What problem does this paper attempt to address?

The main problem that this paper attempts to solve is how to protect data privacy while minimizing inference latency during cloud - edge collaborative inference. Specifically, the paper focuses on: 1. **Existing challenges**: Although cloud - edge collaborative inference can reduce inference latency and protect data privacy by splitting the deep neural network (DNN) into two parts to run on edge devices and the cloud respectively, current attack methods can still reconstruct the original private data from the intermediate output results, bringing serious privacy risks. 2. **Proposed solution**: For this reason, the paper proposes a new secure - privacy inference framework CIS (Collaborative Inference Shield), aiming to maximize privacy strength while minimizing the impact on DNN accuracy, and effectively balance the contradiction between availability and privacy in cloud - edge collaborative inference. ### Main contributions - **Adaptive model splitting**: CIS supports adaptively splitting the network according to the dynamically changing network bandwidth to fully utilize the computing power of edge devices and effectively balance the total inference latency and the privacy of edge - sensitive data. - **Differential privacy protection mechanism**: CIS achieves differential privacy protection by adding finely - tuned noise to the intermediate - layer feature maps uploaded to the cloud. At the same time, under the given total privacy budget, it reasonably allocates the rank sizes of feature maps generated by different convolutional filters, making cloud - side inference robust to perturbed data, thus effectively balancing the conflict between privacy and availability. - **Practical evaluation**: A real cloud - edge collaborative inference computing scenario was constructed to verify the effectiveness of inference latency and model splitting on resource - constrained edge devices. In addition, the practical availability of the end - to - end privacy protection mechanism provided by CIS was evaluated using the state - of - the - art cloud - edge collaborative reconstruction attack. ### Formula summary To ensure the effectiveness of differential privacy protection, the following key formulas are introduced in the paper: - **Differential privacy definition**: \[ \Pr[M(D)\in S]\leq e^{\epsilon}\Pr[M(D')\in S] \] where \(D\) and \(D'\) are adjacent data sets, \(M\) is a random mechanism, and \(\epsilon\) is the privacy protection budget. - **Global sensitivity**: \[ \Delta s(f,\|\cdot\|)=\max_{d(D,D') = 1}\|f(D)-f(D')\| \] where \(\|\cdot\|\) represents a distance metric, usually the \(l_1\) or \(l_2\) norm. - **Laplace mechanism**: \[ M_L((x,f(\cdot),\epsilon))=f(x)+(Y_1,Y_2,\cdots,Y_k) \] where \(Y_i\) is a random variable independently and identically distributed from the Laplace distribution \(\text{Lap}\left(\frac{\Delta s}{\epsilon}\right)\). Through these methods, CIS can maintain high inference accuracy and low latency while protecting privacy, thus solving the key challenges in cloud - edge collaborative inference.