机器学习的隐私保护研究综述 Survey on Privacy-Preserving Machine Learning

3.机器学习的隐私保护研究综述
Survey on Privacy-Preserving Machine Learning

摘要：大规模数据收集大幅提升了机器学习算法的性能，实现了经济效益和社会效益的共赢，但也令个人隐私保护面临更大的风险与挑战.机器学习的训练模式主要分为集中学习和联邦学习2类，前者在模型训练前需统一收集各方数据，尽管易于部署，却存在极大数据隐私与安全隐患；后者实现了将各方数据保留在本地的同时进行模型训练，但该方式目前正处于研究的起步阶段，无论在技术还是部署中仍面临诸多问题与挑战.现有的隐私保护技术研究大致分为2条主线，即以同态加密和安全多方计算为代表的加密方法和以差分隐私为代表的扰动方法，二者各有利弊.为综述当前机器学习的隐私问题，并对现有隐私保护研究工作进行梳理和总结，首先分别针对传统机器学习和深度学习2类情况，探讨集中学习下差分隐私保护的算法设计；之后概述联邦学习中存在的隐私问题及保护方法；最后总结目前隐私保护中面临的主要挑战，并着重指出隐私保护与模型可解释性研究、数据透明之间的问题与联系.

关键词: 隐私保护, 差分隐私, 机器学习, 深度学习, 联邦学习

Abstract：Large-scale data collection has vastly improved the performance of machine learning, and achieved a win-win situation for both economic and social benefits, while personal privacy preservation is facing new and greater risks and crises. In this paper, we summarize the privacy issues in machine learning and the existing work on privacy-preserving machine learning. We respectively discuss two settings of the model training process—centralized learning and federated learning. The former needs to collect all the user data before training. Although this setting is easy to deploy, it still exists enormous privacy and security hidden troubles. The latter achieves that massive devices can collaborate to train a global model while keeping their data in local. As it is currently in the early stage of the study, it also has many problems to be solved. The existing work on privacy-preserving techniques can be concluded into two main clues—the encryption method including homomorphic encryption and secure multi-party computing and the perturbation method represented by differential privacy, each having its advantages and disadvantages. In this paper, we first focus on the design of differentially-private machine learning algorithm, especially under centralized setting, and discuss the differences between traditional machine learning models and deep learning models. Then, we summarize the problems existing in the current federated learning study. Finally, we propose the main challenges in the future work and point out the connection among privacy protection, model interpretation and data transparency.

Key words: privacy-preserving, differential privacy, machine learning, deep learning, federated learning

Survey:n.综述
crises-crisis的负数形式：n.危机
centralize：adj.集中的
deploy：v.部署
achieve：v.实现
device：n.设备
currently：adv.现在地
encryption：n.加密
homomorphic：n.同态
multi-party：n.多方
perturbation：n.扰乱
represent：v.代表
interpretation：n.解释
transparency：n.透明度