[go: up one dir, main page]

CN112434323A - Model parameter obtaining method and device, computer equipment and storage medium - Google Patents

Model parameter obtaining method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN112434323A
CN112434323A CN202011399934.9A CN202011399934A CN112434323A CN 112434323 A CN112434323 A CN 112434323A CN 202011399934 A CN202011399934 A CN 202011399934A CN 112434323 A CN112434323 A CN 112434323A
Authority
CN
China
Prior art keywords
data
gradient
target
obtaining
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011399934.9A
Other languages
Chinese (zh)
Inventor
侯宪龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202011399934.9A priority Critical patent/CN112434323A/en
Publication of CN112434323A publication Critical patent/CN112434323A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请公开了一种模型参数获取方法、装置、计算机设备及存储介质,涉及机器学习模型技术领域。该方法包括:获取第一数据库中的原始数据的第一梯度;对第一梯度进行局部差分隐私LDP处理,获取第一目标梯度;根据第一目标梯度,计算目标参数,目标参数是训练机器学习模型的待确定参数。本申请通过对第一数据库中原始数据的第一梯度做LDP处理,得到第一目标梯度,利用第一目标梯度计算机器学习模型中的待确定参数,由于通过LDP对第一梯度进行扰动,规避了具有机器学习模型的背景知识攻击者发起的差分攻击,降低了数据库中数据泄露的风险,提高了建模过程中数据的安全性。

Figure 202011399934

The present application discloses a model parameter acquisition method, device, computer equipment and storage medium, and relates to the technical field of machine learning models. The method includes: obtaining a first gradient of original data in a first database; performing local differential privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, where the target parameters are used for training machine learning The parameters to be determined for the model. The present application obtains the first target gradient by performing LDP processing on the first gradient of the original data in the first database, and uses the first target gradient to calculate the parameters to be determined in the machine learning model. The differential attack launched by the attacker with the background knowledge of the machine learning model reduces the risk of data leakage in the database and improves the security of the data during the modeling process.

Figure 202011399934

Description

Model parameter obtaining method and device, computer equipment and storage medium
Technical Field
The invention relates to the technical field of machine learning models, in particular to a model parameter obtaining method and device, computer equipment and a storage medium.
Background
With the continuous evolution of the big data era, more and more data are contained in the existing database, and it is very common to train the model by calling the data in the database.
Currently, for each independent database, the databases may be regarded as a data island, and different data of the same user may exist in the databases. For example, there are two databases, which contain the same users but have respective data features, and in the process of training the machine learning model, each database may be trained by using its own data features, or the data features of multiple databases may be combined to achieve the effect of combined modeling. In the joint modeling process, when data is encrypted, a homomorphic encryption mode is mainly used.
In the scheme, a homomorphic encryption mode is adopted in the combined modeling process and needs to be established under the condition of a half-honest assumption, so that the risk of data leakage exists, and the problem of low data safety in the modeling process is caused.
Disclosure of Invention
The embodiment of the application provides a method and a device for obtaining model parameters, computer equipment and a storage medium, which can improve the confidentiality of data in a modeling process and increase the security of the data. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides a method for obtaining model parameters, where the method includes:
acquiring a first gradient of original data in a first database;
performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training a machine learning model.
In one aspect, an embodiment of the present application provides a model parameter obtaining apparatus, where the apparatus includes:
the acquisition module is used for acquiring a first gradient of the original data in the first database; performing local differential privacy LDP processing on the first gradient to obtain a first target gradient;
and the processing module is used for calculating a target parameter according to the first target gradient, wherein the target parameter is a parameter to be determined for training a machine learning model.
In another aspect, an embodiment of the present application provides a computer device, including a memory and a processor, where the memory stores a computer program, and when the computer program is executed by the processor, the processor is enabled to implement the model parameter obtaining method according to the above aspect.
In another aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and when executed by a processor, the computer program implements the model parameter obtaining method according to the above aspect.
In another aspect, the present application provides a computer program product, which when run on a computer, causes the computer to execute the model parameter obtaining method according to the above one aspect.
In another aspect, an embodiment of the present application provides an application publishing platform, where the application publishing platform is configured to publish a computer program product, where when the computer program product runs on a computer, the computer is caused to execute the model parameter obtaining method according to the above aspect.
The technical scheme provided by the embodiment of the application can at least comprise the following beneficial effects:
in the present application, by obtaining a first gradient of raw data in a first database; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a joint modeling to which an exemplary embodiment of the present application relates;
FIG. 2 is a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application;
FIG. 3 is a flowchart of a method for model parameter acquisition according to an exemplary embodiment of the present application;
FIG. 4 is a schematic structural diagram of an A mechanism provided in an exemplary embodiment of the present application;
FIG. 5 is a flowchart of a method for model parameter acquisition according to an exemplary embodiment of the present application;
fig. 6 is a block diagram of a model parameter obtaining apparatus according to an exemplary embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device according to an exemplary embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Reference herein to "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The scheme provided by the application can be used in a real scene in which an application program runs in a terminal when people use the terminal in daily life, and for convenience of understanding, some terms and application scenes related to the embodiment of the application are first briefly introduced below.
Machine learning is a multi-disciplinary cross specialty, covers probability theory knowledge, statistical knowledge, approximate theoretical knowledge and complex algorithm knowledge, uses a computer as a tool and is dedicated to a real-time simulation human learning mode, and knowledge structure division is carried out on the existing content to effectively improve learning efficiency.
Federal machine learning (fed machine learning/fed learning), also known as federal learning, joint learning, league learning. Federal machine learning is a machine learning framework, and can effectively help a plurality of organizations to perform data use and machine learning modeling under the condition of meeting the requirements of user privacy protection, data safety and government regulations.
Vertical federal learning (vertical federal learning), which is to say, the training data of each participant is divided vertically, wherein different data characteristics of a common sample of a plurality of participants are combined for federal learning. Vertical federal learning, also known as sample-aligned federal learning (sample-aligned fed learning), i.e., training samples of participants in vertical federal learning are aligned, can increase training data feature dimensions.
Random response technology (randomised response) is a research method used in structured interviews, and is a standard local variance privacy perturbation mechanism.
The gradient is a vector (vector) indicating that the directional derivative of a certain function at that point takes a maximum value along that direction, i.e. the function changes most rapidly and at the point along that direction (the direction of this gradient) with the greatest rate of change (being the modulus of the gradient).
With the continuous evolution of big data era, various industries strive to change ideas in advance, and change from empiric meaning to data intelligent era of carrying out analysis and decision by relying on data.
At present, various organizations, companies, manufacturers and the like have the ability to establish their own databases, and with the increasing number of users and frequent use of users, the data of the users that can be stored in the databases is increasing, and in the aspect of machine learning, the data stored in the databases can be used for model training, so as to obtain the machine learning model that is desired to be obtained. The more data, the richer the feature types and the more accurate the labels are adopted in the training process of the machine learning model, and the stronger the prediction capability and the higher the accuracy of the model generated by different machine learning and deep learning algorithms through the data are.
However, since there is physical isolation between organizations, companies, manufacturers, etc., for example, databases of the organizations do not intercommunicate, and each organization stores respective data, and the data in the database of each organization is equivalent to exist in the form of data islands inside each organization. When two different organizations exist, most of their users are the same, but each has respective characteristics, if modeling of the characteristics can be combined, the model effect is often due to independent modeling, namely federal machine learning, for example, organization A is a bank, and has characteristics in credit; the organization B is an insurance company, and has features of property health, etc., and if the two organizations are located together, users of the two organizations may overlap for a large part. If the joint modeling is to be realized, generally, the organization a directly transmits corresponding data and characteristics to the organization B through a trusted channel, or the two organizations simultaneously transmit respective data to a trusted third party for fusion modeling.
Refer to FIG. 1, which illustrates a schematic structural diagram of a joint modeling in accordance with an exemplary embodiment of the present application. As shown in fig. 1, a number of computer devices 101, a central computer device 102, are included.
Optionally, the plurality of computer devices 101 may be servers or terminals, where a server may be one server, or a plurality of servers, or one virtualization platform, or one cloud computing service center. The terminal may be a mobile phone, a tablet computer, an e-book reader, smart glasses, a smart watch, a notebook computer, a laptop portable computer, a desktop computer, and the like.
The central computer device 102 may also be a server or a terminal as described above.
When the joint model training is performed, the computer device may transmit data and features of a database in an organization corresponding to the computer device through a trusted channel to a computer device (for example, another computer device in the computer devices 101) corresponding to another organization, so as to implement data intercommunication between two or more organizations and further perform joint modeling. Or, the computer device may also send the data and features of the database in the organization corresponding to the computer device to the central computer device 102 (the central computer device 102 serves as a trusted third party), and the central computer device 102 performs joint modeling on the received data of the other computer devices, so as to finally train the model.
Optionally, the computer devices may be connected through a communication network, and optionally, the communication network is a wired network or a wireless network.
Optionally, the wireless network or wired network described above uses standard communication techniques and/or protocols. The Network is typically the Internet, but may be any Network including, but not limited to, a Local Area Network (LAN), a Metropolitan Area Network (MAN), a Wide Area Network (WAN), a mobile, wireline or wireless Network, a private Network, or any combination of virtual private networks. In some embodiments, data exchanged over a network is represented using techniques and/or formats including Hypertext Mark-up Language (HTML), Extensible Markup Language (XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as Secure Socket Layer (SSL), Transport Layer Security (TLS), Virtual Private Network (VPN), Internet Protocol Security (IPsec). In other embodiments, custom and/or dedicated data communication techniques may also be used in place of, or in addition to, the data communication techniques described above.
However, with the release of the european union General Data Protection Regulation (GDPR) and the corresponding data privacy protection regulation of domestic response to departure, it is increasingly not feasible to directly perform fusion modeling of data between different organizations. Therefore, for joint modeling, the methods commonly used in the industry at present are mainly classified into the following two types: 1) by means of manually carrying data, 2) by longitudinal federal learning based on homomorphic encryption.
The method for manually carrying data comprises the following steps: the mechanism A dispatches a modeling worker to carry the identity identification number (ID) and the characteristics of the encrypted sample to a modeling machine of the mechanism B through a physical storage device, the modeling worker of the mechanism B uploads the encrypted sample and the characteristics to the modeling machine, and data integration and modeling are carried out in an encrypted sample alignment mode. The whole process needs the participation of modeling personnel of the mechanisms A and B, and hidden data leakage hazards exist.
The longitudinal federated modeling scheme based on homomorphic encryption is as follows: a longitudinal federal learning framework is deployed in the organization A and the organization B, and model training gradients are encrypted in a homomorphic encryption mode and then are mutually transmitted, so that the purpose of combined modeling is achieved. The scheme needs to be established under the condition of a semi-honest assumption, so that if an attacker with background knowledge exists, the hidden danger of data leakage exists. In addition, under the existing calculation force condition, the realization of homomorphic or semi-homomorphic encryption algorithm can reduce the modeling efficiency and increase the training time of the model.
In order to solve the problem of risk of data leakage and low data security in the joint modeling process in the related art, the present application provides a model parameter obtaining method, please refer to fig. 2, which shows a method flowchart of a model parameter obtaining method provided in an exemplary embodiment of the present application. The method can be applied to a computer device shown in fig. 1, and executed by the computer device, as shown in fig. 2, the model parameter obtaining method can include the following steps.
Step 201, a first gradient of raw data in a first database is obtained.
The first database may be any one of databases, for example, the first database may be a database of a certain bank, a database of an insurance company, a database of a communication company, and the like. The raw data in the database may be data stored in the database in a two-dimensional matrix. Alternatively, the raw data may be stored in the form of samples and variables (data characteristics) in the database. Please refer to table 1, which shows a schematic structure of a kind of original data related to an exemplary embodiment of the present application.
TABLE 1
Sample(s) Variable one Variable two Variable three ……
Sample one a b c ……
Sample two d e f ……
Sample three h i j ……
…… …… …… …… ……
As shown in table 1, for each sample, there may be multiple variables. Where a and b … … j each represent a value corresponding to each variable. Optionally, the computer device may calculate, for each sample, a first gradient corresponding to each sample for the raw data in the first database.
Step 202, performing local differential privacy LDP processing on the first gradient to obtain a first target gradient.
Optionally, the computer device performs Local Differential Privacy (LDP) processing on the obtained first gradient, where the processed first gradient is a first target gradient.
And step 203, calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model.
The process of training the machine learning model can be regarded as a determination process of parameters to be determined in the machine learning model, and the target parameters calculated here are just the parameters to be determined in the machine learning model. Optionally, the computer device may bring the first target gradient into a calculation formula of the target parameter, so as to perform iterative calculation to obtain a final target parameter.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
In a possible implementation manner, the machine learning model is a longitudinal federal learning model, and in the scheme, computer equipment of a first organization (any one of the organizations) is used as an execution main body, and second target gradients of other organizations are acquired, so that data interaction in a process of building a joint model between different organizations is realized. And the second target gradient is obtained after LDP processing is carried out on the second gradient of the original data of the second database.
Referring to fig. 3, a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application is shown. The method can be applied to a computer device shown in fig. 1, and executed by the computer device, as shown in fig. 3, the model parameter obtaining method can include the following steps.
Step 301, obtaining data characteristics of the original data in the first database.
The original data in the first database is as described in the embodiment of fig. 2, and will not be described herein again.
Optionally, the computer device may obtain, according to the original data in the first database, a mathematical index of each data feature corresponding to the original data, where the mathematical index may be one or more of a missing value, a variance, and a standard deviation; and the computer equipment screens all the data characteristics according to the mathematical index to acquire the data characteristics of the original data in the first database.
Optionally, when the mathematical indicator is a missing value, the computer device may obtain, according to the original data in the first database, a missing value of each data feature corresponding to the original data, and perform screening according to the first target threshold, to obtain a data feature of the original data in the first database, where the missing value is smaller than the first target threshold. For example, in table 1 above, the computer device may calculate missing values of the variables one to three, and if the missing value of the variable one is smaller than the first target threshold, the variable one is a data feature acquired by the computer device. Wherein the first target threshold may be preset in the computer device by a developer.
Optionally, when the mathematical indicator is a variance, the computer device may obtain, according to the original data in the first database, a variance of each data feature corresponding to the original data, and perform screening according to the second target threshold, to obtain a data feature of the original data in the first database, where the variance is smaller than the second target threshold. For example, in table 1 above, the computer device may calculate the variance of each of the variable one to the variable three, and if the variance of the variable one is smaller than the second target threshold, the variable one is a data feature acquired by the computer device. Wherein the second target threshold may be preset in the computer device by a developer.
Optionally, when the mathematical index is a standard deviation, the computer device may obtain, according to the original data in the first database, respective standard deviations of data features corresponding to the original data, and perform screening according to a third target threshold, to obtain a data feature of the original data in the first database, where the standard deviation is greater than the third target threshold. For example, in table 1 above, the computer device may calculate respective standard deviations of the first variable to the third variable, and if the standard deviation of the first variable is greater than the third target threshold, the first variable is a data feature acquired by the computer device. Wherein the third target threshold may be preset in the computer device by a developer.
In a possible implementation manner, the above mathematical indicators may also include missing values and variances; the computer device may obtain data features of which the missing value is smaller than a first target threshold and the variance is larger than a second target threshold. In table 1, the computer device may calculate the missing value and the variance of each of the first variable to the third variable, and if the missing value of the first variable is smaller than the first target threshold and the variance of the first variable is larger than the second target threshold, the first variable is a data feature acquired by the computer device. Optionally, the data characteristics obtained by the computer device may also be filtered by matching with one or more other mathematical indicators, which is not limited in this application and is not further exemplified herein.
Optionally, in the computer device, the data transmission port for acquiring the data characteristics of the original data in the first database is a unidirectional transmission port. That is, in a computer device, data is allowed to be transmitted in one direction during the transmission of data features. Before this step, the method further comprises: and acquiring a third data index, and suspending the currently executed step in response to the third data index being larger than a third index threshold value. The third data index comprises one or more items of data transmission size and data transmission frequency in the process of acquiring the data characteristics of the original data in the first database. Correspondingly, the present application may further continue to perform the currently performed step in response to the third data indicator not being greater than the third indicator threshold.
In one possible implementation, the third data index includes a data transmission size during the process of obtaining the data characteristic of the original data in the first database. For example, in the process of acquiring the data characteristic, the computer device may monitor the data characteristic acquiring process through another computer program, acquire a data transmission size in the process, if the acquired data transmission size is greater than a third index threshold, it indicates that the data transmission process is abnormal, stop the step of acquiring the data characteristic of the original data in the first database, which is executed at this time, and if the acquired data transmission size is not greater than the third index threshold, it indicates that the data transmission process is normal, it may continue to execute the step of acquiring the data characteristic of the original data in the first database, which is executed at this time.
In one possible implementation, the third data indicator includes a data transmission frequency during the process of obtaining the data characteristic of the raw data in the first database. Similarly, in the process of acquiring the data characteristics, the computer device may monitor the data characteristic acquiring process through another computer program, acquire the data transmission frequency in the process, and if the acquired data transmission frequency is greater than the third index threshold, it indicates that the data transmission process is abnormal, stop the step of acquiring the data characteristics of the original data in the first database, which is executed at this time. If the acquired data transmission frequency is not greater than the third index threshold, which indicates that the data transmission process is normal, the step of acquiring the data characteristics of the original data in the first database, which is executed at this time, may be continuously executed.
In one possible implementation manner, the third data index includes a data transmission size and a data transmission frequency in the process of acquiring the data characteristics of the original data in the first database. Similarly, in the process of acquiring the data characteristic, the computer device may monitor the data characteristic acquiring process through another computer program, acquire the data transmission size and the data transmission frequency in the process, and compare the acquired data transmission size and data transmission frequency with a third indicator threshold (at this time, the third indicator threshold may include two sub-thresholds respectively used for determining the data transmission size and data transmission frequency acquired this time), if any one of the data transmission size and the data transmission frequency is greater than the third indicator threshold, it indicates that the data transmission process is abnormal, and stop the step of acquiring the data characteristic of the original data in the first database executed at this time. In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
Step 302, calculating a first gradient of the raw data according to the raw data and the data characteristics of the raw data.
Optionally, after the data feature of the raw data is obtained, the first gradient of the raw data is calculated according to the obtained data feature of the raw data and the raw data. For example, taking table 1 as an example, after the data features are screened, the data features that may be obtained by the computer device have a variable one and a variable three, and the computer device may calculate the first gradient of each sample according to each sample corresponding to the two data features and each sample.
And 303, performing local difference privacy LDP processing on the first gradient to obtain a first target gradient.
That is, by performing LDP processing on the first gradient obtained for each sample, a processed first gradient (also a first target gradient) is obtained.
In a possible implementation manner, the above manner of obtaining the first target gradient may be as follows, by obtaining a perturbation function, and bringing the first gradient into the perturbation function, so as to obtain the first target gradient. Wherein the perturbation function is used for performing noise adding processing on the first gradient. That is, before the computer device performs LDP processing on the first gradient, a perturbation function that needs to be used in the LDP processing process may be obtained, and the LDP processing may be performed on the first gradient through the perturbation function.
Optionally, the perturbation function may be preset by a developer, and when the perturbation function needs to be used, the perturbation function may be directly obtained from a stored location.
Alternatively, the perturbation function may be obtained by a privacy budget value. In one possible implementation, the perturbation function may be obtained as follows: obtaining a privacy budget value, wherein the privacy budget value is used for indicating the degree of adding noise to the first gradient; constructing a target formula according to the privacy budget value; acquiring a first function which accords with a target formula from a preset function list; the first function is taken as a perturbation function.
The privacy budget value is inversely proportional to the noise adding degree of the first gradient in the scheme, that is, the smaller the privacy budget value is, the greater the noise adding degree of the first gradient is, and the greater the noise added on the first gradient is. In addition, each disturbance function stored in advance may be included in the preset function list.
Alternatively, the privacy budget value may be preset by a developer. For example, the privacy budget value is preset as E, and in the process of obtaining the perturbation function, the privacy budget value E is obtained first, and the target formula is constructed through the privacy budget value. Alternatively, the target formula may be as follows:
Figure BDA0002811955310000111
wherein F represents a perturbation function, giDenotes the first gradient, g, of a samplei+1Denotes a first gradient of another sample, P denotes a probability, and x denotes any one value of 0 to 1.
As shown in the above formula [ 1], after obtaining the privacy budget value, the computer device may construct according to the above formula [ 1], and bring each function in the preset function list into the formula [ 1], determine a function that meets the formula [ 1], select a function from the functions that meet the formula as a perturbation function, and then add noise to the first gradient. Alternatively, the perturbation function may be randomly selected or sequentially selected, and is not limited herein.
In one possible implementation, the perturbation function has a unique corresponding relationship with the privacy budget value. For example, the first database or the computer device further stores a corresponding relationship table between the perturbation function and the privacy budget value, and after the privacy budget value is obtained, the computer device may further obtain the perturbation function corresponding to the privacy budget value by querying the corresponding relationship table. For example, please refer to table 2, which shows a table of correspondence between privacy budget values and perturbation functions according to an exemplary embodiment of the present application.
TABLE 2
PrivacyBudget value Disturbance function
E1 F1
E2 F2
E3 F3
…… ……
As shown in Table 2, if the computer device obtains the privacy budget value E in the above-mentioned manner2Then, the computer device may obtain the privacy budget value E according to the correspondence relationship in table 2 above2Corresponding disturbance function F2
Optionally, the privacy budget value may also be determined according to a privacy level. For example, the computer device may obtain the privacy budget value by obtaining a privacy level and based on the privacy level. Wherein the privacy level is used to indicate a degree of privacy of the raw data in the first database. In practical application, the data stored in the databases may correspond to their own security degrees, and the higher the security degree of one database is, the more important the data of the database is, the more unavailable the data can be acquired by other attackers. Optionally, the privacy level may be set in the database in advance by a developer, and the computer device may obtain the privacy budget value corresponding to the privacy level by obtaining the privacy level.
For example, the first database or the computer device further stores a correspondence table between the privacy level and the privacy budget value, and after the privacy level is obtained, the computer device may further obtain the privacy budget value corresponding to the privacy level by querying the correspondence table. For example, please refer to table 3, which illustrates a table of correspondence between privacy levels and privacy budget values according to an exemplary embodiment of the present application.
TABLE 3
Privacy level Privacy budget value
Level one E1
Class two E2
Level three E3
…… ……
As shown in table 3, if the obtained privacy level of the computer device is level two, the computer device may obtain the privacy budget value E corresponding to the privacy level two according to the correspondence relationship in table 32
In a possible implementation manner, the privacy budget value can be determined jointly according to the privacy level and the output level. Optionally, when the computer device obtains the privacy level, an output level may also be obtained, where the output level is used to indicate a credibility of an output result of the machine learning model; and acquiring a privacy precalculated value according to the privacy level and the output level.
The output level may also be regarded as a training effect of the joint model in the joint modeling process, and optionally, the output level may be preset by a developer. The higher the output level is, the better the requirement on the training effect of the combined model in the combined modeling process is, and the lower the output level is, the lower the requirement on the training effect of the combined model in the combined modeling process is. The noise added to the first gradient may be relatively greater for lower output levels and relatively less for higher output levels.
In a possible implementation manner, the first database or the computer device further stores a correspondence table between the output level, the privacy level, and the privacy budget value, and after the output level and the privacy level are obtained, the computer device may further obtain the privacy budget value corresponding to the output level and the privacy level by querying the correspondence table. For example, please refer to table 4, which shows a table of correspondence between output levels, privacy levels and privacy budget values according to an exemplary embodiment of the present application.
TABLE 4
Output level Privacy level Privacy budget value
Level one Level one E1
Level one Class two E2
Class two Level three E3
…… …… ……
As shown in table 4, if the computer device obtains the first output level and the second privacy level, the computer device may obtain the privacy budget values E corresponding to the first output level and the second privacy level according to the corresponding relationship in table 32
Optionally, during the process of obtaining the first target gradient, a second data indicator may be obtained through another program instruction in the computer device, where the second data indicator includes one or more of a data transmission size, a data transmission rate, and a data storage size during the process of obtaining the first target gradient; in response to the second data indicator being greater than the second indicator threshold, suspending the currently executing step. Wherein the data storage size is used to indicate a memory change to store the first target gradient. In addition, the present application may continue to perform the currently performed step in response to the second data indicator not being greater than the second indicator threshold.
In a possible implementation manner, when the second data indicator includes the data transmission size in the process of obtaining the first target gradient, the execution details of the second data indicator are similar to those of the third data indicator including the data transmission size in the process of obtaining the data characteristics of the original data in the first database, and are not repeated here. Optionally, when the second data index includes the data transmission frequency in the process of obtaining the first target gradient, the execution details of the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not described herein again. Optionally, when the second data index includes the data transmission frequency and the data transmission size in the process of obtaining the first target gradient, the second data index is similar to the third data index including the execution details of the data transmission frequency and the data transmission size in the process of obtaining the data characteristics of the original data in the first database, and details thereof are not repeated here.
In one possible implementation manner, the third data index includes a data transmission size, a data transmission frequency, and a data storage size in the process of acquiring the data characteristics of the original data in the first database. Similarly, in the process of acquiring the data characteristics, the computer device may monitor an acquisition process of the first target gradient through another computer program, acquire a data transmission size, a data transmission frequency, and a data storage size in the process, compare the acquired data transmission size, data transmission frequency, and data storage size with a second index threshold (at this time, the second index threshold may include three sub-thresholds respectively used for determining the data transmission size, data transmission frequency, and data storage size acquired this time), and if any one of the data transmission size, data transmission frequency, and data storage size is greater than the second index threshold, indicate that the data transmission process is abnormal, stop the step of acquiring the first target gradient executed at this time. If the data transmission size, the data transmission frequency and the data storage size are not larger than the second index threshold, the data transmission process is normal, and the step of obtaining the first target gradient executed at the moment can be continuously executed.
In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
And 304, acquiring a second target gradient, wherein the second target gradient is obtained after LDP processing is performed on the second gradient of the original data of the second database.
The second target gradient may be obtained by the computer device (another computer device) corresponding to the second database in the second database according to the manner of obtaining the first target gradient in steps 301 to 303, and then the finally obtained second target gradient is sent, so that the computer device obtaining the first target gradient also obtains the second target gradient. Optionally, the second target gradient may be sent by the another computer device actively, or may be sent by the another computer device by receiving a gradient obtaining request sent by the computer device obtaining the first target gradient in this application, and responding to the gradient obtaining request, which is not limited in this application.
In a possible implementation manner, in the process of obtaining the second target gradient, the embodiment of the present application may further obtain, through another instruction of the computer device, a first data indicator, where the first data indicator includes one or more of a data transmission size and a data transmission frequency in the process of receiving the second target gradient; and in response to the first data indicator being greater than the first indicator threshold, suspending the currently executing step. Accordingly, the present application may continue to perform the currently performed steps in response to the first data indicator not being greater than the first indicator threshold.
In a possible implementation manner, when the first data index includes the data transmission size in the process of obtaining the second target gradient, the execution details of the data transmission size in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not repeated here. Optionally, when the first data index includes the data transmission frequency in the process of obtaining the second target gradient, the execution details of the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not described herein again. Optionally, when the first data index includes the data transmission size and the data transmission frequency in the process of obtaining the second target gradient, the execution details of the data transmission size and the data transmission frequency in the process of obtaining the data characteristics of the original data in the first database are similar to those of the third data index, and are not repeated here. That is to say, the computer device may monitor the data transmission size or the data transmission frequency received by itself in the process of the second target gradient sent by another computer device, and when the data index in the process is found to be not in accordance with the index threshold, stop the step of obtaining the second target gradient executed at this time.
In a possible implementation manner, when the computer device includes a display module (for example, a display screen), when the currently executed step is stopped, an error message may be displayed in the display module, so as to prompt the data exception.
Step 305, calculating a target parameter according to the first target gradient and the second target gradient.
After the first target gradient and the second target gradient are obtained, the computer device can calculate the target parameter through the first target gradient and the second target gradient.
Optionally, the computer device splices according to the first target gradient and the second target gradient to obtain a splicing gradient; and calculating target parameters according to the original parameters and the splicing gradient, wherein the original parameters are default parameters of the parameters to be determined in the process of training the machine learning model.
Optionally, the first target gradient corresponding to each sample (k) in the first database obtained by the computer device may be as follows: g1, g2, g3, … … gk, the computer device may obtain the first target gradient for each sample (n-k) in the second database as follows: gk +1, gk +2, g k +3, … … gn, which the computer device can splice the first target gradient and the second target gradient, the spliced gradient J ([ g1], [ g2], [ g3], … … [ gk ]) · ([ gk +1], [ gk +2], [ g k +3], … … [ gn ]);
wherein "·" denotes a splice (splice).
And after the splicing gradient is calculated, the computer equipment calculates the target parameter according to the original parameter and the splicing gradient. For example, the calculation formula for calculating the target parameter is as follows: theta1=θ0- α J; wherein, theta1Representing a target parameter, theta0Denotes a default parameter, alpha is a learning rate of the machine learning model, theta0May be preset by a developer.
And the computer equipment brings the obtained splicing gradient into the calculation formula, so that a primary target parameter is calculated, the parameter to be determined in the machine learning model can be updated, and iterative training of the model is realized. Optionally, for a first gradient of each sample in the first database and a second gradient of each sample in the second database, the computer device may also iterate one target parameter each time, for example, the first database includes original data of a sample one and a sample two, the second database includes original data of a sample three and a sample four, the first gradient of the sample one is obtained through the first calculation and a corresponding first target gradient is obtained, and the second target gradient of the sample three is obtained, the computer device may calculate one target parameter through the two target gradients, update a parameter to be determined in the machine learning model, obtain the first gradient of the sample two and a corresponding first target gradient during a subsequent second iteration, and obtain the second target gradient of the sample four, the computer device may calculate the target parameter again through the two target gradients, and continuing to determine parameter parameters to be determined in the machine learning model until the set iteration times are reached.
Optionally, in the process of performing the model parameter obtaining, a response index may be further obtained, where the response index includes one or more of output data and a target memory variable during the process of performing the model parameter obtaining method, and the target memory is used for storing the output data; and in response to the response index exceeding the preset index range, suspending the currently executed step. Accordingly, the present application may continue to perform the currently performed step when the first data indicator is not greater than the first indicator threshold.
Optionally, through the whole joint modeling process, the output data and the corresponding target memory variation of each small module in the process may be acquired by the computer device, and when the output data is incorrect or the corresponding target memory variation is incorrect (exceeds a preset index range), an error may be considered to occur in the joint modeling process, so that the current step is suspended. When the output data or the corresponding target memory variation is within the preset index range, the combined modeling process can be considered to be normal, and the current step is continuously executed. For example, in the selection process of the data characteristics, or in the process of calculating the first gradient of the data, similarly to the above-described obtaining of the first data index, the second data index, the third data index, and the like, the computer device determines whether an error occurs in the joint model process by obtaining an output result or a target memory variation in the process, and stops operating in time.
Optionally, when the computer device includes a display module (for example, a display screen), the error information may be displayed in the display module when the currently executed step is stopped, so as to prompt the data abnormality.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
In addition, when the corresponding privacy budget value is determined through the output level and the privacy level, the performance effect of the created combined model can be flexibly lost, the efficiency of combined modeling is improved, and the selectivity of a disturbance function is expanded.
In addition, in each step process, monitoring such as a first data index, a second data index, a third data index and a response index is added, so that the safety of data in the process of training the model can be further improved, and the problem of data leakage is prevented.
Referring to fig. 4, a schematic structural diagram of an a mechanism according to an exemplary embodiment of the present application is shown. Alternatively, the a institution may be a background service system of an insurance company, a bank, and the like, and as shown in fig. 4, the a institution 400 may include a feature screening module 401 and a federal modeling module 402.
The feature screening module 401 may perform feature screening from original data stored in the system, and transmit the screened data features to the federal modeling module 402 through a one-way port, where the process includes monitoring of data transmission size and/or data transmission frequency, so as to improve data security, and the steps executed by the module may refer to the content of step 301 in the embodiment in fig. 3, which is not described herein again.
The federal modeling module 402 may receive the data characteristics sent by the characteristic screening module 401, so as to obtain the data characteristics of the original data in the database, and perform federal modeling. The federal modeling module 402 may also include monitoring of data transmission size and/or data transmission frequency and/or memory variation, so as to improve data security, and the steps executed by the module may refer to the contents of step 302 to step 305 in the embodiment of fig. 3, which are not described herein again.
It should be noted that in the prior art, federal modeling module 402 typically employs a federal artificial intelligence Technology Enabler (FATE) framework that integrates various machine learning algorithms, such as a logistic regression algorithm, a boosting algorithm, a deep learning algorithm, and the like. In addition, in order to achieve lossless training, a homomorphic encryption algorithm is generally used for encrypting and then mutually transmitting training gradients of the model, so that data leakage risks are caused. And the LDP module is used for carrying out LDP processing on the acquired gradient.
The embodiment shown in fig. 2 and 3 will be described below by way of example with the a mechanism as the master and the B mechanism as the slave. Referring to fig. 5, a flowchart of a method for obtaining model parameters according to an exemplary embodiment of the present application is shown. The method can be applied to the scenario shown in fig. 1, and executed by a computer device therein, as shown in fig. 5, the model parameter obtaining method can include the following steps.
Step 501, the A organization screens out the data characteristics of the original data in the database of the A organization through a characteristic screening module.
And 502, sending the screened data characteristics to a federal modeling module by the A mechanism through a characteristic screening module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency.
At step 503, agency A calculates a first target gradient via the federal modeling module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
In step 504, the B organization screens out the data characteristics of the original data in the database of the B organization through the characteristic screening module.
And 505, sending the screened data characteristics to a federal modeling module by the B organization through a characteristic screening module.
In step 506, the agency B sends the calculated second target gradient to the agency a through the federal modeling module.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
Accordingly, the A mechanism receives the second target gradient sent by the B mechanism.
Optionally, the process may include monitoring the data transmission size and/or the data transmission frequency and/or the memory variation.
And 507, performing combined modeling by the organization A through a federal modeling module.
Optionally, the implementation manner of obtaining the first target gradient by the mechanism a may refer to the description of obtaining the first target gradient in the embodiment of fig. 3, and details are not repeated here. The structure of the mechanism B is the same as that of the mechanism A, and the implementation modes of the mechanism B and the mechanism A are the same.
It should be noted that the embodiment of the present application is not limited to joint modeling between two mechanisms, and in actual implementation, joint modeling between three or more mechanisms may also adopt the method provided by the present application, and details are not described here.
In summary, in the present application, a first gradient of the original data in the first database of the mechanism a is obtained; and carrying out local difference privacy LDP processing on the first gradient to obtain a first target gradient, obtaining a second target gradient calculated in the mechanism B, and calculating a target parameter according to the first target gradient and the second target gradient, wherein the target parameter is a parameter to be determined for training a machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database of the mechanism A, the second target gradient is obtained by performing LDP processing on the second gradient of the original data in the second database of the mechanism B through the mechanism B, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient and the second target gradient, and because the first gradient and the second gradient are disturbed through the LDP, the differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the databases of the mechanism A and the mechanism B is reduced, and the safety of data in the combined modeling process is improved.
The following are embodiments of the apparatus of the present application that may be used to perform embodiments of the method of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of the present application.
Referring to fig. 6, a block diagram of a model parameter obtaining apparatus according to an exemplary embodiment of the present application is shown. The model parameter acquiring apparatus 600 may be used in the computer device to execute all or part of the steps executed by the camera module in the method provided by the embodiment shown in fig. 2, fig. 3, or fig. 5. The model parameter obtaining device 600 may include the following modules:
an obtaining module 601, configured to obtain a first gradient of original data in a first database; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient;
and the processing module 602 is configured to calculate a target parameter according to the first target gradient, where the target parameter is a parameter to be determined for training the machine learning model.
Optionally, the obtaining module 601 is configured to,
acquiring a disturbance function, wherein the disturbance function is used for carrying out noise adding processing on the first gradient;
and substituting the first gradient into the disturbance function to obtain a first target gradient.
Optionally, the obtaining module 601 is specifically configured to,
obtaining a privacy budget value, wherein the privacy budget value is used for indicating the degree of adding noise to the first gradient;
constructing a target formula according to the privacy budget value;
acquiring a first function which accords with a target formula from a preset function list;
the first function is taken as a perturbation function.
Optionally, the obtaining module 601 is specifically configured to,
acquiring a privacy level, wherein the privacy level is used for indicating the privacy degree of original data in a first database;
and acquiring a privacy budget value according to the privacy level.
Optionally, the obtaining module 601 is further configured to,
acquiring an output level, wherein the output level is used for indicating the credibility of an output result of the machine learning model;
the obtaining module 601 is specifically configured to obtain the privacy budget value according to the privacy level and the output level.
Optionally, the machine learning model is a longitudinal federal learning model, and the obtaining module 601 is further configured to,
before the processing module 602 calculates the target parameter according to the first target gradient, a second target gradient is obtained after performing LDP processing on a second gradient of the original data of the second database;
a processing module 602 for, in response to the request,
and calculating the target parameter according to the first target gradient and the second target gradient.
Optionally, the processing module 602 is specifically configured to:
splicing according to the first target gradient and the second target gradient to obtain a splicing gradient;
and calculating target parameters according to the original parameters and the splicing gradient, wherein the original parameters are default parameters of the parameters to be determined in the process of training the machine learning model.
Optionally, the obtaining module 601 is further configured to,
acquiring a first data index, wherein the first data index comprises one or more items of data transmission size and data transmission frequency in the process of receiving the second target gradient;
in response to the first data indicator being greater than the first indicator threshold, suspending the currently executing step.
Optionally, the obtaining module 601 is further configured to,
before the processing module 602 calculates the target parameter according to the first target gradient, obtaining a second data indicator, where the second data indicator includes one or more of a data transmission size, a data transmission rate, and a data storage size in the process of obtaining the first target gradient;
in response to the second data indicator being greater than the second indicator threshold, suspending the currently executing step.
Optionally, the obtaining module 601 is specifically configured to,
acquiring data characteristics of original data in a first database;
the processing module 602 is further configured to calculate a first gradient of the raw data according to the raw data and the data characteristics of the raw data.
Optionally, the obtaining module 601 is specifically configured to,
acquiring respective mathematical indexes of each data characteristic corresponding to the original data according to the original data in the first database; the mathematical index is one or more of missing value, variance and standard deviation;
the processing module 602 is configured to filter each data feature according to the mathematical index, and obtain a data feature of the original data in the first database.
Optionally, the data transmission port for acquiring the data characteristics of the original data in the first database is a unidirectional transmission port;
the obtaining module 601 is further configured to,
before screening each data characteristic according to the mathematical index and acquiring the data characteristic of the original data in the first database, acquiring a third data index, wherein the third data index comprises one or more items of data transmission size and data transmission frequency in the process of acquiring the data characteristic of the original data in the first database;
the processing module 602 is further configured to suspend the currently executed step in response to the third data indicator being greater than the third indicator threshold.
Optionally, the mathematical index includes a missing value and a variance;
an obtaining module 601, configured to specifically remove data features of which missing values are greater than a first target threshold and variances are smaller than a second target threshold from each data feature;
and acquiring the data characteristics of the original data in the first database.
Optionally, the obtaining module 601 is further configured to,
acquiring a response index, wherein the response index comprises one or more items of output data and target memory variable quantity in the process of executing the model parameter acquisition method, and the target memory is used for storing the output data;
the processing module 602 is further configured to suspend the currently executed step in response to the response index exceeding the preset index range.
In summary, in the present application, a first gradient of original data in a first database is obtained; performing local difference privacy LDP processing on the first gradient to obtain a first target gradient; and calculating target parameters according to the first target gradient, wherein the target parameters are parameters to be determined for training the machine learning model. According to the method and the device, the first target gradient is obtained by performing LDP processing on the first gradient of the original data in the first database, the parameter to be determined in the machine learning model is calculated by utilizing the first target gradient, and the first gradient is disturbed by the LDP, so that differential attack initiated by a background knowledge attacker with the machine learning model is avoided, the risk of data leakage in the database is reduced, and the safety of the data in the modeling process is improved.
Fig. 7 is a schematic structural diagram of a computer device according to an exemplary embodiment of the present application. As shown in fig. 7, the computer device 700 includes a Central Processing Unit (CPU) 701, a system Memory 704 including a Random Access Memory (RAM) 702 and a Read Only Memory (ROM) 703, and a system bus 705 connecting the system Memory 704 and the CPU 701. The computer device 700 also includes a basic Input/Output System (I/O) 708 for facilitating information transfer between devices within the computer, and a mass storage device 707 for storing an operating System 712, application programs 713, and other program modules 714.
The basic input/output system 706 comprises a display 708 for displaying information and an input device 709, such as a mouse, keyboard, etc., for a user to input information. Wherein the display 708 and input device 709 are connected to the central processing unit 701 through an input output controller 710 coupled to the system bus 705. The basic input/output system 706 may also include an input/output controller 710 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input-output controller 710 may also provide output to a display screen, a printer, or other type of output device.
The mass storage device 707 is connected to the central processing unit 701 through a mass storage controller (not shown) connected to the system bus 705. The mass storage device 707 and its associated computer-readable media provide non-volatile storage for the computer device 700. That is, the mass storage device 707 may include a computer-readable medium (not shown) such as a hard disk or a CD-ROM (Compact disk Read-Only Memory) drive.
The computer readable media may include computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM (Erasable Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read-Only Memory), flash Memory or other solid state Memory technology, CD-ROM, DVD (Digital Video Disc) or other optical, magnetic, tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage media is not limited to the foregoing. The system memory 704 and mass storage device 707 described above may be collectively referred to as memory.
The computer device 700 may be connected to the internet or other network devices through a network interface unit 711 connected to the system bus 705.
The memory further includes one or more programs, the one or more programs are stored in the memory, and the central processing unit 701 implements all or part of the steps performed by the computer device in the methods provided by the above embodiments of the present application by executing the one or more programs.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., Digital Video Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It should be noted that: in the model parameter obtaining method provided in the foregoing embodiment, the steps executed by the pixel module and the terminal are only illustrated in the foregoing embodiments, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable storage medium. Computer-readable storage media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above description is only exemplary of the present application and should not be taken as limiting, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (17)

1.一种模型参数获取方法,其特征在于,所述方法包括:1. a model parameter acquisition method, is characterized in that, described method comprises: 获取第一数据库中的原始数据的第一梯度;obtaining the first gradient of the original data in the first database; 对所述第一梯度进行局部差分隐私LDP处理,获取第一目标梯度;performing local differential privacy LDP processing on the first gradient to obtain a first target gradient; 根据所述第一目标梯度,计算目标参数,所述目标参数是训练机器学习模型的待确定参数。According to the first target gradient, a target parameter is calculated, and the target parameter is a parameter to be determined for training a machine learning model. 2.根据权利要求1所述的模型参数获取方法,其特征在于,所述对所述第一梯度进行LDP处理,获取第一目标梯度,包括:2. The method for obtaining model parameters according to claim 1, wherein the LDP processing is performed on the first gradient to obtain the first target gradient, comprising: 获取扰动函数,所述扰动函数用于对所述第一梯度进行加噪处理;obtaining a perturbation function, where the perturbation function is used to perform noise processing on the first gradient; 将所述第一梯度带入所述扰动函数,获取所述第一目标梯度。The first gradient is brought into the perturbation function to obtain the first target gradient. 3.根据权利要求2所述的模型参数获取方法,其特征在于,所述获取扰动函数,包括:3. The method for obtaining model parameters according to claim 2, wherein the obtaining perturbation function comprises: 获取隐私预算值,所述隐私预算值用于指示对所述第一梯度加噪的程度;obtaining a privacy budget value, where the privacy budget value is used to indicate the degree of noise added to the first gradient; 根据所述隐私预算值构建目标公式;constructing a target formula based on the privacy budget value; 从预设函数列表中获取符合所述目标公式的第一函数;Obtain the first function that conforms to the target formula from the preset function list; 将所述第一函数作为所述扰动函数。The first function is used as the perturbation function. 4.根据权利要求3所述的模型参数获取方法,其特征在于,所述获取隐私预算值,包括:4. The method for obtaining model parameters according to claim 3, wherein the obtaining a privacy budget value comprises: 获取隐私级别,所述隐私级别用于指示所述第一数据库中的原始数据的保密程度;obtaining a privacy level, where the privacy level is used to indicate the degree of confidentiality of the original data in the first database; 根据所述隐私级别,获取所述隐私预算值。The privacy budget value is obtained according to the privacy level. 5.根据权利要求4所述的模型参数获取方法,其特征在于,所述方法还包括:5. The method for obtaining model parameters according to claim 4, wherein the method further comprises: 获取输出级别,所述输出级别用于指示所述机器学习模型的输出结果的可信程度;obtaining an output level, where the output level is used to indicate the reliability of the output result of the machine learning model; 所述根据所述隐私级别,获取所述隐私预算值,包括:The obtaining the privacy budget value according to the privacy level includes: 根据所述隐私级别以及所述输出级别,获取所述隐私预算值。The privacy budget value is obtained according to the privacy level and the output level. 6.根据权利要求1所述的模型参数获取方法,其特征在于,所述机器学习模型是纵向联邦学习模型,在所述根据所述第一目标梯度,计算目标参数之前,还包括:6. The method for obtaining model parameters according to claim 1, wherein the machine learning model is a longitudinal federated learning model, and before calculating the target parameters according to the first target gradient, further comprising: 获取第二目标梯度,所述第二目标梯度是第二数据库的原始数据的第二梯度进行LDP处理后得到的;Obtaining a second target gradient, the second target gradient is obtained after the second gradient of the original data of the second database is processed by LDP; 所述根据所述第一目标梯度,计算目标参数,包括:The calculating target parameters according to the first target gradient includes: 根据所述第一目标梯度以及所述第二目标梯度,计算所述目标参数。The target parameter is calculated according to the first target gradient and the second target gradient. 7.根据权利要求6所述的模型参数获取方法,其特征在于,所述根据所述第一目标梯度以及所述第二目标梯度,计算所述目标参数,包括:7. The method for obtaining model parameters according to claim 6, wherein the calculating the target parameter according to the first target gradient and the second target gradient comprises: 将根据所述第一目标梯度以及所述第二目标梯度拼接,获取拼接梯度;The splicing gradient will be acquired according to the splicing of the first target gradient and the second target gradient; 根据原始参数以及所述拼接梯度,计算所述目标参数,所述原始参数是训练所述机器学习模型过程中所述待确定参数的默认参数。The target parameter is calculated according to the original parameter and the splicing gradient, and the original parameter is the default parameter of the parameter to be determined in the process of training the machine learning model. 8.根据权利要求6所述的模型参数获取方法,其特征在于,所述方法还包括:8. The method for obtaining model parameters according to claim 6, wherein the method further comprises: 获取第一数据指标,所述第一数据指标包含接收所述第二目标梯度过程中数据传输大小以及数据传输频率中的一项或者多项;acquiring a first data indicator, where the first data indicator includes one or more of the data transmission size and the data transmission frequency in the process of receiving the second target gradient; 响应于所述第一数据指标大于第一指标阈值,暂停当前执行的步骤。In response to the first data indicator being greater than the first indicator threshold, currently executing steps are suspended. 9.根据权利要求1所述的模型参数获取方法,其特征在于,在所述根据所述第一目标梯度,计算目标参数之前,还包括:9 . The method for obtaining model parameters according to claim 1 , wherein, before calculating the target parameter according to the first target gradient, the method further comprises: 10 . 获取第二数据指标,所述第二数据指标包含获取所述第一目标梯度过程中数据传输大小、数据传输速率以及数据存储大小中的一项或者多项;acquiring a second data indicator, where the second data indicator includes one or more of the data transmission size, data transmission rate, and data storage size in the process of acquiring the first target gradient; 响应于所述第二数据指标大于第二指标阈值,暂停当前执行的步骤。In response to the second data indicator being greater than the second indicator threshold, currently executing steps are suspended. 10.根据权利要求1所述的模型参数获取方法,其特征在于,所述获取第一数据库中的原始数据的第一梯度,包括:10. The method for obtaining model parameters according to claim 1, wherein the obtaining the first gradient of the original data in the first database comprises: 获取所述第一数据库中原始数据的数据特征;acquiring data features of the original data in the first database; 根据所述原始数据以及所述原始数据的数据特征,计算所述原始数据的第一梯度。Calculate the first gradient of the raw data according to the raw data and the data characteristics of the raw data. 11.根据权利要求10所述的模型参数获取方法,其特征在于,所述获取第一数据库中原始数据的数据特征,包括:11. The method for obtaining model parameters according to claim 10, wherein the obtaining the data features of the original data in the first database comprises: 根据所述第一数据库中的原始数据,获取所述原始数据对应的各个数据特征各自的数学指标,所述数学指标是缺失值、方差、标准差中的一项或者多项;According to the original data in the first database, obtain the respective mathematical indicators of each data feature corresponding to the raw data, where the mathematical indicators are one or more of missing values, variance, and standard deviation; 根据所述数学指标对所述各个数据特征进行筛选,获取所述第一数据库中原始数据的数据特征。The respective data features are screened according to the mathematical index, and the data features of the original data in the first database are obtained. 12.根据权利要求10所述的模型参数获取方法,其特征在于,所述获取所述第一数据库中原始数据的数据特征的数据传输端口为单向传输端口;12. The model parameter acquisition method according to claim 10, wherein the data transmission port for acquiring the data characteristics of the original data in the first database is a one-way transmission port; 在所述根据所述数学指标对所述各个数据特征进行筛选,获取所述第一数据库中原始数据的数据特征之前,所述方法还包括:Before the screening of the respective data features according to the mathematical index and the acquisition of the data features of the original data in the first database, the method further includes: 获取第三数据指标,所述第三数据指标包含获取所述第一数据库中原始数据的数据特征过程中数据传输大小以及数据传输频率中的一项或者多项;acquiring a third data indicator, where the third data indicator includes one or more of the data transmission size and data transmission frequency in the process of acquiring the data characteristics of the original data in the first database; 响应于所述第三数据指标大于第三指标阈值,暂停当前执行的步骤。In response to the third data indicator being greater than the third indicator threshold, currently executing steps are suspended. 13.根据权利要求11所述的模型参数获取方法,其特征在于,所述数学指标包括缺失值以及方差;13. The method for obtaining model parameters according to claim 11, wherein the mathematical index comprises missing values and variance; 所述根据所述数学指标对所述各个数据特征进行筛选,获取所述第一数据库中原始数据的数据特征,包括:The filtering of the various data features according to the mathematical indicators, and the acquisition of the data features of the original data in the first database, includes: 获取所述各个数据特征中缺失值小于第一目标阈值,且方差大于第二目标阈值的数据特征。Acquire data features whose missing values are smaller than the first target threshold and whose variance is greater than the second target threshold in the respective data features. 14.根据权利要求1-13任一所述的模型参数获取方法,其特征在于,所述方法还包括:14. The method for obtaining model parameters according to any one of claims 1-13, wherein the method further comprises: 获取响应指标,所述响应指标包含执行所述模型参数获取方法过程中的输出数据以及目标内存变化量中的一项或者多项,所述目标内存用于存储所述输出数据;Acquiring a response indicator, where the response indicator includes one or more of output data in the process of executing the model parameter acquisition method and a target memory change amount, where the target memory is used to store the output data; 响应于所述响应指标超出预设指标范围,暂停当前执行的步骤。In response to the response index being outside the preset index range, the currently executed step is suspended. 15.一种模型参数获取装置,其特征在于,所述装置包括:15. An apparatus for obtaining model parameters, wherein the apparatus comprises: 获取模块,用于获取第一数据库中的原始数据的第一梯度;对所述第一梯度进行局部差分隐私LDP处理,获取第一目标梯度;an acquisition module, configured to acquire the first gradient of the original data in the first database; perform local differential privacy LDP processing on the first gradient to acquire the first target gradient; 处理模块,用于根据所述第一目标梯度,计算目标参数,所述目标参数是训练机器学习模型的待确定参数。A processing module, configured to calculate a target parameter according to the first target gradient, where the target parameter is a parameter to be determined for training a machine learning model. 16.一种计算机设备,其特征在于,包括存储器及处理器,所述存储器中存储有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器实现如权利要求1至14任一所述的模型参数获取方法。16. A computer device, characterized in that it comprises a memory and a processor, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor is made to implement as claimed in claims 1 to 14 Any of the described model parameter acquisition methods. 17.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至14任一所述的模型参数获取方法。17. A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the method for obtaining model parameters according to any one of claims 1 to 14 is implemented.
CN202011399934.9A 2020-12-01 2020-12-01 Model parameter obtaining method and device, computer equipment and storage medium Pending CN112434323A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011399934.9A CN112434323A (en) 2020-12-01 2020-12-01 Model parameter obtaining method and device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011399934.9A CN112434323A (en) 2020-12-01 2020-12-01 Model parameter obtaining method and device, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN112434323A true CN112434323A (en) 2021-03-02

Family

ID=74692057

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011399934.9A Pending CN112434323A (en) 2020-12-01 2020-12-01 Model parameter obtaining method and device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112434323A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113836679A (en) * 2021-10-14 2021-12-24 国网湖南省电力有限公司 Method and device for identifying vulnerable line combinations in N-K attack mode
CN116679615A (en) * 2023-08-03 2023-09-01 中科航迈数控软件(深圳)有限公司 Optimization method and device of numerical control machining process, terminal equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330516A (en) * 2016-04-29 2017-11-07 腾讯科技(深圳)有限公司 Model parameter training method, apparatus and system
CN109684855A (en) * 2018-12-17 2019-04-26 电子科技大学 A kind of combined depth learning training method based on secret protection technology
CN110135185A (en) * 2018-02-08 2019-08-16 苹果公司 Privatized Machine Learning Using Generative Adversarial Networks
CN110222087A (en) * 2019-05-15 2019-09-10 平安科技(深圳)有限公司 Feature extracting method, device and computer readable storage medium
CN111723404A (en) * 2020-08-21 2020-09-29 支付宝(杭州)信息技术有限公司 Method and device for jointly training business model
CN111898682A (en) * 2020-07-31 2020-11-06 平安科技(深圳)有限公司 Method and device for correcting new model based on multiple source models and computer equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330516A (en) * 2016-04-29 2017-11-07 腾讯科技(深圳)有限公司 Model parameter training method, apparatus and system
CN110135185A (en) * 2018-02-08 2019-08-16 苹果公司 Privatized Machine Learning Using Generative Adversarial Networks
CN109684855A (en) * 2018-12-17 2019-04-26 电子科技大学 A kind of combined depth learning training method based on secret protection technology
CN110222087A (en) * 2019-05-15 2019-09-10 平安科技(深圳)有限公司 Feature extracting method, device and computer readable storage medium
CN111898682A (en) * 2020-07-31 2020-11-06 平安科技(深圳)有限公司 Method and device for correcting new model based on multiple source models and computer equipment
CN111723404A (en) * 2020-08-21 2020-09-29 支付宝(杭州)信息技术有限公司 Method and device for jointly training business model

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113836679A (en) * 2021-10-14 2021-12-24 国网湖南省电力有限公司 Method and device for identifying vulnerable line combinations in N-K attack mode
CN113836679B (en) * 2021-10-14 2024-02-23 国网湖南省电力有限公司 Method and device for identifying vulnerable line combination in N-K attack mode
CN116679615A (en) * 2023-08-03 2023-09-01 中科航迈数控软件(深圳)有限公司 Optimization method and device of numerical control machining process, terminal equipment and storage medium
CN116679615B (en) * 2023-08-03 2023-10-20 中科航迈数控软件(深圳)有限公司 Optimization method and device of numerical control machining process, terminal equipment and storage medium

Similar Documents

Publication Publication Date Title
US20230039182A1 (en) Method, apparatus, computer device, storage medium, and program product for processing data
US11087878B2 (en) Methods and systems for improving connections within a healthcare ecosystem
US11693634B2 (en) Building segment-specific executable program code for modeling outputs
WO2020220810A1 (en) Data fusion method and apparatus
US20140372434A1 (en) System and method for determining social connections based on experimental life sciences data
EP3391259A1 (en) Systems and methods for providing personalized prognostic profiles
US8370371B1 (en) Business constructs
US20180101657A1 (en) Medical risk factors evaluation
WO2021135449A1 (en) Deep reinforcement learning-based data classification method, apparatus, device, and medium
CN109684364A (en) The problem of being drawn a portrait based on user processing method, device, equipment and storage medium
CN114297475B (en) Object recommendation method, device, electronic device and storage medium
CN115579117A (en) A data capitalization system and method for medical data
CN112434323A (en) Model parameter obtaining method and device, computer equipment and storage medium
CN114650179A (en) Risk data monitoring method, device and system, electronic equipment and storage medium
CN119170228A (en) A method and device for allocating online medical consultation orders
CN115867978A (en) Method and apparatus for providing an intelligent medication alert platform
CN106815765A (en) A kind of asset allocation method and apparatus
CN117894437A (en) Integrated sharing method, device, equipment and storage medium for digital pathology data
US20240086923A1 (en) Entity profile for access control
CN115378624B (en) Knowledge graph construction method and device, electronic equipment and storage medium
US8356042B1 (en) Business constructs
CN114925608A (en) Intelligent data modeling method, device, equipment and medium
CN114844889A (en) Video processing model updating method and device, electronic equipment and storage medium
US20220130526A1 (en) ANNA (All Now Network Access)
US12033007B2 (en) Enforcing application programming interface limits in a document management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210302

RJ01 Rejection of invention patent application after publication