Preserving Privacy of Finite Impulse Response Systems
For system owners who want to protect proprietary FIR system models from identification attacks, this work provides a method to trade off model privacy against performance degradation.
This paper addresses the problem of protecting the model of finite impulse response (FIR) systems as a trade secret by adding input and output noises to increase identification error. Optimal filters are constructed to maximize identification error while keeping closed-loop performance degradation below a limit, and differential privacy is used for output noise design.
Adding input and output noises for increasing model identification error of finite impulse response (FIR) systems is considered. This is motivated by the desire to protect the model of the system as a trade secret by rendering model identification techniques ineffective. Optimal filters for constructing additive noises that maximizes the identification error subject to maintaining the closed-loop performance degradation below a limit are constructed. Furthermore, differential privacy is used for designing output noises that preserve the privacy of the model.