With the increasing variety and quantity of Android malware， it becomes increasingly important to detect malware to protect system security and user privacy. To address the problem of low classification accuracy of traditional malware detection models， A malware detection model for Android named CBAM-CGRU-SVM was proposed based on Convolutional Neural Network （CNN）， Gated Recurrent Unit （GRU）， and Support Vector Machine （SVM）. In this model， more key features of malware were learned by adding a Convolutional Block Attention Module （CBAM） to the convolutional neural network， and GRUs were employed to further extract features. In order to solve the problem of insufficient generalization ability of the model when performing image classification， SVM was used instead of softmax activation function as the classification function of the model. Experiments were conducted on Malimg public dataset， in which the malware data was transformed to images as model input. Experimental results show that the classification accuracy of CBAM-CGRU-SVM model reaches 94.73%， which can effectively classify malware families.

The existing image tamper detection networks based on deep learning often have problems such as low detection accuracy and weak algorithm transferability. To address the above issues， a two-channel progressive feature filtering network was proposed. Two channels were used to extract the two-domain features of the image in parallel， one of which was used to extract the shallow and deep features of the image spatial domain， and the other channel was used to extract the feature distribution of the image noise domain. At the same time， a progressive subtle feature screening mechanism was used to filter redundant features and gradually locate the tampered regions； in order to extract the tamper mask more accurately， a two-channel subtle feature extraction module was proposed， which combined the subtle features of the spatial domain and the noise domain to generate a more accurate tamper mask. During the decoding process， the localization ability of the network to tampered regions was improved by fusing filtered features of different scales and the contextual information of the network. The experimental results show that in terms of detection and localization， compared with the existing advanced tamper detection networks ObjectFormer， Multi-View multi-Scale Supervision Network （MVSS-Net） and Progressive Spatio-Channel Correlation Network （PSCC-Net）， the F1 score of the proposed network is increased by an 10.4， 5.9 and 12.9 percentage points on CASIA V2.0 dataset； when faced with Gaussian low-pass filtering， Gaussian noise， and JPEG compression attacks， compared with Manipulation Tracing Network （ManTra-Net） and Spatial Pyramid Attention Network （SPAN）， the Area Under Curve （AUC） of the proposed network is increased by 10.0 and 5.4 percentage points at least. It is verified that the proposed network can effectively solve the problems of low detection accuracy and poor transferability in the tamper detection algorithm.

In view of the redundancy of dataset and the risk of privacy leakage caused by the similarity of track shape when the interference track was noised and publicated by the historical track， an IGSO-SDTP （Trajectory Protection of Simplification and Differential privacy of the track data based on Improved Glowworm Swarm Optimization） was proposed. Firstly， the historical trajectory dataset was reduced based on the position salient points. Secondly， the simplified trajectory dataset was generalized and noised by combining k-anonymity and differential privacy. Finally， a weighted distance was designed to take into account the distance error and track similarity， and the weighted distance was used as the evaluation index to solve the interference track with a small weighted distance based on IGSO （Improved Glowworm Swarm Optimization） algorithm. Experimental results on multiple datasets show that compared with the RD（Differential privacy for Raw trajectory data）， SDTP（Trajectory Protection of Simplification and Differential privacy）， LIC（Linear Index Clustering algorithm）， and DPKTS（Differential Privacy based on K-means Trajectory shape Similarity）， the weighted distances obtained by IGSO-SDTP are reduced by 21.94%， 9，15%， 14.25% and 10.55%， respectively. It can be seen that the interference trajectory publicated by IGSO-SDTP has better usability and stability.

Federated Learning （FL） emerges as a novel privacy-preserving Machine Learning （ML） paradigm. However， the distributed training structure of FL is more vulnerable to poisoning attack， where adversaries contaminate the global model through uploading poisoning models， resulting in the convergence deceleration and the prediction accuracy degradation of the global model. To solve the above problem， a poisoning attack detection scheme based on Generative Adversarial Network （GAN） was proposed. Firstly， the benign local models were fed into the GAN to output testing samples. Then， the testing samples were used to detect the local models uploaded by the clients. Finally， the poisoning models were eliminated according to the testing metrics. Meanwhile， two test metrics named F1 score loss and accuracy loss were defined to detect the poisoning models and extend the detection scope from one single type of poisoning attacks to all types of poisoning attacks. Besides， a threshold determination method was designed to deal with misjudgment， so that the robust of misjudgment was confirmed. Experimental results on MNIST and Fashion-MNIST datasets show that the proposed scheme can generate high-quality testing samples， and then detect and eliminate poisoning models. Compared with the global models trained with the detection scheme based on directly gathering test data from clients and the detection scheme based on generating test data and using test accuracy as the test metric， the global model trained with the proposed scheme has significant accuracy improvement from 2.7 to 12.2 percentage points.