Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Shangwei Guo,Xu Zhang,Fei Yang,Tianwei Zhang,Yan Gan,Tao Xiang,Yang Liu

DOI: https://doi.org/10.48550/arXiv.2112.10183

2021-12-20

Abstract:With the rapid demand of data and computational resources in deep learning systems, a growing number of algorithms to utilize collaborative machine learning techniques, for example, federated learning, to train a shared deep model across multiple participants. It could effectively take advantage of the resources of each participant and obtain a more powerful learning system. However, integrity and privacy threats in such systems have greatly obstructed the applications of collaborative learning. And a large amount of works have been proposed to maintain the model integrity and mitigate the privacy leakage of training data during the training phase for different collaborative learning systems. Compared with existing surveys that mainly focus on one specific collaborative learning system, this survey aims to provide a systematic and comprehensive review of security and privacy researches in collaborative learning. Our survey first provides the system overview of collaborative learning, followed by a brief introduction of integrity and privacy threats. In an organized way, we then detail the existing integrity and privacy attacks as well as their defenses. We also list some open problems in this area and opensource the related papers on GitHub: <a class="link-external link-https" href="https://github.com/csl-cqu/awesome-secure-collebrative-learning-papers" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Emmanuel Antwi-Boasiako,Shijie Zhou,Yongjian Liao,Qihe Liu,Yuyu Wang,Kwabena Owusu-Agyemang

DOI: https://doi.org/10.1016/j.jisa.2021.102949

IF: 4.96

2021-01-01

Journal of Information Security and Applications

Abstract:Distributed or Collaborative Deep Learning, has recently gained more recognition due to its major advantage of allowing two or more learning participants to contribute and enjoy better accuracy from large and varied training datasets. Despite this advantage, it also presents key privacy issues that have to be managed. In this survey paper, an overview of Distributed or Collaborative Deep Learning has been presented. We first classify Collaborative or Distributed Deep Learning into Direct, Indirect and Peer-to-peer approaches and indicate some of their related privacy issues. We then discuss general cryptographic algorithms and other techniques that can be used for privacy preservation and also indicate their advantages and disadvantages in the Distributed Deep Learning setting. Furthermore, some fundamental theories employed in this area of research have been presented which paves the way for a comprehensive review and comparison of existing privacy approaches, most of which are based on Homomorphic Encryption. Finally, we highlight some challenges in this research domain and propose future directions. Our work reveals the following: Collaborative Deep Learning is more associated with the training stage of Deep Learning than the inference stage. Homomorphic Encryption provides a good approach for preserving the privacy of training datasets in the Collaborative Deep Learning and can become more popular if some problems associated with its use such as increased communication and computation costs are brought low. Privacy preservation in the Collaborative Deep Learning has great future prospects and attempts should be made towards providing more quantum robust and collusion resistant solutions.

Fei Yang,Xu Zhang,Shangwei Guo,Daiyuan Chen,Yan Gan,Tao Xiang,Yang Liu

DOI: https://doi.org/10.1007/s10462-024-10797-0

IF: 9.588

2024-06-22

Artificial Intelligence Review

Abstract:Increasing numbers of artificial intelligence systems are employing collaborative machine learning techniques, such as federated learning, to build a shared powerful deep model among participants, while keeping their training data locally. However, concerns about integrity and privacy in such systems have significantly hindered the use of collaborative learning systems. Therefore, numerous efforts have been presented to preserve the model's integrity and reduce the privacy leakage of training data throughout the training phase of various collaborative learning systems. This survey seeks to provide a systematic and comprehensive evaluation of security and privacy studies in collaborative training, in contrast to prior surveys that only focus on one single collaborative learning system. Our survey begins with an overview of collaborative learning systems from various perspectives. Then, we systematically summarize the integrity and privacy risks of collaborative learning systems. In particular, we describe state-of-the-art integrity attacks (e.g., Byzantine, backdoor, and adversarial attacks) and privacy attacks (e.g., membership, property, and sample inference attacks), as well as the associated countermeasures. We additionally provide an analysis of open problems to motivate possible future studies.

computer science, artificial intelligence

Anh-Tu Tran,The-Dung Luong,Van-Nam Huynh

DOI: https://doi.org/10.1016/j.neucom.2024.127345

IF: 6

2024-02-03

Neurocomputing

Abstract:Deep learning (DL) has been shown to be very effective for many application domains of machine learning (ML), including image classification, voice recognition, natural language processing, and bioinformatics. The success of DL techniques is directly related to the availability of large amounts of training data. However, in many cases, the data are sensitive to the users and should be protected to preserve the privacy. Privacy-preserving deep learning (PPDL) has thus become a very active research field to ensure the training process and use of DL models are productive without exposing or leaking information about the data. This paper aims to provide a comprehensive survey of PPDL. We concentrate on the risks that affect data privacy in DL and conduct a detailed investigation into the models that ensure privacy. Finally, we propose a set of evaluation criteria, detailing the advantages and disadvantages of the solutions. Based on the analyzed strengths and weaknesses, the paper has highlighted some important research problems and application cases that have not been studied and these point to certain open research directions.

computer science, artificial intelligence

Fatemehsadat Mireshghallah,Mohammadkazem Taram,Praneeth Vepakomma,Abhishek Singh,Ramesh Raskar,Hadi Esmaeilzadeh

DOI: https://doi.org/10.48550/arXiv.2004.12254

2020-11-07

Abstract:The ever-growing advances of deep learning in many areas including vision, recommendation systems, natural language processing, etc., have led to the adoption of Deep Neural Networks (DNNs) in production systems. The availability of large datasets and high computational power are the main contributors to these advances. The datasets are usually crowdsourced and may contain sensitive information. This poses serious privacy concerns as this data can be misused or leaked through various vulnerabilities. Even if the cloud provider and the communication link is trusted, there are still threats of inference attacks where an attacker could speculate properties of the data used for training, or find the underlying model architecture and parameters. In this survey, we review the privacy concerns brought by deep learning, and the mitigating techniques introduced to tackle these issues. We also show that there is a gap in the literature regarding test-time inference privacy, and propose possible future research directions.

Machine Learning,Cryptography and Security

Lingjuan Lyu,Jiangshan Yu,Karthik Nandakumar,Yitong Li,Xingjun Ma,Jiong Jin,Han Yu,Kee Siong Ng

2019-01-01

Abstract:In collaborative deep learning, current learning frameworks follow either a centralized architecture or a distributed architecture. Whilst centralized architecture deploys a central server to train a global model over the massive amount of joint data from all parties, distributed architecture aggregates parameter updates from participating parties' local model training, via a parameter server. These two server-based architectures present security and robustness vulnerabilities such as single-point-of-failure, single-point-of-breach, privacy leakage, and lack of fairness. To address these problems, we design, implement, and evaluate a purely decentralized privacy-preserving deep learning framework, called DPPDL. DPPDL makes the first investigation on the research problem of fairness in collaborative deep learning, and simultaneously provides fairness and privacy by proposing two novel algorithms: initial benchmarking and privacy-preserving collaborative deep learning. During initial benchmarking, each party trains a local Differentially Private Generative Adversarial Network (DPGAN) and publishes the generated privacy-preserving artificial samples for other parties to label, based on the quality of which to initialize local credibility list for other parties. The local credibility list reflects how much one party contributes to another party, and it is used and updated during collaborative learning to ensure fairness. To protect gradients transaction during privacy-preserving collaborative deep learning, we further put forward a three-layer onion-style encryption scheme. We experimentally demonstrate, on benchmark image datasets, that accuracy, privacy and fairness in collaborative deep learning can be effectively addressed at the same time by our proposed DPPDL framework. Moreover, DPPDL provides a viable solution to detect and isolate the cheating party in the system.

Bo Liu,Ming Ding,Sina Shaham,Wenny Rahayu,Farhad Farokhi,Zihuai Lin

DOI: https://doi.org/10.48550/arXiv.2011.11819

IF: 5.414

2020-11-24

Machine Learning

Abstract:The newly emerged machine learning (e.g. deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning (ML) is still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This paper surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

Xu Yuan,Jianing Zhang,Zhikui Chen,Jing Gao,Peng Li

DOI: https://doi.org/10.1109/dasc/picom/cbdcom/cyberscitech.2019.00035

2019-01-01

Abstract:Nowadays, a massive number of data, referred as big data, are being collected from social networks and Internet of Things (IoT), which are of tremendous value. Many deep learning-based methods made great progress in the extraction of knowledge of those data. However, the knowledge extraction of the law data poses vast challenges on the deep learning, since the law data usually contain the privacy information. In addition, the amount of law data of an institution is not large enough to well train a deep model. To solve these challenges, some privacy-preserving deep learning are proposed to capture knowledge of privacy data. In this paper, we review the emerging topics of deep learning for the feature learning of the privacy data. Then, we discuss the problems and the future trend in deep learning for privacy-preserving feature learning on law data.

Junbo Wang,Amitangshu Pal,Qinglin Yang,Krishna Kant,Kaiming Zhu,Song Guo

DOI: https://doi.org/10.1109/tnnls.2022.3169347

IF: 14.255

2022-01-01

IEEE Transactions on Neural Networks and Learning Systems

Abstract:Distributed machine learning (ML) was originally introduced to solve a complex ML problem in a parallel way for more efficient usage of computation resources. In recent years, such learning has been extended to satisfy other objectives, namely, performing learning in situ on the training data at multiple locations and keeping the training datasets private while still allowing sharing of the model. However, these objectives have led to considerable research on the vulnerabilities of distributed learning both in terms of privacy concerns of the training data and the robustness of the learned overall model due to bad or maliciously crafted training data. This article provides a comprehensive survey of various privacy, security, and robustness issues in distributed ML.

computer science, artificial intelligence, theory & methods,engineering, electrical & electronic, hardware & architecture

Xiaoyu Zhang,Chao Chen,Yi Xie,Xiaofeng Chen,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.1016/j.csi.2022.103672

2023-01-01

Abstract:Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.

computer science, software engineering, hardware & architecture

Ximeng Liu,Lehui Xie,Yaopeng Wang,Jian Zou,Jinbo Xiong,Zuobin Ying,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/ACCESS.2020.3045078

IF: 3.9

2021-01-01

IEEE Access

Abstract:Deep Learning (DL) algorithms based on artificial neural networks have achieved remarkable success and are being extensively applied in a variety of application domains, ranging from image classification, automatic driving, natural language processing to medical diagnosis, credit risk assessment, intrusion detection. However, the privacy and security issues of DL have been revealed that the DL model can be stolen or reverse engineered, sensitive training data can be inferred, even a recognizable face image of the victim can be recovered. Besides, the recent works have found that the DL model is vulnerable to adversarial examples perturbed by imperceptible noised, which can lead the DL model to predict wrongly with high confidence. In this paper, we first briefly introduces the four types of attacks and privacy-preserving techniques in DL. We then review and summarize the attack and defense methods associated with DL privacy and security in recent years. To demonstrate that security threats really exist in the real world, we also reviewed the adversarial attacks under the physical condition. Finally, we discuss current challenges and open problems regarding privacy and security issues in DL.

Chaoyu Zhang

2024-02-26

Abstract:This paper examines the evolving landscape of machine learning (ML) and its profound impact across various sectors, with a special focus on the emerging field of Privacy-preserving Machine Learning (PPML). As ML applications become increasingly integral to industries like telecommunications, financial technology, and surveillance, they raise significant privacy concerns, necessitating the development of PPML strategies. The paper highlights the unique challenges in safeguarding privacy within ML frameworks, which stem from the diverse capabilities of potential adversaries, including their ability to infer sensitive information from model outputs or training data.

Cryptography and Security,Artificial Intelligence

Harry Chandra Tanuwidjaja,Rakyong Choi,Seunggeun Baek,Kwangjo Kim

DOI: https://doi.org/10.1109/access.2020.3023084

IF: 3.9

2020-01-01

IEEE Access

Abstract:The exponential growth of big data and deep learning has increased the data exchange traffic in society. Machine Learning as a Service, (MLaaS) which leverages deep learning techniques for predictive analytics to enhance decision-making, has become a hot commodity. However, the adoption of MLaaS introduces data privacy challenges for data owners and security challenges for deep learning model owners. Data owners are concerned about the safety and privacy of their data on MLaaS platforms, while MLaaS platform owners worry that their models could be stolen by adversaries who pose as clients. Consequently, Privacy-Preserving Deep Learning (PPDL) arises as a possible solution to this problem. Recently, several papers about PPDL for MLaaS have been published. However, to the best of our knowledge, no previous paper has summarized the existing literature on PPDL and its specific applicability to the MLaaS environment. In this paper, we present a comprehensive survey of privacy-preserving techniques, starting from classical privacy-preserving techniques to well-known deep learning techniques. Additionally, we present a detailed description of PPDL and address the issue of using PPDL for MLaaS. Furthermore, we undertake detailed comparisons between state-of-the-art PPDL methods. Subsequently, we classify an adversarial model on PPDL by highlighting possible PPDL attacks and their potential solutions. Ultimately, our paper serves as a single point of reference for detailed knowledge on PPDL and its applicability to MLaaS environments for both new and experienced researchers.

Xiaodong Wang,Yunpeng Li,Yi Li,Haibo Zhang,Bo Li

DOI: https://doi.org/10.1109/smartcloud.2018.00044

2018-01-01

Abstract:Collaborative Filtering is a widely-used recommend technique and has gained much attention in both industry and academy. However, it faces data privacy issues in practical use. In this paper, we make a comprehensive survey about Collaborative Filtering and Data Privacy Protection. Several privacy issues and challenges about collaborative filtering are pointed out. This paper provides a guide for researchers who focus on collaborative filtering recommendation algorithm and privacy preservation issues.

Xu Ma,Fangguo Zhang,Xiaofeng Chen,Jian Shen

DOI: https://doi.org/10.1016/j.ins.2018.05.005

IF: 8.1

2018-01-01

Information Sciences

Abstract:The recent advances in deep learning have improved the state of the art in artificial intelligence, and one of the most important stimulants of this success is the large volume of data. Although collaborative learning can improve the learning accuracy by incorporating more datasets into the learning process, serious privacy issues have also emerged from the training data. In this paper, we propose a new framework for privacy-preserving multi-party deep learning in cloud computing, where the large volume of training data is distributed among many parties. Our system enables multiple parties to learn the same neural network model, which is generated based on the aggregate dataset, and the privacy of the local dataset and learning model is protected against the cloud server. Extensive analysis shows that our schemes satisfy the security requirements of verifiability and privacy. Our implementation and experiments demonstrate that our system has a manageable computational efficiency and can be applied to a wide range of privacy-sensitive areas in deep learning.

Xiaoyu Zhang,Chao Chen,Yi Xie,Xiaofeng Chen,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.48550/arXiv.2105.06300

2021-05-13

Abstract:Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.

Cryptography and Security,Artificial Intelligence

Joshua C. Zhao,Saurabh Bagchi,Salman Avestimehr,Kevin S. Chan,Somali Chaterji,Dimitris Dimitriadis,Jiacheng Li,Ninghui Li,Arash Nourian,Holger R. Roth

2024-05-07

Abstract:Deep learning has shown incredible potential across a vast array of tasks and accompanying this growth has been an insatiable appetite for data. However, a large amount of data needed for enabling deep learning is stored on personal devices and recent concerns on privacy have further highlighted challenges for accessing such data. As a result, federated learning (FL) has emerged as an important privacy-preserving technology enabling collaborative training of machine learning models without the need to send the raw, potentially sensitive, data to a central server. However, the fundamental premise that sending model updates to a server is privacy-preserving only holds if the updates cannot be "reverse engineered" to infer information about the private training data. It has been shown under a wide variety of settings that this premise for privacy does {\em not} hold.

Cryptography and Security,Machine Learning

Yongkai Fan,Wanyu Zhang,Jianrong Bai,Xia Lei,Kuanching Li

DOI: https://doi.org/10.23919/jcc.ea.2020-0684.202302

2021-01-01

China Communications

Abstract:In the analysis of big data, deep learning is a crucial technique. Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas. Nevertheless, there is a contradiction between the open nature of the cloud and the demand that data owners maintain their privacy. To use cloud resources for privacy-preserving data training, a viable method must be found. A privacy-preserving deep learning model (PPDLM) is suggested in this research to address this preserving issue. To preserve data privacy, we first encrypted the data using homomorphic encryption (HE) approach. Moreover, the deep learning algorithm's activation function-the sigmoid function-uses the least-squares method to process nonaddition and non-multiplication operations that are not allowed by homomorphic. Finally, experimental results show that PPDLM has a significant effect on the protection of data privacy information. Compared with Non-Privacy Preserving Deep Learning Model (NPPDLM), PPDLM has higher computational efficiency.