Qiao Zhang,Cong Wang,Hongyi Wu,Chunsheng Xin,Tran V. Phuong

DOI: https://doi.org/10.24963/ijcai.2018/547

2018-01-01

Abstract:Privacy is a fundamental challenge for a variety of smart applications that depend on data aggregation and collaborative learning across different entities. In this paper, we propose a novel privacy-preserved architecture where clients can collaboratively train a deep model while preserving the privacy of each client's data. Our main strategy is to carefully partition a deep neural network to two non-colluding parties. One party performs linear computations on encrypted data utilizing a less complex homomorphic cryptosystem, while the other executes non-polynomial computations in plaintext but in a privacy-preserved manner. We analyze security and compare the communication and computation complexity with the existing approaches. Our extensive experiments on different datasets demonstrate not only stable training without accuracy loss, but also 14 to 35 times speedup compared to the state-of-the-art system.

Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Yichuan Liu,Chungen Xu,Lei Xu,Lin Mei,Xing Zhang,Cong Zuo

DOI: https://doi.org/10.32604/jihpp.2021.026944

2021-01-01

Journal of Information Hiding and Privacy Protection

Abstract:The widespread acceptance of machine learning, particularly of neural networks leads to great success in many areas, such as recommender systems, medical predictions, and recognition. It is becoming possible for any individual with a personal electronic device and Internet access to complete complex machine learning tasks using cloud servers. However, it must be taken into consideration that the data from clients may be exposed to cloud servers. Recent work to preserve data confidentiality has allowed for the outsourcing of services using homomorphic encryption schemes. But these architectures are based on honest but curious cloud servers, which are unable to tell whether cloud servers have completed the computation delegated to the cloud server. This paper proposes a verifiable neural network framework which focuses on solving the problem of data confidentiality and training integrity in machine learning. Specifically, we first leverage homomorphic encryption and extended diagonal packing method to realize a privacy-preserving neural network model efficiently, it enables the user training over encrypted data, thereby protecting the user’s private data. Then, considering the problem that malicious cloud servers are likely to return a wrong result for saving cost, we also integrate a training validation modular Proof-of-Learning, a strategy for verifying the correctness of computations performed during training. Moreover, we introduce practical byzantine fault tolerance to complete the verification progress without a verifiable center. Finally, we conduct a series of experiments to evaluate the performance of the proposed framework, the results show that our construction supports the verifiable training of PPNN based on HE without introducing much computational cost.

Minghui Li,Yuejing Yan,Qian Wang,Minxin Du,Zhan Qin,Cong Wang

DOI: https://doi.org/10.1109/mnet.011.2000293

IF: 10.294

2021-01-01

IEEE Network

Abstract:Neural networks have attracted much attention due to their excellent performance in providing insightful predictions. The trained neural network models usually have millions of parameters requiring massive storage resources, which motivates the model owner to deploy their models to cloud servers for relieving the storage burden. The client can also directly enjoy the prediction service provided by the cloud server. Albeit convenient, untrusted cloud servers may violate the privacy of the model owners and the clients, which hinders the wide applications of such a prediction service. This survey reviews various privacy-preserving neural network prediction services, which protect the privacy of the model and the query. Many protocols are in the basic secure two-party computation (S2C) setting, which protects the secret of the querier and the model owner against the counterparty. Secure outsourcing further protects the privacy of the model against the cloud hosting it for the prediction service. We compare the existing approaches in terms of security, accuracy, and efficiency. We then propose an optimized neural network prediction scheme in the outsourcing setting, which simultaneously achieves high accuracy, model privacy, and low overheads, and conduct an experimental evaluation for computation time and communication costs. Finally, we highlight several future research directions and provide new insights into open problems in strengthening security and improving efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yanli Yuan,Dian Lei,Chuan Zhang,Ximeng Liu,Zehui Xiong,Liehuang Zhu

DOI: https://doi.org/10.1109/icc51166.2024.10622439

2024-01-01

Abstract:Graph neural networks (GNNs) have been widely applied in various graph analysis tasks. To provide more convenient and faster predictive services, many enterprises are choosing to deploy GNNs in cloud environments. However, given the increasing privacy concerns about GNNs models and graph data, as well as the need to quickly generate embeddings for new nodes in real-world applications, a critical issue in this emerging paradigm is to ensure the security and scalability of GNN predictions. In this paper, we propose a privacy-preserving and scalable GNN prediction scheme, named PS-GNN, to address the privacy issues in cloud environments. Specifically, PS-GNN utilizes a customized array structure to store graph data and employs secret sharing to preserve the confidentiality of both the GNN model and graph data. Besides, the scalability of PS-GNN is achieved by aggregating feature information from local node neighborhoods in parallel. Through a detailed analysis, we demonstrate the security of PS-GNN. Extensive experiments on real-world datasets demonstrate that PS-GNN outperforms existing schemes in terms of computational and communication overhead, and reaches state-of-the-art performance on large graphs.

Wen Huang,Ganglin Zhang,Yongjian Liao,Jian Peng,Feihu Huang,Jvlong Yang

DOI: https://doi.org/10.1109/tsc.2023.3332744

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the popularity of artificial intelligence and cloud computing, many neural network models can be placed on the cloud server as an open service, such as Google Goggles and the online face recognition system of Baidu. The data owner sends his data to the cloud server to get the prediction result of data. Obviously, the cloud service provider can access model parameters and private data if there is no additional protection mechanism. On the one hand, if the adversary can access private data, they can freely use the artificial intelligence model and Big Data technologies to analyze the data owner. On the other hand, when the adversary can access model parameters, the interest of model owner would be harmed. Thus, preserving model parameters (model privacy) and private data (data privacy) becomes the key for applying neural network models as open cloud services. In this paper, to protect the model privacy and data privacy in neural network prediction even when a cloud service provider colludes with the data owner or the model owner, we first propose a new system model with two no-colluding cloud servers and a corresponding security model. Then, we propose a new non-interactive outsourcing scheme, which can protect model privacy together with data privacy. Our scheme is able to resist collusive attacks of one server and the data owner as well as collusive attacks of one server and the model owner. At last, the security analyses indicate that our scheme just needs no collusion between cloud servers. The performance analyses indicate that our scheme is very lightweight for the data owner, and it is about tens of milliseconds for a neural network model with 1000 parameters.

computer science, information systems, software engineering

ZHAO Min,TIAN Youliang,XIONG Jinbo,BI Renwan,XIE Hongtao

DOI: https://doi.org/10.11896/jsjkx.220300239

2023-01-01

Computer Science

Abstract:Aiming at the problem of data privacy leakage in cloud environment and insufficient accuracy in the privacy-preserving neural network based on homomorphic encryption, a privacy-preserving neural network training scheme（PPNT） is proposed for collaborative dual cloud servers, to achieve the goal of data transmission, computing security and model parameter under the collaborative training process of dual cloud servers.Firstly, in order to avoid using polynomial approximation method to realize nonlinear functions such as exponent and comparison, and improve the calculation accuracy of nonlinear function, a series of secure computing protocols are designed based on Paillier partially homomorphic encryption technology and additive secret sharing scheme.Furthermore, corresponding secure computing protocols of full connection layer, activation layer, softmax layer and back propagation in neural network are constructed to realize PPNT based on the designed secure computing protocols.Finally, theoretical and security analysis guarantees the correctness and security of PPNT.The actual performance results show that compared with the dual server scheme--privacy protection machine learning as a service（PPMLaaS）,the model accuracy of PPNT improves by 1.7%,and supports the client offline in the process of secure computing.

Xu Ma,Xiaofeng Chen,Xiaoyu Zhang

DOI: https://doi.org/10.1016/j.ins.2018.12.015

IF: 8.1

2019-01-01

Information Sciences

Abstract:Neural network is a particular machine learning framework which has gained widespread popularity due to its superior performance in many applications, such as complex board games, face recognition and disease diagnosis. A new service paradigm which offers online neural-network-based prediction to clients is increasingly popular. Although the prediction service has clear benefits, serious privacy issues have also emerged from the clients’ sensitive data and the neural network model itself. In this paper, we present a new outsourcing model for privacy-preserving neural network prediction under two non-colluding servers framework. In this model, the original neural network owner can securely outsource an existing neural network model to the two servers who will thereafter provide prediction service to the public users utilize encrypted input data. We propose the first fully non-interactive privacy-preserving neural network prediction scheme. Extensive security and efficiency analysis demonstrate that the proposed scheme satisfies the security requirement of model privacy and data privacy, and highly efficient with respect to computation and communication overhead.

Xiaoyu Zhang,Xiaofeng Chen,Jianfeng Wang,Zhihui Zhan,Jin Li

DOI: https://doi.org/10.1007/s00500-018-3233-7

IF: 3.732

2018-01-01

Soft Computing

Abstract:With the advent of artificial intelligence, machine learning has been well explored and extensively applied into numerous fields, such as pattern recognition, image processing and cloud computing. Very recently, machine learning hosted in a cloud service has gained more attentions due to the benefits from the outsourcing paradigm. Based on cloud-aided computation techniques, the heavy computation tasks involved in machine learning process can be off-loaded into the cloud server in a pay-per-use manner, whereas outsourcing large-scale collection of sensitive data risks privacy leakage since the cloud server is semi-honest. Therefore, privacy preservation for the client and verification for the returned results become two challenges to be dealt with. In this paper, we focus on designing a novel privacy-preserving single-layer perceptron training scheme which supports batch patterns training and verification for the training results on the client side. In addition, adopting classical secure two-party computation method, we design a novel lightweight privacy-preserving predictive algorithm. Both two participants learns nothing about other's inputs, and the calculation result is only known by one party. Detailed security analysis shows that the proposed scheme can achieve the desired security properties. We also demonstrate the efficiency of our scheme by providing the experimental evaluation on two different real datasets.

Yanli Yuan,Dian Lei,Qing Fan,Keli Zhao,Liehuang Zhu,Chuan Zhang

DOI: https://doi.org/10.1109/icicn62625.2024.10761771

2024-01-01

Abstract:With the widespread adoption of Graph Neural Network (GNN) technology in industry, concerns regarding graph data privacy have become increasingly prominent. Differential privacy has been demonstrated as an effective method to ensure privacy in graph learning. However, existing differential privacy-based GNN methods often overlook the individual privacy protection needs of users, offering uniform privacy guarantees to all. This approach can result in either over-protection or insufficient protection for certain users. To address this issue, we propose an adaptive privacy-preserving GNN training method that accommodates the varying privacy requirements of nodes while achieving high model training accuracy. Specifically, APPGNN allocates adaptive privacy budgets based on individual user privacy needs. Additionally, to mitigate the impact of noise on data utility, APPGNN incorporates a weighted neighborhood aggregation mechanism to enhance GNN model accuracy. Theoretical analysis indicates that APPGNN provides adaptive privacy protection while ensuring ε-differential privacy on node data. Experimental evaluations on four real-world graph datasets validate the effectiveness of APPGNN.

Pengtao Xie,Misha Bilenko,Tom Finley,Ran Gilad-Bachrach,Kristin Lauter,Michael Naehrig

DOI: https://doi.org/10.48550/arXiv.1412.6181

2014-12-24

Abstract:The problem we address is the following: how can a user employ a predictive model that is held by a third party, without compromising private information. For example, a hospital may wish to use a cloud service to predict the readmission risk of a patient. However, due to regulations, the patient's medical files cannot be revealed. The goal is to make an inference using the model, without jeopardizing the accuracy of the prediction or the privacy of the data. To achieve high accuracy, we use neural networks, which have been shown to outperform other learning models for many tasks. To achieve the privacy requirements, we use homomorphic encryption in the following protocol: the data owner encrypts the data and sends the ciphertexts to the third party to obtain a prediction from a trained model. The model operates on these ciphertexts and sends back the encrypted prediction. In this protocol, not only the data remains private, even the values predicted are available only to the data owner. Using homomorphic encryption and modifications to the activation functions and training algorithms of neural networks, we show that it is protocol is possible and may be feasible. This method paves the way to build a secure cloud-based neural network prediction services without invading users' privacy.

Machine Learning,Cryptography and Security,Neural and Evolutionary Computing

Jialu Chen,Jun Zhou,Zhenfu Cao,Athanasios Vasilakos,Xiaolei Dong,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2019.2942165

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:Machine learning, particularly the neural network (NN), is extensively exploited in dizzying applications. In order to reduce the burden of computing for resource-constrained clients, a large number of historical private datasets are required to be outsourced to the semi-trusted or malicious cloud for model training and evaluation. To achieve privacy preservation, most of the existing work either exploited the technique of public key fully homomorphic encryption (FHE) resulting in considerable computational cost and ciphertext expansion, or secure multiparty computation (SMC) requiring multiple rounds of interactions between user and cloud. To address these issues, in this article, a lightweight privacy-preserving model training and evaluation scheme LPTE for discretized NNs (DiNNs) is proposed. First, we put forward an efficient single key fully homomorphic data encapsulation mechanism (SFH-DEM) without exploiting public key FHE. Based on SFH-DEM, a series of atomic calculations over the encrypted domain, including multivariate polynomial, nonlinear activation function, gradient function, and maximum operations are devised as building blocks. Furthermore, a lightweight privacy-preserving model training and evaluation scheme LPTE for DiNNs is proposed, which can also be extended to convolutional NN. Finally, we give the formal security proofs for dataset privacy, model training privacy, and model evaluation privacy under the semi-honest environment and implement the experiment on real dataset MNIST for recognizing handwritten numbers in DiNN to demonstrate the high efficiency and accuracy of our proposed LPTE.

Meng Li,Liangzhen Lai,Naveen Suda,Vikas Chandra,David Z. Pan

DOI: https://doi.org/10.48550/arxiv.1709.06161

2017-01-01

Abstract:Massive data exist among user local platforms that usually cannot support deep neural network (DNN) training due to computation and storage resource constraints. Cloud-based training schemes provide beneficial services but suffer from potential privacy risks due to excessive user data collection. To enable cloud-based DNN training while protecting the data privacy simultaneously, we propose to leverage the intermediate representations of the data, which is achieved by splitting the DNNs and deploying them separately onto local platforms and the cloud. The local neural network (NN) is used to generate the feature representations. To avoid local training and protect data privacy, the local NN is derived from pre-trained NNs. The cloud NN is then trained based on the extracted intermediate representations for the target learning task. We validate the idea of DNN splitting by characterizing the dependency of privacy loss and classification accuracy on the local NN topology for a convolutional NN (CNN) based image classification task. Based on the characterization, we further propose PrivyNet to determine the local NN topology, which optimizes the accuracy of the target learning task under the constraints on privacy loss, local computation, and storage. The efficiency and effectiveness of PrivyNet are demonstrated with the CIFAR-10 dataset.

Yingying Yao,Zhendong Zhao,Xiaolin Chang,Jelena Misic,Vojislav B. Misic,Jianhua Wang

DOI: https://doi.org/10.1109/icc42927.2021.9500795

2021-01-01

Abstract:Electronic health (e-health) information system relies on cloud computing technologies to provide massive medical data computing and storage services. Especially, the recently proposed Machine Learning as a Service (MLaaS) on these medical data can not only effectively improve the healthcare service quality, but also support the end users with limited computing resources. However, MLaaS on the massive medical data faces the challenge of privacy. Homomorphic encryption technology has been explored to assure the privacy of medical data owners in MLaaS but with the weaknesses of limited homomorphic operations and low efficiency. To alleviate these weaknesses, this paper proposes a novel privacy-preserving non-collusion dualcloud (NCDC) model-based e-health information system using neural network (NN) computing. The system can not only assure medical data privacy through adopting homomorphic encryption technology but also assure NN model privacy by adding fake neurons to the NN. In addition, the proposed e-health information system also has the following advantages: (i) Simple key generation. (ii) No constraint on the size of medical data to be encrypted. (iii) The less loss of prediction accuracy between encrypted and original medical data. (iv) Supporting more homomorphic operations and having better computing efficiency through experiment verification.

Qi Feng,Debiao He,Jian Shen,Min Luo,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tai.2023.3247554

2024-01-01

IEEE Transactions on Artificial Intelligence

Abstract:By leveraging smart devices [e.g., industrial Internet of Things (IIoT)] and real-time data analytics, organizations, such as production plants can benefit from increased productivity, reduced costs, enhanced self-monitoring, and autonomous decision-making. In such a setting, machine learning plays an important role in data analytics, but the use of conventional centralized machine learning solutions may raise uncomfortable concerns about data privacy. Hence, one can explore the use of federated learning. In this article, we propose privacy- p reserving deep neural network training (PpNNT), which is designed to support federated learning in the multiparty setting. To minimize the overall costs, we further design a hybrid architecture to fully maximize resource utilization. Our proposed design allows the PpNNT system to provide high security, efficiency, and scalability for IIoT data analytics, as evidenced by our theoretical security proof and experimental results on the CIFAR10 dataset.

Li Minghui,Chow Sherman S. M.,Hu Shengshan,Yan Yuejing,Du Minxin,Wang Zhibo

2020-01-01

Abstract: Neural networks provide better prediction performance than previous techniques. Prediction-as-a-service thus becomes popular, especially in the outsourced setting since it involves extensive computation. Recent researches focus on the privacy of the query and results, but they do not provide model privacy against the model-hosting server and may leak partial information about the results. Some of them further require frequent interactions with the querier or heavy computation overheads. This paper proposes a new scheme for privacy-preserving neural network prediction in the outsourced setting, i.e., the server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S\&P'17), a representative work which provides model privacy, we leverage two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. Further, we adopt asynchronous computation to improve the throughput, and design garbled circuits for the non-polynomial activation function to keep the same accuracy as the underlying network (instead of approximating it). Our experiments on four neural network architectures show that our scheme achieves an average of 282 times improvements in reducing latency compared to SecureML. Compared to MiniONN (CCS'17) and EzPC (EuroS\&P'19), both without model privacy, our scheme also has 18 times and 10 times lower latency, respectively. For the communication costs, our scheme outperforms SecureML by 122 times, MiniONN by 49 times, and EzPC by 38 times.

Guoqiang Deng,Xuefeng Duan,Min Tang,Yuhao Zhang,Ying Huang

DOI: https://doi.org/10.1016/j.future.2023.03.036

IF: 7.307

2023-01-01

Future Generation Computer Systems

Abstract:Fast and reliable modeling of distributed data with sensitive information is a major goal of privacy-preserving machine learning (PPML). Artificial Neural Networks (ANNs) are powerful and scalable, making them suitable to settle large-scale and highly complex machine learning tasks. Since a large number of neurons and various non-linear functions are embedded in ANNs, it is still a huge challenge to train an ANNs model in the encrypted-domain. Majority of existing approaches for PPML require multiple communications among data owners and cloud servers, leading to a substantial overhead of computation and data transmission costs, and are restricted to approximation models by polynomials or piecewise linear functions. Here, to facilitate the integration of any training data from any data owner without violating privacy constraints, we introduce a non-interactive and lossless ANNs training approach that unites mask matrix, function encryption for inner-product and coordination while maintaining confidentiality with the help of Internet Service Providers (ISPs), thereby going beyond those schemes with interactive fashion and using approximation substitutions. To illustrate the feasibility and efficiency of using our method to develop ANNs classifiers using distributed data, we choose two well-known MNIST datasets with a large amount of image data with high dimensionality in PPML field. We show the protocol is feasible to use in practice while achieving high accuracy. Furthermore, the evaluation reveals that the computational efficiency is improved at least 25 times compared with the state-of-the-art privacy-preserving ANNs approach.

Liyan Shen,Xiaojun Chen,Jinqiao Shi,Ye Dong,Binxing Fang

DOI: https://doi.org/10.1007/978-3-030-58951-6_21

2020-01-01

Abstract:In the era of big data, users pay more attention to data privacy issues in many application fields, such as healthcare, finance, and so on. However, in the current application scenarios of machine learning as a service, service providers require users’ private inputs to complete neural network inference tasks. Previous works have shown that some cryptographic tools can be used to achieve the secure neural network inference, but the performance gap is still existed to make those techniques practical.

Dimitrios Melissourgos,Hanzhi Gao,Chaoyi Ma,Shigang Chen,Sam S Wu

DOI: https://doi.org/10.1145/3549206.3549291

Abstract:Artificial neural networks (ANNs) are changing the paradigm in medical diagnosis. However, it remains an open problem how to outsource the model training operations to the cloud while protecting the privacy of distributed patient data. Homomorphic encryption suffers from high overhead over data independently encrypted from numerous sources, differential privacy introduces a high level of noise which drastically increases the number of patient records needed to train a model, while federated learning requires all participants to perform synchronized local training that counters our goal of outsourcing all training operations to the cloud. This paper proposes to use matrix masking for outsourcing all model training operations to the cloud with privacy protection. After outsourcing their masked data to the cloud, the clients do not need to coordinate and perform any local training operations. The accuracy of the models trained by the cloud from the masked data is comparable to the accuracy of the optimal benchmark models that are trained directly from the original raw data. Our results are confirmed by experimental studies on privacy-preserving cloud training of medical-diagnosis neural network models based on real-world Alzheimer's disease data and Parkinson's disease data.