Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
8 tokens/sec
Gemini 2.5 Pro Pro
47 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Salted Inference: Enhancing Privacy while Maintaining Efficiency of Split Inference in Mobile Computing (2310.13384v2)

Published 20 Oct 2023 in cs.LG and cs.DC

Abstract: In split inference, a deep neural network (DNN) is partitioned to run the early part of the DNN at the edge and the later part of the DNN in the cloud. This meets two key requirements for on-device machine learning: input privacy and computation efficiency. Still, an open question in split inference is output privacy, given that the outputs of the DNN are observable in the cloud. While encrypted computing can protect output privacy too, homomorphic encryption requires substantial computation and communication resources from both edge and cloud devices. In this paper, we introduce Salted DNNs: a novel approach that enables clients at the edge, who run the early part of the DNN, to control the semantic interpretation of the DNN's outputs at inference time. Our proposed Salted DNNs maintain classification accuracy and computation efficiency very close to the standard DNN counterparts. Experimental evaluations conducted on both images and wearable sensor data demonstrate that Salted DNNs attain classification accuracy very close to standard DNNs, particularly when the Salted Layer is positioned within the early part to meet the requirements of split inference. Our approach is general and can be applied to various types of DNNs. As a benchmark for future studies, we open-source our code.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. Auto-split: A general framework of collaborative edge-cloud AI. In Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining. 2543–2553.
  2. Fast homomorphic evaluation of deep discretized neural networks. In Annual International Cryptology Conference. Springer, 483–512.
  3. A systematic study of unsupervised domain adaptation for robust human-activity recognition. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies 4, 1 (2020), 1–30.
  4. Benny Chor and Eyal Kushilevitz. 1991. A Zero-One Law for Boolean Privacy. SIAM Journal on Discrete Mathematics 4, 1 (1991).
  5. Splitnets: Designing neural architectures for efficient distributed computing on head-mounted systems. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 12559–12569.
  6. Bottlenet: A deep learning architecture for intelligent mobile cloud computing services. In 2019 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED). IEEE, 1–6.
  7. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based. In Springer Annual Cryptology Conference.
  8. Otkrist Gupta and Ramesh Raskar. 2018. Distributed learning of deep neural network over multiple agents. Journal of Network and Computer Applications 116 (2018), 1–8.
  9. COINN: Crypto/ML Codesign for Oblivious Inference via Neural Networks. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 3266–3281.
  10. Neurosurgeon: Collaborative intelligence between the cloud and mobile edge. ACM SIGARCH Computer Architecture News 45, 1 (2017), 615–629.
  11. Diederik P Kingma and Jimmy Ba. 2014. Adam: A Method for Stochastic Optimization. In International Conference on Learning Representations (ICLR).
  12. Learning multiple layers of features from tiny images. (2009).
  13. Gradient-based learning applied to document recognition. Proc. IEEE 86, 11 (1998), 2278–2324.
  14. Wang Lu and Jindong Wang. 2023. PersonalizedFL: Personalized Federated Learning Toolkit. https://github.com/microsoft/PersonalizedFL.
  15. Honest-but-curious nets: Sensitive attributes of private inputs can be secretly coded into the classifiers’ outputs. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 825–844.
  16. Mohammad Malekzadeh and Deniz Gunduz. 2022. Vicious Classifiers: Data Reconstruction Attack at Inference Time. arXiv preprint arXiv:2212.04223 (2022).
  17. Distilled split deep neural networks for edge-assisted real-time systems. In Proceedings of the 2019 Workshop on Hot Topics in Video Analytics and Intelligent Edges. 21–26.
  18. Split computing and early exiting for deep learning applications: Survey and research challenges. Comput. Surveys 55, 5 (2022), 1–30.
  19. Robert Morris and Ken Thompson. 1979. Password Security: A Case History. Commun. ACM 22, 11 (1979), 594–597.
  20. Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries. University of Oxford Technical Report (2014).
  21. Attila Reiss and Didier Stricker. 2012. Introducing a new benchmarked dataset for activity monitoring. In 2012 16th international symposium on wearable computers. IEEE, 108–109.
  22. Unsupervised information obfuscation for split inference of neural networks. arXiv preprint arXiv:2104.11413 (2021).
  23. Detailed comparison of communication efficiency of split learning and federated learning. arXiv preprint arXiv:1909.09145 (2019).
  24. Congzheng Song and Vitaly Shmatikov. 2020. Overlearning Reveals Sensitive Attributes. In International Conference on Learning Representations (ICLR).
  25. Advancements of federated learning towards privacy preservation: from federated learning to split learning. In Federated Learning Systems. Springer, 79–109.
  26. Reducing leakage in distributed deep learning for sensitive health data. arXiv preprint arXiv:1812.00564 2 (2019).
  27. Sergey Zagoruyko and Nikos Komodakis. 2016. Wide Residual Networks. In BMVC.
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets