In recent years,the research field of data collection under local differential privacy(LDP)has expanded its focus fromelementary data types to includemore complex structural data,such as set-value and graph data.Howev...In recent years,the research field of data collection under local differential privacy(LDP)has expanded its focus fromelementary data types to includemore complex structural data,such as set-value and graph data.However,our comprehensive review of existing literature reveals that there needs to be more studies that engage with key-value data collection.Such studies would simultaneously collect the frequencies of keys and the mean of values associated with each key.Additionally,the allocation of the privacy budget between the frequencies of keys and the means of values for each key does not yield an optimal utility tradeoff.Recognizing the importance of obtaining accurate key frequencies and mean estimations for key-value data collection,this paper presents a novel framework:the Key-Strategy Framework forKey-ValueDataCollection under LDP.Initially,theKey-StrategyUnary Encoding(KS-UE)strategy is proposed within non-interactive frameworks for the purpose of privacy budget allocation to achieve precise key frequencies;subsequently,the Key-Strategy Generalized Randomized Response(KS-GRR)strategy is introduced for interactive frameworks to enhance the efficiency of collecting frequent keys through group-anditeration methods.Both strategies are adapted for scenarios in which users possess either a single or multiple key-value pairs.Theoretically,we demonstrate that the variance of KS-UE is lower than that of existing methods.These claims are substantiated through extensive experimental evaluation on real-world datasets,confirming the effectiveness and efficiency of the KS-UE and KS-GRR strategies.展开更多
Federated Learning(FL)is a new computing paradigm in privacy-preserving Machine Learning(ML),where the ML model is trained in a decentralized manner by the clients,preventing the server from directly accessing privacy...Federated Learning(FL)is a new computing paradigm in privacy-preserving Machine Learning(ML),where the ML model is trained in a decentralized manner by the clients,preventing the server from directly accessing privacy-sensitive data from the clients.Unfortunately,recent advances have shown potential risks for user-level privacy breaches under the cross-silo FL framework.In this paper,we propose addressing the issue by using a three-plane framework to secure the cross-silo FL,taking advantage of the Local Differential Privacy(LDP)mechanism.The key insight here is that LDP can provide strong data privacy protection while still retaining user data statistics to preserve its high utility.Experimental results on three real-world datasets demonstrate the effectiveness of our framework.展开更多
基于本地化差分隐私的多维分析查询(multi-dimensional analytical query,MDA)已得到了研究者的广泛关注.现有基于最优局部哈希(optimal local Hashing,OLH)机制与层次树结构的扰动方法存在泄露根结点隐私的风险.针对现有结合层次树结...基于本地化差分隐私的多维分析查询(multi-dimensional analytical query,MDA)已得到了研究者的广泛关注.现有基于最优局部哈希(optimal local Hashing,OLH)机制与层次树结构的扰动方法存在泄露根结点隐私的风险.针对现有结合层次树结构的本地扰动机制不足,提出了一种有效且满足本地化差分隐私的MDA查询算法H4MDA (hierarchical structure for MDA),该算法充分利用层次树的横向与纵向结构特征设计了3种基于用户分组策略的本地扰动算法HGRR,LGRR-FD,LGRR.算法HGRR结合层次树横向结构与GRR机制本地扰动用户元组数据,通过摈弃根结点组合来响应MDA查询.不同于HGRR,LGRR-FD算法利用层次树的纵向结构与GRR机制扰动本地数据,同时通过添加假数据来避免叶子结点的隐私泄露.LGRR算法通过摈弃叶子结点层纵向扰动本地数据.收集者结合LGRR的扰动结果利用局部一致性处理技术重构层次树最后两层,通过添加虚拟叶子结点来响应MDA查询,而虚拟叶子结点计数之和等于其父节点计数.HGRR,LGRR-FD,LGRR算法与现有扰动算法在3种数据集上实验结果表明,其响应MDA查询的精度优于同类算法.展开更多
尽管深度神经网络在很多任务上取得了良好的结果,但是它们对于微小的对抗扰动却很容易出现预测错误.然而在人体姿态估计的对抗攻击任务中,通常需要添加较大的扰动噪声才能攻击成功,这使得其不可察性变差;减少扰动噪声又会削弱攻击效果....尽管深度神经网络在很多任务上取得了良好的结果,但是它们对于微小的对抗扰动却很容易出现预测错误.然而在人体姿态估计的对抗攻击任务中,通常需要添加较大的扰动噪声才能攻击成功,这使得其不可察性变差;减少扰动噪声又会削弱攻击效果.为了克服该矛盾,提出一种面向人体姿态估计的两阶段局部对抗攻击方法.所提方法首先通过预攻击估计出扰动关键区域,然后利用不可察性约束在关键区域内生成扰动.方法不仅可以对人体姿态进行有效攻击,而且还能确保最终扰动区域具有低可察性.采用COCO2017作为对抗扰动实验数据集并使用PCK(percentage of correct keypoints)作为评价指标,比较在人体姿态估计模型中IGSM和C&W方法的攻击效果,其PCK降低值分别提高了15.4%与2.8%.实验结果表明所提方法在保证攻击的低可察的同时,能够取得较好的攻击效果.展开更多
Deep neural networks are vulnerable to attacks from adversarial inputs.Corresponding attack research on human pose estimation(HPE),particularly for body joint detection,has been largely unexplored.Transferring classif...Deep neural networks are vulnerable to attacks from adversarial inputs.Corresponding attack research on human pose estimation(HPE),particularly for body joint detection,has been largely unexplored.Transferring classification-based attack methods to body joint regression tasks is not straightforward.Another issue is that the attack effectiveness and imperceptibility contradict each other.To solve these issues,we propose local imperceptible attacks on HPE networks.In particular,we reformulate imperceptible attacks on body joint regression into a constrained maximum allowable attack.Furthermore,we approximate the solution using iterative gradient-based strength refinement and greedy-based pixel selection.Our method crafts effective perceptual adversarial attacks that consider both human perception and attack effectiveness.We conducted a series of imperceptible attacks against state-of-the-art HPE methods,including HigherHRNet,DEKR,and ViTPose.The experimental results demonstrate that the proposed method achieves excellent imperceptibility while maintaining attack effectiveness by significantly reducing the number of perturbed pixels.Approximately 4%of the pixels can achieve sufficient attacks on HPE.展开更多
This study considers an optimal investment and reinsurance problem involving a defaultable security for an insurer in an ambiguous environment.In other words,the insurer is ambiguous about the insurance claim that is ...This study considers an optimal investment and reinsurance problem involving a defaultable security for an insurer in an ambiguous environment.In other words,the insurer is ambiguous about the insurance claim that is exponentially distributed with an uncertain rate parameter.The insurer can purchase proportional reinsurance and invest its wealth in three assets:a risk-free asset,a risky asset,the price process of which satisfies the Heston local-stochastic volatility model,and a defaultable corporate bond.For the optimal investment–reinsurance objective with a smooth ambiguity utility proposed by Klibanoff,P.,Marinacci,M.,and Mukerji,S.[A smooth model of decision making under ambiguity,Econometrica,2005,73(6):1849-1892],the equilibrium strategy is introduced and the extended Hamilton–Jacobi–Bellman equation is established through a stochastic control approach.However,the analytical solution of the strategy under the Heston local-stochastic volatility model cannot be obtained because of the complicated nonlinearity of the partial differential equation.In this study,we employ a perturbation method to derive an asymptotic solution for the post-and pre-default cases.In addition,we present a sensitivity analysis to explain the impact of model parameters on the equilibrium investment–reinsurance strategy.展开更多
A recent method for assessing the local influence is introduced by Cook(1986), in which the normal curvature of the influence graph based on the likelihood displacement is used to monitor the influence of small pertur...A recent method for assessing the local influence is introduced by Cook(1986), in which the normal curvature of the influence graph based on the likelihood displacement is used to monitor the influence of small perturbation. Since then this method has been applied to various kind of models. However, the local influence in multivariate analysis is still an unexplored area because the influence for many statistics in multivariate analysis is not convenient to handle based on the Cook's likelihood displacement. In this paper, we suggest a method with a slight modification in Cook's approach to assess the local influence of small perturbation on a certain statistic. The local influence of the perturbation on eigenvalue and eigenvector of variance-covariance matrix in theoretical and sample version is assessed, some results for the other statistics in multivariate analysis such as generalized variance, canonical correlations are studied. Finally, two examples are analysed for illustration.展开更多
We propose a method based on the local breeding of growing modes(LBGM) considering strong local weather characteristics for convection-allowing ensemble forecasting. The impact radius was introduced in the breeding of...We propose a method based on the local breeding of growing modes(LBGM) considering strong local weather characteristics for convection-allowing ensemble forecasting. The impact radius was introduced in the breeding of growing modes to develop the LBGM method. In the local breeding process, the ratio between the root mean square error(RMSE) of local space forecast at each grid point and that of the initial full-field forecast is computed to rescale perturbations. Preliminary evaluations of the method based on a nature run were performed in terms of three aspects: perturbation structure, spread,and the RMSE of the forecast. The experimental results confirm that the local adaptability of perturbation schemes improves after rescaling by the LBGM method. For perturbation physical variables and some near-surface meteorological elements, the LBGM method could increase the spread and reduce the RMSE of forecast,improving the performance of the ensemble forecast system.In addition, different from those existing methods of global orthogonalization approach, this new initial-condition perturbation method takes into full consideration the local characteristics of the convective-scale weather system, thus making convectionallowing ensemble forecast more accurate.展开更多
基金supported by a grant fromthe National Key R&DProgram of China.
文摘In recent years,the research field of data collection under local differential privacy(LDP)has expanded its focus fromelementary data types to includemore complex structural data,such as set-value and graph data.However,our comprehensive review of existing literature reveals that there needs to be more studies that engage with key-value data collection.Such studies would simultaneously collect the frequencies of keys and the mean of values associated with each key.Additionally,the allocation of the privacy budget between the frequencies of keys and the means of values for each key does not yield an optimal utility tradeoff.Recognizing the importance of obtaining accurate key frequencies and mean estimations for key-value data collection,this paper presents a novel framework:the Key-Strategy Framework forKey-ValueDataCollection under LDP.Initially,theKey-StrategyUnary Encoding(KS-UE)strategy is proposed within non-interactive frameworks for the purpose of privacy budget allocation to achieve precise key frequencies;subsequently,the Key-Strategy Generalized Randomized Response(KS-GRR)strategy is introduced for interactive frameworks to enhance the efficiency of collecting frequent keys through group-anditeration methods.Both strategies are adapted for scenarios in which users possess either a single or multiple key-value pairs.Theoretically,we demonstrate that the variance of KS-UE is lower than that of existing methods.These claims are substantiated through extensive experimental evaluation on real-world datasets,confirming the effectiveness and efficiency of the KS-UE and KS-GRR strategies.
基金supported by the National Key R&D Program of China under Grant 2020YFB1806904by the National Natural Science Foundation of China under Grants 61872416,62171189,62172438 and 62071192+1 种基金by the Fundamental Research Funds for the Central Universities of China under Grant 2019kfyXJJS017,31732111303,31512111310by the special fund for Wuhan Yellow Crane Talents(Excellent Young Scholar).
文摘Federated Learning(FL)is a new computing paradigm in privacy-preserving Machine Learning(ML),where the ML model is trained in a decentralized manner by the clients,preventing the server from directly accessing privacy-sensitive data from the clients.Unfortunately,recent advances have shown potential risks for user-level privacy breaches under the cross-silo FL framework.In this paper,we propose addressing the issue by using a three-plane framework to secure the cross-silo FL,taking advantage of the Local Differential Privacy(LDP)mechanism.The key insight here is that LDP can provide strong data privacy protection while still retaining user data statistics to preserve its high utility.Experimental results on three real-world datasets demonstrate the effectiveness of our framework.
文摘基于本地化差分隐私的多维分析查询(multi-dimensional analytical query,MDA)已得到了研究者的广泛关注.现有基于最优局部哈希(optimal local Hashing,OLH)机制与层次树结构的扰动方法存在泄露根结点隐私的风险.针对现有结合层次树结构的本地扰动机制不足,提出了一种有效且满足本地化差分隐私的MDA查询算法H4MDA (hierarchical structure for MDA),该算法充分利用层次树的横向与纵向结构特征设计了3种基于用户分组策略的本地扰动算法HGRR,LGRR-FD,LGRR.算法HGRR结合层次树横向结构与GRR机制本地扰动用户元组数据,通过摈弃根结点组合来响应MDA查询.不同于HGRR,LGRR-FD算法利用层次树的纵向结构与GRR机制扰动本地数据,同时通过添加假数据来避免叶子结点的隐私泄露.LGRR算法通过摈弃叶子结点层纵向扰动本地数据.收集者结合LGRR的扰动结果利用局部一致性处理技术重构层次树最后两层,通过添加虚拟叶子结点来响应MDA查询,而虚拟叶子结点计数之和等于其父节点计数.HGRR,LGRR-FD,LGRR算法与现有扰动算法在3种数据集上实验结果表明,其响应MDA查询的精度优于同类算法.
文摘尽管深度神经网络在很多任务上取得了良好的结果,但是它们对于微小的对抗扰动却很容易出现预测错误.然而在人体姿态估计的对抗攻击任务中,通常需要添加较大的扰动噪声才能攻击成功,这使得其不可察性变差;减少扰动噪声又会削弱攻击效果.为了克服该矛盾,提出一种面向人体姿态估计的两阶段局部对抗攻击方法.所提方法首先通过预攻击估计出扰动关键区域,然后利用不可察性约束在关键区域内生成扰动.方法不仅可以对人体姿态进行有效攻击,而且还能确保最终扰动区域具有低可察性.采用COCO2017作为对抗扰动实验数据集并使用PCK(percentage of correct keypoints)作为评价指标,比较在人体姿态估计模型中IGSM和C&W方法的攻击效果,其PCK降低值分别提高了15.4%与2.8%.实验结果表明所提方法在保证攻击的低可察的同时,能够取得较好的攻击效果.
基金National Natural Science Foundation of China,No.61972458Natural Science Foundation of Zhejiang Province,No.LZ23F020002.
文摘Deep neural networks are vulnerable to attacks from adversarial inputs.Corresponding attack research on human pose estimation(HPE),particularly for body joint detection,has been largely unexplored.Transferring classification-based attack methods to body joint regression tasks is not straightforward.Another issue is that the attack effectiveness and imperceptibility contradict each other.To solve these issues,we propose local imperceptible attacks on HPE networks.In particular,we reformulate imperceptible attacks on body joint regression into a constrained maximum allowable attack.Furthermore,we approximate the solution using iterative gradient-based strength refinement and greedy-based pixel selection.Our method crafts effective perceptual adversarial attacks that consider both human perception and attack effectiveness.We conducted a series of imperceptible attacks against state-of-the-art HPE methods,including HigherHRNet,DEKR,and ViTPose.The experimental results demonstrate that the proposed method achieves excellent imperceptibility while maintaining attack effectiveness by significantly reducing the number of perturbed pixels.Approximately 4%of the pixels can achieve sufficient attacks on HPE.
基金isupported by the National Natural Science Foundation of China(Grant Nos.11871010 and 11971040)the Fundamental Research Funds for the Central Universities(Grant No.2019XD-A11)The work of Weilin Xiao is supported by the Humanities and Social Sciences of Ministry of Education Planning Fund of China(Grant No.23YJA630102).
文摘This study considers an optimal investment and reinsurance problem involving a defaultable security for an insurer in an ambiguous environment.In other words,the insurer is ambiguous about the insurance claim that is exponentially distributed with an uncertain rate parameter.The insurer can purchase proportional reinsurance and invest its wealth in three assets:a risk-free asset,a risky asset,the price process of which satisfies the Heston local-stochastic volatility model,and a defaultable corporate bond.For the optimal investment–reinsurance objective with a smooth ambiguity utility proposed by Klibanoff,P.,Marinacci,M.,and Mukerji,S.[A smooth model of decision making under ambiguity,Econometrica,2005,73(6):1849-1892],the equilibrium strategy is introduced and the extended Hamilton–Jacobi–Bellman equation is established through a stochastic control approach.However,the analytical solution of the strategy under the Heston local-stochastic volatility model cannot be obtained because of the complicated nonlinearity of the partial differential equation.In this study,we employ a perturbation method to derive an asymptotic solution for the post-and pre-default cases.In addition,we present a sensitivity analysis to explain the impact of model parameters on the equilibrium investment–reinsurance strategy.
文摘A recent method for assessing the local influence is introduced by Cook(1986), in which the normal curvature of the influence graph based on the likelihood displacement is used to monitor the influence of small perturbation. Since then this method has been applied to various kind of models. However, the local influence in multivariate analysis is still an unexplored area because the influence for many statistics in multivariate analysis is not convenient to handle based on the Cook's likelihood displacement. In this paper, we suggest a method with a slight modification in Cook's approach to assess the local influence of small perturbation on a certain statistic. The local influence of the perturbation on eigenvalue and eigenvector of variance-covariance matrix in theoretical and sample version is assessed, some results for the other statistics in multivariate analysis such as generalized variance, canonical correlations are studied. Finally, two examples are analysed for illustration.
基金supported by the Natural Science Foundation of Nanjing Joint Center of Atmospheric Research(Grant Nos.NJCAR2016MS02 and NJCAR2016ZD04)the National Natural Science Foundation of China(Grant Nos.41205073 and41675007)the National Key Research and Development Program of China(Grant No.2017YFC1501800)
文摘We propose a method based on the local breeding of growing modes(LBGM) considering strong local weather characteristics for convection-allowing ensemble forecasting. The impact radius was introduced in the breeding of growing modes to develop the LBGM method. In the local breeding process, the ratio between the root mean square error(RMSE) of local space forecast at each grid point and that of the initial full-field forecast is computed to rescale perturbations. Preliminary evaluations of the method based on a nature run were performed in terms of three aspects: perturbation structure, spread,and the RMSE of the forecast. The experimental results confirm that the local adaptability of perturbation schemes improves after rescaling by the LBGM method. For perturbation physical variables and some near-surface meteorological elements, the LBGM method could increase the spread and reduce the RMSE of forecast,improving the performance of the ensemble forecast system.In addition, different from those existing methods of global orthogonalization approach, this new initial-condition perturbation method takes into full consideration the local characteristics of the convective-scale weather system, thus making convectionallowing ensemble forecast more accurate.
