be guided based on the loss function, so that the output of the network model is close to the standard value until the preset fitting effect is achieved. In the embodiment of the present disclosure, when constructing the loss function, the output data of each standard and the output data of each sample may be used as a part of the construction loss function, and since the input of the preset protection function and the input of the initial network model are both sample raw data, in the knowledge distillation framework, the preset protection function is used as a teacher network, the initial network model is used as a student network, and the initial network model can learn the calculation characteristics of the preset protection function, that is, based on the output data of each standard and the output data of each sample, the first distillation loss for training the initial network model may be obtained.
S203, calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation.
Optionally, the first distillation loss obtained by each sample output data and each standard output data is a loss value between the initial network model and the output data of the preset protection function, and considering that the calculation feature of the preset protection function may be not only represented in the value feature of the single output data, but also may be represented in the correlation feature between the plurality of output data, where the correlation between the plurality of output data is a relative distance between vectors corresponding to the output data, and the correlation between the plurality of output data may also represent a vector layout of the output data and position information between the output data, so further, it is further described that the first correlation between the plurality of standard output data may express the calculation feature of the preset protection function, and the second correlation between the plurality of sample output data may express the calculation feature of the initial network model, that is, after calculating the first correlation between the plurality of standard output data and the second correlation between the plurality of sample output data, the second distillation loss may be obtained based on the first correlation and the second correlation.
Alternatively, when calculating the first correlation, the number of standard output data may be various, so that the first correlation may have a certain feature to express a calculation feature of a preset protection function, for example, the first correlation may express a distance between standard output data, may express a position distribution between standard output data, or the like, and then the first correlation may be a correlation between two standard output data, may be a correlation between three standard output data, or a correlation between any number of standard output data. It should be noted that the method of calculation of the second correlation is the same as the first correlation, ensuring that the second distillation loss is used to train the reasonability of the initial network model.
S203, constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
Optionally, after the first distillation loss and the second distillation loss are obtained, an initial network model may be trained based on the first distillation loss and the second distillation loss, specifically, a first loss function is constructed according to the first distillation loss and the second distillation loss, and further, the initial network model is first trained based on the first loss function, so as to obtain a first data protection model with a first data protection model having a smaller calculated amount than a preset protection function and high data protection performance.
Optionally, when the first loss function is constructed, the sum of the first distillation loss and the second distillation loss may be used as the first loss function, different weight values of the first distillation loss and the second distillation loss may be preset based on an actual training task target, and the training gravity center of the initial network model is controlled, so that the setting of the weight values is not specifically limited in the embodiment of the present specification.
In the embodiment of the specification, a training method of a data protection model is provided, an initial network model is firstly constructed based on a preset protection function, and original data of each sample is input into the initial network model to obtain output data of each sample; then obtaining first distillation loss on the basis of the standard output data and the sample output data after processing the original data of each sample by a preset protection function; obtaining a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and finally, performing first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model. The calculation characteristics of the preset protection function when the data are processed can be reflected in the first correlation among the standard output data after the sample original data are processed by the preset protection function, so that the first correlation among the standard output data and the second correlation among the sample output data are used for constructing the loss calculation of the training data protection model, the data protection model can be enabled to more accurately fit the calculation characteristics and the calculation capacity of the preset protection function when the data are processed from the angle of the correlation among the output data, and the more accurate data protection model is obtained.
Referring to fig. 3, fig. 3 is a flow chart of a training method of a data protection model according to an embodiment of the present disclosure.
As shown in fig. 3, the data protection model training method at least may include:
s301, acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function.
For step S301, please refer to the detailed description in step S201, and the detailed description is omitted here.
S302, obtaining standard output data after processing original data of each sample by a preset protection function.
Optionally, the sample output data is output by the initial network model aiming at the sample original data, and then the fitting target of the sample output data is each standard output data after the same sample original data is processed by the preset protection function, after the sample output data is obtained, each standard output data after the sample original data is processed by the preset protection function needs to be obtained, so that the subsequent initial network model can train based on each standard output data and each sample output data.
S303, calculating first sub-distillation losses between each standard output data and sample output data corresponding to each standard output data, and taking the sum of the first sub-distillation losses as the first distillation loss.
Optionally, after obtaining each standard output data and each sample output data, a first distillation loss between the output of the preset protection function and the output of the initial network model may be calculated based on each standard output data and each sample output data, specifically, when the first distillation loss is calculated, a correspondence between the standard output data and the sample output data should be followed, where the standard output data and the sample output data are obtained by processing the same sample raw data, and further, the standard output data corresponding to the same sample raw data in the preset protection function and the sample output data in the initial network model have a correspondence therebetween.
It is easy to understand that, for the fitting of the initial network model, the training effect can be achieved only by comparing and calculating the sample output data output by the initial network model for a certain sample original data with the standard output data output by the preset protection function for the same sample original data, that is, the first sub-distillation loss between each standard output data and the sample output data corresponding to each standard output data needs to be calculated, and finally, the sum of each first sub-distillation loss is taken as the first distillation loss.
For example, when the original data of the sample has x 1 、x 2 、x 3 、x 4 Then the preset protection function processes the original data of each sample to obtain standard output data f (x) 1 )、f(x 2 )、f(x 3 )、f(x 4 ) The initial network model processes the original data of each sample to obtain sample output data F (x) 1 )、F(x 2 )、F(x 3 )、F(x 4 ) The sample original data, the standard output data and the sample output data with the same data subscript have a corresponding relation, at this time, the absolute value of the Euclidean distance between each standard output data and the sample output data corresponding to each standard output data is calculated, so as to obtain first sub-distillation losses, and the sum of the first sub-distillation losses is taken as the first distillation loss, namely,
s304, grouping the standard output data and the sample output data based on the same preset rule to obtain at least one group of standard output data groups and sample output data groups corresponding to the standard output data groups.
Alternatively, as can be seen from the description of the above embodiment, the calculation feature of the preset protection function may be embodied not only in the value feature of the single output data, but also in the correlation feature between the plurality of output data, where the correlation between the plurality of output data is the relative distance between the vectors corresponding to the output data, and can represent the vector layout of the output data and the position information between the output data, and further, the second distillation loss may be obtained based on the first correlation between the output data of each standard and the second correlation between the output data of each sample, so that the loss function of the initial network model can fit the calculation feature of the preset protection function from more angles, and the data protection performance identical to the preset protection function can be fitted more quickly.
Optionally, the first correlation and the second correlation are correlations between a plurality of data, so that the calculation of the first correlation is related to at least two standard output data and the calculation of the second correlation is related to at least two sample output data, and then in order to calculate the first correlation and the second correlation, it is necessary to group each standard output data and each sample output data to obtain at least one standard output data set and at least one sample output data set, so that the correlation calculation is performed subsequently according to each data set.
Further, since the output data of the preset protection function and the initial network model are the same sample original data, the standard output data and the sample output data corresponding to the same sample original data have a corresponding relation, and when the second distillation loss is calculated based on the first correlation and the second correlation, the loss calculation between the first correlation and the second correlation also needs to follow the corresponding relation between the standard output data and the sample output data, so that in order to ensure the corresponding relation between the first correlation and the second correlation, the standard output data and the sample output data can be grouped based on the same preset rule, and the corresponding relation between the standard output data sets and the sample output data sets still exists based on the sample original data.
For example, the sample raw data has x 1 、x 2 、x 3 、x 4 Then the standard output data is f (x 1 )、f(x 2 )、f(x 3 )、f(x 4 ) The sample output data is F (x 1 )、F(x 2 )、F(x 3 )、F(x 4 ) The standard output data is then divided into two standard output data groups (f (x) 1 ),f(x 2 ))、(f(x 3 ),f(x 4 ) Then the sample output data can be divided into two sample output data sets (F (x) 1 ),F(x 2 ))、(F(x 3 ),F(x 4 ) As can be readily appreciated, the standard output data set (f (x) 1 ),f(x 2 ) And the sample output data set (F (x) 1 ),F(x 2 ) Has a correspondence relationship, and the standard output data set (f (x) 3 ),f(x 4 ) And the sample output data set (F (x) 3 ),F(x 4 ) Has a correspondence relationship.
Optionally, for a specific preset rule for grouping, one possible implementation manner is to set a data selection area with a preset size, and divide the data in the same data selection area into the same group.
S305, respectively calculating a first correlation between standard output data in each group of standard output data sets and respectively calculating a second correlation between sample output data in each group of sample output data sets.
Alternatively, the cosine distance between vectors corresponding to two data is a local correlation, the local correlation between data may represent the relative distance position information between data, and when calculating the first correlation of each standard output data set and the second correlation of each sample output data set, the local correlation between standard output data in each standard output data set may be calculated as the first correlation, and the local correlation between sample output data in each sample output data set may be calculated as the second correlation.
For example, when the original data of the sample has x 1 、x 2 、x 3 、x 4 Then the standard output data is f (x 1 )、f(x 2 )、f(x 3 )、f(x 4 ) The sample output data is F (x 1 )、F(x 2 )、F(x 3 )、F(x 4 ) After grouping based on the same preset rule, a standard output data set (f (x) 1 ),f(x 2 ))、(f(x 3 ),f(x 4 ) And a sample output data set (F (x) 1 ),F(x 2 ))、(F(x 3 ),F(x 4 ) At this time, local correlations of the respective standard output data sets, i.e., the first correlation is R (f (x) 1 ),f(x 2 ))、R(f(x 3 ),f(x 4 ) And calculating a local correlation of each sample output data set, i.e. a second correlation being R (F (x) 1 ),F(x 2 ))、R(F(x 3 ),F(x 4 ) And) wherein the first correlation R (f (x 1 ),f(x 2 ) And a second correlation R (F (x) 1 ),F(x 2 ) Corresponding to the first correlation R (f (x) 3 ),f(x 4 ) And a second correlation R (F (x) 3 ),F(x 4 ) Corresponds to.
S306, calculating second sub-distillation losses between each first correlation and the second correlation corresponding to each first correlation, and taking the sum of the second sub-distillation losses as the second distillation loss.
Optionally, after obtaining the first correlation of the standard output data in each standard output data set and the second correlation of the sample output data in each sample output data set, comparing and calculating each first correlation with each second correlation, in a specific calculation process, since each standard output data and each sample output data have a corresponding relationship based on the original sample data, and after being grouped based on the same preset rule, each standard output data set and each sample output data set still have a corresponding relationship, then calculating a second sub-distillation loss between each first correlation and the second correlation corresponding to each first correlation, and finally taking the sum of each second sub-distillation loss as the second distillation loss.
For example, when the original data of the sample has x 1 、x 2 、x 3 、x 4 Then the standard output data is f (x 1 )、f(x 2 )、f(x 3 )、f(x 4 ) The sample output data is F (x 1 )、F(x 2 )、F(x 3 )、F(x 4 ) The standard output data set (f (x) 1 ),f(x 2 ))、(f(x 3 ),f(x 4 ) And a sample output data set (F (x) 1 ),F(x 2 ))、(F(x 3 ),F(x 4 ) And calculates a first similarity to obtain R (f (x) 1 ),f(x 2 ))、R(f(x 3 ),f(x 4 ) The second correlation is R (F (x) 1 ),F(x 2 ))、R(F(x 3 ),F(x 4 ) A second sub-distillation loss between each first correlation and a second correlation corresponding to each first correlation can be calculated based on the correspondence relationship, and the sum of each second sub-distillation loss is taken as a second distillation loss, that is,
s307, constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
Optionally, after the first distillation loss and the second distillation loss are obtained, an initial network model may be trained based on the first distillation loss and the second distillation loss, that is, a first loss function is constructed according to the first distillation loss and the second distillation loss, and then the initial network model is first trained based on the first loss function, and the initial network model is trained to be converged, so as to obtain a first data protection model with smaller calculated amount than a preset protection function and high data protection performance. Specifically, when constructing the first loss function, the sum of the first distillation loss and the second distillation loss may be taken as the first loss function.
For example, when the original data of the sample has x 1 、x 2 、x 3 、x 4 Then based on the first loss of distillation loss 1 Second loss of distillation loss 2 The first loss function may be constructed such that,
in an embodiment of the present disclosure, a data protection model training method is provided, where a sum of first sub-distillation losses between each standard output data and sample output data corresponding to each standard output data is used as a first distillation loss; and grouping the standard output data and the sample output data based on the same preset rule, ensuring the corresponding relation between the standard output data set and the sample output data set, calculating second sub-distillation losses between the first correlations and the second correlations corresponding to the first correlations based on the corresponding relation, and taking the sum of the second sub-distillation losses as the second distillation loss. The initial network model is trained based on the valued features of single output data and the correlation among a plurality of data, the calculated features of the preset protection function can be fitted from various data angles, and finally the first data protection model which is smaller than the calculated amount of the preset protection function and has the same high-efficiency data protection performance can be obtained.
Referring to fig. 4, fig. 4 is a flow chart of a training method of a data protection model according to an embodiment of the present disclosure.
As shown in fig. 4, the user software requirement processing method at least may include:
s401, acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function.
S402, obtaining standard output data after processing original data of each sample by a preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data.
S403, calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation.
S404, constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
For steps S401-S404, please refer to the detailed description in steps S201-S204, and the detailed description is omitted here.
S405, acquiring sample original data, inputting each sample original data into a first data protection model, and obtaining a first loss result based on a first loss function.
Optionally, for the first data protection model obtained by the first training, considering the complexity of the preset protection function and the diversification of the original data of the sample, in the multiple iterative training, the accuracy of the first data protection model may be higher and higher, and a large number of network parameters may be optimized in the process, and the calculation accuracy of the original data of the sample is too high, which may cause an over-fitting phenomenon in an actual scene, and a large number of network parameters also have parameters which have low calculation importance and can be ignored, so that in order to further optimize the first data protection model, the second training may be performed on the first data protection model, the network clipping may be performed on the first data protection model, and some of the negligible network parameters in the first data protection model may be removed, thereby further reducing the calculation amount of the data protection model, improving the calculation efficiency of the model and enhancing the applicability of the model in the actual scene.
Optionally, in order to ensure that the model obtained by training does not deviate too much from the trained performance in terms of performance when performing the second training on the first data protection model, the same sample raw data in the first training may be used, and the first loss function in the first training may be used as a part of the loss function in the second training to constrain the optimization direction of the data protection model in the second training, so as to optimize the calculation amount and the calculation efficiency on the premise of ensuring the data protection performance of the model. The sample original data used in the first training can be obtained, each sample original data is input into the first data protection model, a first loss result is obtained based on the first loss function, the first loss result can be used as a part of the loss function used for the second training subsequently, and the data protection performance of the model is ensured.
S406, calculating the sparse loss of the first data protection model based on the network parameters in the first data protection model.
Optionally, in order to perform network clipping on the first data protection model, remove redundant network parameters, reduce the volume of the first data protection model, then first calculate based on the network parameters in the first data protection model, determine sparsity of the first data protection model, the more sparse the network represents the more network parameters that can be clipped, the smaller the network can be after clipping, the higher the calculation efficiency, train the first data protection model according to the network sparsity, and realize the sparsity degree of the network parameters in the adjustment model until the sparsity of the model reaches the preset target.
Further, the calculation may be performed based on an L1 norm when calculating the sparse constraint of the first data protection model, where the L1 norm refers to the sum of absolute values of elements in the vector, that is, a "sparse rule operator" (Lasso regularization, least Absolute Shrinkage and SelectionOperator (LASSO)), also called linear regression, and the L1 norm of the network model is obtained by adding absolute values of network parameters, and the parameter value is proportional to the model complexity, so that the more complex model has a larger L1 norm, the larger loss function related to the L1 norm is finally caused, which means that network clipping optimization is still needed for the model at this time.
In the embodiment of the present specification, the sparsity loss of the first data protection model may be calculated based on the network parameters in the first data protection model, and when the network parameters of the first data protection model are represented by θ, the sparsity loss of the first data protection model may be represented by an L1-norm calculation as
S=||θ|| 1 。
S407, constructing a second loss function according to the first loss result and the sparse loss, and performing second training on the first data protection model based on the second loss function to obtain a second data protection model.
Optionally, after the first loss result and the sparse loss are obtained, a second loss function can be constructed according to the first loss result and the sparse loss, and then the second training is performed on the first data protection model based on the second loss function, so that a second data protection model with smaller calculation volume and higher calculation efficiency is obtained.
Specifically, since the first loss result is fitted in a direction close to the preset protection function, and the sparse loss is fitted in a direction close to the clipping network parameter, in order to achieve an equilibrium state between the data protection performance and the calculation efficiency of the finally obtained second data protection model, different weight values of the preset first loss result and the sparse loss can be set so as to adjust the specific gravity of the preset first loss result and the sparse loss in the second loss function, and further control the training direction of the first data protection model, that is, when the second loss function is constructed and constructed, the first loss weight of the first loss result and the second loss weight of the sparse loss are firstly obtained, and the second loss function is constructed according to the product of the first loss weight and the first loss result and the product of the second loss weight and the sparse loss.
For ease of understanding, the first Loss weight is denoted as α, the second Loss weight is denoted as β, the first Loss result corresponding to the first Loss function of the first data protection model is Loss, the sparse Loss of the first data protection model is S, then the second Loss function is denoted as,
Loss total =α*Loss+β*S。
optionally, when the first data protection model is trained through the second loss function, because parameters and network structures of the first data protection model are continuously adjusted in the training process, the corresponding first loss weight and second loss weight need to be modified based on each network adjustment, at this time, the first loss weight and the second loss weight can be manually modified, a meta-network for learning the loss weight can also be entered, and the meta-network can be used as a preset weight network model, and can perform unsupervised learning, and training can be performed based on a second loss result corresponding to each second loss function of the first data protection model, and the updated first loss weight of the first loss function and the second loss weight of the sparse loss can be continuously output, namely, the preset weight network model is trained based on the second loss result obtained in the last training process and the preset weight network model, so as to obtain the first loss weight of the first loss function and the second loss weight of the sparse loss.
Optionally, after the first data protection model is connected to the preset weight network model, the second training may be performed on the first data protection model based on the second loss function, and meanwhile, the third training may be performed on the preset weight network model based on the second loss function. The first data protection model and the preset weight network model are trained alternately.
In the embodiment of the present disclosure, a data protection model training method is provided, performing a second training on a first data protection model, determining a network parameter sparseness degree of the first data protection model based on a sparseness loss of the first data protection model, cutting unnecessary network parameters according to the sparseness loss while guaranteeing a data protection performance of the first data protection model, reducing a network volume of the first data protection model, and obtaining a second data protection model with excellent data protection performance, high calculation efficiency and smaller network scale through training, so as to enhance a deployment capability and an adaptability of the second data protection model in an actual scene.
Referring to fig. 5, fig. 5 is a flowchart of a data protection method according to an embodiment of the present disclosure.
As shown in fig. 5, the data protection method at least may include:
s501, responding to a data encryption request, and carrying out encryption processing on target original data based on a data encryption model to obtain target encrypted data corresponding to the target original data.
Optionally, in an actual application scenario, in order to realize protection of user privacy data, a data protection model may be deployed in the device, where the device may acquire protection processing for related data based on the data protection model. When data needs to be encrypted, a data encryption model is deployed in the device, at this time, the data encryption request can be responded first, encryption processing is performed on the obtained target original data based on the deployed data encryption model, and target encrypted data corresponding to the target original data is obtained, where the data protection model used is the data protection model in any embodiment of the present specification.
In the embodiment of the specification, when the preset protection function is the homomorphic encryption function, the data protection model can realize the data protection performance equivalent to the homomorphic encryption function, in an actual scene, after the device responds to the data encryption request, the data encryption model is used for encrypting the target original data to obtain the target encrypted data, the target encrypted data can be directly uploaded to the server so as to enable the server to calculate the target encrypted data, and due to the encryption effect of the data encryption model, the calculation result of the server on the target encrypted data is equivalent to the calculation result of the server on the target original data, so that the server directly calculates on the basis of the target encrypted data to meet the response user requirement under the condition that the target original data is not known, the target original data is prevented from being exposed in the data transmission, storage and calculation processes, and meanwhile, the data encryption model is used for realizing the homomorphic efficient and safe encryption effect with smaller calculation amount while reducing the calculation pressure of the device, the encryption performance of the small calculation power device is greatly improved, and the user information safety is more tightly protected.
S502, responding to the data decryption request, and carrying out decryption processing on the target encrypted data based on the data decryption model to obtain target decrypted data corresponding to the target original data.
Similarly, when data needs to be decrypted, a data decryption model is deployed in the device, and at this time, the data decryption model may be firstly responded, and decryption processing is performed on the obtained target decryption data based on the deployed data decryption model to obtain the corresponding target decryption data, where the data protection model used is a data protection model in any embodiment of the present specification.
In an embodiment of the present disclosure, a data protection method is provided, where a data protection model in any one of the foregoing embodiments is deployed in an actual application scenario, and in response to a data encryption request, encryption processing is performed on target original data based on the data encryption model, so as to obtain target encrypted data corresponding to the target original data; and responding to the data decryption request, and carrying out decryption processing on the target encrypted data based on the data decryption model to obtain target decrypted data corresponding to the target original data, so that the calculated amount of the equipment in data protection processing is reduced, the calculation efficiency is improved, and the data security guarantee is realized.
Referring to fig. 6, fig. 6 is a block diagram of a training device for data protection model according to an embodiment of the present disclosure. As shown in fig. 6, the data protection model training apparatus 600 includes:
the data acquisition module 610 is configured to acquire at least two sample raw data, input each sample raw data to an initial network model, and obtain sample output data corresponding to each sample raw data, where the initial network model is constructed based on a preset protection function;
the first loss calculation module 620 is configured to obtain each standard output data after the original data of each sample is processed by the preset protection function, and obtain a first distillation loss based on each standard output data and each sample output data;
a second loss calculation module 630, configured to calculate a first correlation between the standard output data and a second correlation between the sample output data, and obtain a second distillation loss based on the first correlation and the second correlation;
the first model training module 630 is configured to construct a first loss function according to the first distillation loss and the second distillation loss, and perform a first training on the initial network model based on the first loss function, so as to obtain a first data protection model.
Optionally, the first loss calculation module 620 is further configured to calculate a first sub-distillation loss between each standard output data and the sample output data corresponding to each standard output data, and take the sum of each first sub-distillation loss as the first distillation loss.
Optionally, the second loss calculation module 630 is further configured to group each standard output data and each sample output data based on the same preset rule, so as to obtain at least one group of standard output data groups and sample output data groups corresponding to each standard output data group; a first correlation between the standard output data in each set of standard output data sets is calculated, and a second correlation between the sample output data in each set of sample output data sets is calculated.
Optionally, the second loss calculation module 630 is further configured to calculate a second sub-distillation loss between each first correlation and a second correlation corresponding to each first correlation, and take a sum of each second sub-distillation loss as the second distillation loss.
Optionally, the data protection model training apparatus 600 further includes: the second model training module is used for acquiring sample original data, inputting the sample original data into the first data protection model, and obtaining a first loss result based on a first loss function; calculating a sparse loss of the first data protection model based on network parameters in the first data protection model; and constructing a second loss function according to the first loss result and the sparse loss, and performing second training on the first data protection model based on the second loss function to obtain a second data protection model.
Optionally, the second model training module is further configured to obtain a first loss weight of the first loss result and a second loss weight of the sparse loss; and constructing a second loss function according to the product of the first loss weight and the first loss result and the product of the second loss weight and the sparse loss.
Optionally, the second model training module is further configured to obtain a first loss weight of the first loss function and a second loss weight of the sparse loss according to a second loss result obtained in a previous training process and a preset weight network model.
Optionally, the second model training module is further configured to perform second training on the first data protection model and perform third training on the preset weight network model based on the second loss function.
Optionally, the preset protection function is a preset encryption function or a preset decryption function.
In an embodiment of the present disclosure, a data protection model training device is provided, where a data acquisition module is configured to construct an initial network model based on a preset protection function, input original data of each sample into the initial network model, and obtain output data of each sample; the first loss calculation module is used for obtaining first distillation loss based on the standard output data and the sample output data after processing the original data of each sample by a preset protection function; a second loss calculation module, configured to obtain a second distillation loss based on the first correlation between the standard output data and the second correlation between the sample output data; and the first model training module is used for carrying out first training on the initial network model according to the first distillation loss and the second distillation loss to obtain a first data protection model. The calculation characteristics of the preset protection function when the data are processed can be reflected in the first correlation among the standard output data after the sample original data are processed by the preset protection function, so that the first correlation among the standard output data and the second correlation among the sample output data are used for constructing the loss calculation of the training data protection model, the data protection model can be enabled to more accurately fit the calculation characteristics and the calculation capacity of the preset protection function when the data are processed from the angle of the correlation among the output data, and the more accurate data protection model is obtained.
Referring to fig. 7, fig. 7 is a block diagram of a data protection device according to an embodiment of the present disclosure. As shown in fig. 7, the data protection apparatus 700 includes:
the encryption module 710 is configured to respond to the data encryption request, and encrypt the target original data based on the data encryption model to obtain target encrypted data corresponding to the target original data;
the decryption module 720 is configured to respond to the data decryption request, and decrypt the target encrypted data based on the data decryption model to obtain target decrypted data corresponding to the target original data;
the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method in any embodiment of the specification.
In an embodiment of the present disclosure, a data protection device is provided, where a data protection model in any one of the foregoing embodiments is deployed in an actual application scenario, and an encryption module is configured to respond to a data encryption request, and perform encryption processing on target original data based on the data encryption model, so as to obtain target encrypted data corresponding to the target original data; and the decryption module is used for responding to the data decryption request, carrying out decryption processing on the target encrypted data based on the data decryption model, and obtaining target decrypted data corresponding to the target original data, so that the calculated amount of the equipment in data protection processing is reduced, the calculation efficiency is improved, and the data security guarantee is realized.
The present description provides a computer program product comprising instructions which, when run on a computer or a processor, cause the computer or the processor to perform the steps of the method of any of the above embodiments.
The present description also provides a computer storage medium having stored thereon a plurality of instructions adapted to be loaded by a processor and to carry out the steps of the method according to any of the embodiments described above.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure. As shown in fig. 8, the terminal 800 may include: at least one terminal processor 801, at least one network interface 803, a user interface 803, memory 805, at least one communication bus 802.
Wherein a communication bus 802 is used to enable connected communication between these components.
The user interface 803 may include a Display screen (Display) and a Camera (Camera), and the optional user interface 803 may further include a standard wired interface and a wireless interface.
The network interface 803 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.
Wherein the terminal processor 801 may comprise one or more processing cores. The terminal processor 801 connects various parts within the entire terminal 800 using various interfaces and lines, performs various functions of the terminal 800 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 805, and invoking data stored in the memory 805. Alternatively, the terminal processor 801 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The terminal processor 801 may integrate one or a combination of several of a central processor (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the terminal processor 801 and may be implemented by a single chip.
The Memory 805 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (ROM). Optionally, the memory 805 includes a non-transitory computer readable medium (non-transitory computer-readable storage medium). Memory 805 may be used to store instructions, programs, code, sets of codes, or instruction sets. The memory 805 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the above-described respective method embodiments, etc.; the storage data area may store data or the like referred to in the above respective method embodiments. The memory 805 may also optionally be at least one storage device located remotely from the aforementioned terminal processor 801. As shown in fig. 8, an operating system, a network communication module, a user interface module, and a data protection model training program may be included in the memory 805 as one type of computer storage medium.
In the terminal 800 shown in fig. 8, the user interface 803 is mainly used for providing an input interface for a user, and acquiring data input by the user; and the terminal processor 801 may be configured to invoke the data protection model training program stored in the memory 805 and specifically perform the following operations:
Acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function;
obtaining standard output data after processing original data of each sample by a preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data;
calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation;
and constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
In some embodiments, the terminal processor 801, when performing the first distillation loss based on the standard output data and the sample output data, specifically performs the following steps: and calculating first sub-distillation losses between each standard output data and sample output data corresponding to each standard output data, and taking the sum of the first sub-distillation losses as the first distillation loss.
In some embodiments, the terminal processor 801, when performing the calculation of the first correlation between the standard output data and the second correlation between the sample output data, specifically performs the following steps: grouping each standard output data and each sample output data based on the same preset rule to obtain at least one group of standard output data groups and sample output data groups corresponding to each standard output data group; a first correlation between the standard output data in each set of standard output data sets is calculated, and a second correlation between the sample output data in each set of sample output data sets is calculated.
In some embodiments, the terminal processor 801, when performing the second loss of distillation based on the first correlation and the second correlation, specifically performs the steps of: and calculating second sub-distillation losses between each first correlation and the second correlation corresponding to each first correlation, and taking the sum of the second sub-distillation losses as the second distillation loss.
In some embodiments, after executing the first data protection model, the terminal processor 801 further specifically performs the following steps: acquiring sample original data, inputting the sample original data into a first data protection model, and obtaining a first loss result based on a first loss function; calculating a sparse loss of the first data protection model based on network parameters in the first data protection model; and constructing a second loss function according to the first loss result and the sparse loss, and performing second training on the first data protection model based on the second loss function to obtain a second data protection model.
In some embodiments, the terminal processor 801, when executing the construction of the second penalty function from the first penalty result and the sparse penalty, specifically performs the following steps: acquiring a first loss weight of a first loss result and a second loss weight of sparse loss; and constructing a second loss function according to the product of the first loss weight and the first loss result and the product of the second loss weight and the sparse loss.
In some embodiments, the terminal processor 801, when executing the acquisition of the first penalty weight of the first penalty function and the second penalty weight of the sparse penalty, specifically performs the following steps: and obtaining a first loss weight of the first loss function and a second loss weight of the sparse loss according to a second loss result obtained in the last training process and a preset weight network model.
In some embodiments, the terminal processor 801, when performing the second training of the first data protection model based on the second loss function, specifically performs the following steps: and performing second training on the first data protection model based on the second loss function, and performing third training on the preset weight network model.
In some embodiments, the preset protection function is a preset encryption function or a preset decryption function.
Optionally, in the terminal 800 shown in fig. 8, the user interface 803 is mainly used as an interface for providing input for a user, and obtains data input by the user; the terminal processor 801 may also be used to invoke a data protection program stored in the memory 805 and specifically perform the following operations:
responding to the data encryption request, and carrying out encryption processing on the target original data based on the data encryption model to obtain target encrypted data corresponding to the target original data;
responding to the data decryption request, and carrying out decryption processing on the target encrypted data based on the data decryption model to obtain target decrypted data corresponding to the target original data;
the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method in any one of the above embodiments.
In the several embodiments provided in this specification, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product described above includes one or more computer instructions. When the computer program instructions described above are loaded and executed on a computer, the processes or functions described in accordance with the embodiments of the present specification are all or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted across a computer-readable storage medium. The computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (DigitalSubscriberLine, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage media may be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital versatile disk (DigitalVersatileDisc, DVD)), or a semiconductor medium (e.g., a solid state disk (SolidStateDisk, SSD)), or the like.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present description is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present description. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all necessary in the specification.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
The foregoing description of a data protection model training and data protection method, apparatus, and storage medium is provided for the present specification, and it is to be understood that the content of the present specification should not be construed as limiting the present specification, since modifications will be apparent to those skilled in the art from the concepts of the embodiments of the present specification.
Claims (15)
1. A method of training a data protection model, the method comprising:
Acquiring at least two sample original data, inputting each sample original data into an initial network model, and obtaining sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function;
obtaining standard output data after the original data of each sample are processed by the preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data;
calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation;
and constructing a first loss function according to the first distillation loss and the second distillation loss, and performing first training on the initial network model based on the first loss function to obtain a first data protection model.
2. The method of claim 1, the deriving a first distillation loss based on each standard output data and each sample output data, comprising:
and calculating first sub-distillation losses between each standard output data and sample output data corresponding to each standard output data, and taking the sum of the first sub-distillation losses as the first distillation loss.
3. The method of claim 1, the computing a first correlation between standard output data and a second correlation between sample output data, comprising:
grouping each standard output data and each sample output data based on the same preset rule to obtain at least one group of standard output data groups and sample output data groups corresponding to each standard output data group;
a first correlation between the standard output data in each set of standard output data sets is calculated, and a second correlation between the sample output data in each set of sample output data sets is calculated.
4. A method according to claim 3, said deriving a second distillation loss based on said first correlation and said second correlation, comprising:
and calculating second sub-distillation losses between each first correlation and the second correlation corresponding to each first correlation, and taking the sum of the second sub-distillation losses as the second distillation loss.
5. A method according to any one of claims 1 to 3, further comprising, after said deriving the first data protection model:
acquiring the original data of the samples, inputting the original data of each sample into the first data protection model, and obtaining a first loss result based on the first loss function;
Calculating a sparse loss of the first data protection model based on network parameters in the first data protection model;
and constructing a second loss function according to the first loss result and the sparse loss, and performing second training on the first data protection model based on the second loss function to obtain a second data protection model.
6. The method of claim 5, the constructing a second loss function from the first loss result and the sparse loss, comprising:
acquiring a first loss weight of the first loss result and a second loss weight of the sparse loss;
and constructing a second loss function according to the product of the first loss weight and the first loss result and the product of the second loss weight and the sparse loss.
7. The method of claim 6, the obtaining a first loss weight for the first loss function and a second loss weight for the sparse loss, comprising:
and obtaining a first loss weight of the first loss function and a second loss weight of the sparse loss according to a second loss result obtained in the last training process and a preset weight network model.
8. The method of claim 7, the second training of the first data protection model based on the second loss function comprising:
and performing second training on the first data protection model based on the second loss function, and performing third training on the preset weight network model.
9. The method of claim 1, the preset protection function being a preset encryption function or a preset decryption function.
10. A method of data protection, the method comprising:
responding to a data encryption request, and carrying out encryption processing on target original data based on a data encryption model to obtain target encrypted data corresponding to the target original data;
responding to a data decryption request, and performing decryption processing on the target encrypted data based on a data decryption model to obtain target decryption data corresponding to the target original data;
wherein the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method according to any one of claims 1 to 9.
11. A data protection model training apparatus, the apparatus comprising:
the data acquisition module is used for acquiring at least two sample original data, inputting each sample original data into the initial network model to obtain sample output data corresponding to each sample original data, wherein the initial network model is constructed based on a preset protection function;
The first loss calculation module is used for obtaining standard output data after the original data of each sample are processed by the preset protection function, and obtaining first distillation loss based on the standard output data and the sample output data;
a second loss calculation module for calculating a first correlation between the standard output data and a second correlation between the sample output data, and obtaining a second distillation loss based on the first correlation and the second correlation;
and the first model training module is used for constructing a first loss function according to the first distillation loss and the second distillation loss, and carrying out first training on the initial network model based on the first loss function to obtain a first data protection model.
12. A data protection apparatus, the apparatus comprising:
the encryption module is used for responding to the data encryption request, and encrypting the target original data based on the data encryption model to obtain target encrypted data corresponding to the target original data;
the decryption module is used for responding to the data decryption request, and performing decryption processing on the target encrypted data based on a data decryption model to obtain target decrypted data corresponding to the target original data;
Wherein the data encryption model or the data decryption model is a data protection model obtained by training the data protection model training method according to any one of claims 1 to 9.
13. A computer program product comprising instructions which, when run on a computer or processor, cause the computer or processor to perform the steps of the method of any of claims 1 to 9 or 10.
14. A computer storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the steps of the method of any one of claims 1 to 9 or 10.
15. A terminal comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method according to any one of claims 1 to 9 or 10 when the program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211089109.8A CN116150774A (en) | 2022-09-07 | 2022-09-07 | Data protection model training and data protection method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211089109.8A CN116150774A (en) | 2022-09-07 | 2022-09-07 | Data protection model training and data protection method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116150774A true CN116150774A (en) | 2023-05-23 |
Family
ID=86358818
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211089109.8A Pending CN116150774A (en) | 2022-09-07 | 2022-09-07 | Data protection model training and data protection method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116150774A (en) |
-
2022
- 2022-09-07 CN CN202211089109.8A patent/CN116150774A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021179720A1 (en) | Federated-learning-based user data classification method and apparatus, and device and medium | |
| CN111814985B (en) | Model training method under federal learning network and related equipment thereof | |
| WO2020199693A1 (en) | Large-pose face recognition method and apparatus, and device | |
| WO2022089256A1 (en) | Method, apparatus and device for training federated neural network model, and computer program product and computer-readable storage medium | |
| EP3627759B1 (en) | Method and apparatus for encrypting data, method and apparatus for training machine learning model, and electronic device | |
| CN110750801B (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN112085159B (en) | User tag data prediction system, method and device and electronic equipment | |
| US10719693B2 (en) | Method and apparatus for outputting information of object relationship | |
| US11977974B2 (en) | Compression of fully connected / recurrent layers of deep network(s) through enforcing spatial locality to weight matrices and effecting frequency compression | |
| WO2023174036A1 (en) | Federated learning model training method, electronic device and storage medium | |
| CN112818374A (en) | Joint training method, device, storage medium and program product of model | |
| US20180181878A1 (en) | Privacy-preserving transformation of continuous data | |
| WO2022105117A1 (en) | Method and device for image quality assessment, computer device, and storage medium | |
| EP4202768A1 (en) | Machine learning model training method and related device | |
| CN112989399A (en) | Data processing system and method | |
| CN114547658A (en) | Data processing method, device, equipment and computer readable storage medium | |
| CN116432040B (en) | Model training method, device and medium based on federal learning and electronic equipment | |
| CN112434323A (en) | Model parameter obtaining method and device, computer equipment and storage medium | |
| CN112149834B (en) | Model training method, device, equipment and medium | |
| CN116150774A (en) | Data protection model training and data protection method, device and storage medium | |
| WO2023038978A1 (en) | Systems and methods for privacy preserving training and inference of decentralized recommendation systems from decentralized data | |
| CN114004265A (en) | Model training method and node equipment | |
| CN116150775A (en) | Data protection model training and data protection method, device and storage medium | |
| CN111709784A (en) | Method, apparatus, device and medium for generating user retention time | |
| CN116663064B (en) | Privacy protection neural network prediction method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |