Jingyi Wang,Xinyue Zhang,Wenjun Xu,Qixun Zhang,Zhiyong Feng,Miao Pan

DOI: https://doi.org/10.1109/ICDCS.2019.00156

2019-01-01

Abstract:In the coming fifth generation (5G) or beyond 5G next generation networks (NGNs), the small cell deployment is a promising solution to meet the ever increasing demands of mobile devices, and the proliferation of wireless services. The low power base station (BS), such as femtocell BS, is a cost-effective and environmental friendly substitution for the power-hungry macrocell BS. One potentially effective way to deploy those small cells is to use two-tier NGN architecture, where the first-tier carrier can authorize the second-tier carrier's access to users' transmission information database (e.g., uplink/downlink service demands), and thereafter the second-tier carrier can decide how to place small cell BSs according to the mobile users' requirements locally. However, the second-tier carriers/operators for small cell placement may not be trustworthy, and the NGN users' data privacy might be compromised. To address this issue, we integrate differential privacy (DP) preserving techniques into data-driven optimization, and propose a novel scheme that not only preserves the privacy of NGN users' transmission information, but also maximizes the revenue of small cell deployment. Briefly, differential private noises are intentionally added into the users' transmission information database. Based on queries, the second-tier carrier can aggregate a given set of users' differentially private historical data, estimate the users demands, and formulate the data-driven revenue maximization problem. Given the stochastic programming optimization formulation, we develop feasible solutions and conduct extensive simulations with real-world transmission datasets (i.e., transmission data collected hourly from 3072 4G eNBs deployed in several southern cities of China in 2015) to verify the effectiveness of the proposed scheme.

Xinyue Zhang,Jingyi Wang,Hongning Li,Yuanxiong Guo,Qingqi Pei,Pan Li,Miao Pan

DOI: https://doi.org/10.1109/glocom.2018.8647637

2018-01-01

Abstract:Information-centric networking (ICN) is developed for the future Internet because of the tremendous increase of content demands in the Internet. In the ICN architecture, in-network storage for caching plays an important role in improving content delivery efficiency, scalability and availability. To enjoy the benefits of caching users' preferable contents without disclosing the users' privacy, in this paper, we aim to integrate local differential privacy (LDP) techniques into data-driven optimization, and propose a novel scheme to allow content provider (CP) to collect the locally differentially private content preferences of a selected group of users, exploit data-driven approach to predict the content popularity, and offer the cacheenabled access points (APs) economic incentives to cache the selected preferable content. Here, optimized local hashing (OLH) is employed to locally add differential private noise to the users' preference content information and the noisy data is sent to the CP. Besides, we leverage data-driven methodology to predict the content popularity according to the constructed reference distribution of the given noisy preference content data from users. We formulate a data-driven caching revenue optimization, provide feasible solutions, and conduct simulations to show the effectiveness of the proposed scheme.

Longfei Zheng,Chaochao Chen,Yingting Liu,Bingzhe Wu,Xibin Wu,Li Wang,Lei Wang,Jun Zhou,Shuang Yang

2020-01-01

Abstract:Deep Neural Network (DNN) has been showing great potential in kinds of real-world applications such as fraud detection and distress prediction. Meanwhile, data isolation has become a serious problem currently, i.e., different parties cannot share data with each other. To solve this issue, most research leverages cryptographic techniques to train secure DNN models for multi-parties without compromising their private data. Although such methods have strong security guarantee, they are difficult to scale to deep networks and large datasets due to its high communication and computation complexities. To solve the scalability of the existing secure Deep Neural Network (DNN) in data isolation scenarios, in this paper, we propose an industrial scale privacy preserving neural network learning paradigm, which is secure against semi-honest adversaries. Our main idea is to split the computation graph of DNN into two parts, i.e., the computations related to private data are performed by each party using cryptographic techniques, and the rest computations are done by a neutral server with high computation ability. We also present a defender mechanism for further privacy protection. We conduct experiments on real-world fraud detection dataset and financial distress prediction dataset, the encouraging results demonstrate the practicalness of our proposal.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Md Habibur Rahman,Md Munjure Mowla,Shahriar Shanto

DOI: https://doi.org/10.1007/s11036-022-02013-6

2022-08-20

Mobile Networks and Applications

Abstract:Deep neural networks (DNN) are increasingly utilized for wireless resource allocations in beyond 5G/6G networks to solve the high computational time problem of iterative algorithms. The main issue of neural network-based wireless resource allocation schemes is that it is possible to regain sensitive details about the training data from model parameters. However, existing works do not consider the privacy leakage issues of the neural networks while allocating wireless resources. To resolve this problem, we develop a framework using two DNN architectures, e.g., multi-layer perceptron (MLP) network and convolutional neural network (CNN) based on the concept of differential privacy (DP) which is usually implemented for data privacy protection based on neural networks incorporating appropriately calibrated noise to reduce the sensitivity of the gradients. The results of the numerical simulation indicate that the DP-enabled CNN performs better achievable rate compared to DP-enabled MLP. Yet, the proposed framework solves the high computational time problem of the iterative algorithm, i.e., stochastic weighted minimum mean square error (SWMMSE). Evaluation illustrates that our proposed framework facilitates the design of privacy-enabled resource management in different sized wireless networks.

computer science, information systems,telecommunications, hardware & architecture

Zhigao Zheng,Tao Wang,Ali Kashif Bashir,Mamoun Alazab,Shahid Mumtaz,Xiaoyan Wang

DOI: https://doi.org/10.1109/tc.2021.3130402

IF: 3.183

2021-01-01

IEEE Transactions on Computers

Abstract:As one of the most successful industrial realizations of Internet of Things, a smart grid is a smart IoT system that deploys widespread smart meters to capture fine-grained data on residential power usage. Unfortunately, it always suffers diverse privacy attacks, which seriously increases the risk of violating the privacy of customers. Although some solutions have been proposed to address this privacy issue, most of them mainly rely on a trusted party and focus on the sanitization of metering masurements. Moreover, these solutions are vulnerable to advanced attacks. In this paper, we propose a decentralized mechanism for privacy-preserving computation in smart grid called DDP, which leaverages the differential privacy and extends the data sanitization from the value domain to the time domain. Specifically, we inject Laplace noise to the measurements at the end of each customer in a distributed manner, and then use a random permutation algorithm to shuffle the power measurement sequence, thereby enforcing differential privacy after aggregation and preventing the sensitive power usage mode informaton of the customers from being inferred by other parties. Extensive experiments demonstrate that DDP shows an outstanding performance in terms of privacy from the non-intrusive load monitoring (NILM) attacks and utility by using two different error analysis.

engineering, electrical & electronic,computer science, hardware & architecture

Xinyan Li,Yufei Chen,Cong Wang,Chao Shen

DOI: https://doi.org/10.1109/mnet.001.2100256

IF: 10.294

2021-11-01

IEEE Network

Abstract:Over the past decade, we have witnessed unprecedented development in deep learning (DL) and its contributions to modern networking systems. Along with its wide adoption, however, are growing concerns over the broad attack surfaces toward learning systems and the intrinsic vulnerabilities on privacy, security, robustness, and more. As a countermeasure to mitigate the threats or formalize a better defense, a widely adopted approach is to introduce a certain level of random perturbation (a.k.a. calibrated artificial noise) at either the training or prediction phase. Noteworthy examples include effective defenses against model inference attacks and notions of certified robustness. As such, differential privacy (DP), originally established as a privacy-preserving framework for data publishing, has drawn great interest from the learning community. Given a target utility and the acceptable trade-off, DP's formalization on the amount of noise needed has been shown to be widely applicable to a broad range of DL vulnerability mitigations. In this article, we present to our readers the recent representative advancements intersecting DL and DP, ranging from privacy enhancements for DL systems to security and robustness improvements and other novel extensions. Furthermore, we discuss the ongoing challenges and propose a number of future directions where DP has great potential to positively contribute to future DL systems.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Tianpei Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3284565

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Privacy concerns often raise when sensitive data are collected, traded, and processed. The data owner typically loses her ultimate control of the data after data-outsourcing. In this work, we present the PrivData Network – a community-controlled privacy-preserving data factory and trading market. It can be viewed as a standalone data ecosystem that enables privacy-preserving data-driven workflows in a controlled environment for orchestrating and automating data movement and data transformation. In particular, we design a data encapsulation mechanism with privacy assurance, which can guarantee data privacy, usage policy compliance and metadata validity. We also design a privacy policy language and utilize a static analysis library that transfers the program to the defined policy language. To ensure the correctness of data processing, we propose a publicly verifiable secure multiparty computation protocol for mixed circuits, which guarantees the output correctness even if all parties are corrupted. Its online efficiency is comparable to conventional semi-honest secret-sharing-based MPC schemes. Finally, we implemented a prototype of our system in C++ and benchmark it on various tasks, such as biometric matching, logistic regression, and decision trees, etc.

Mohamed Seif,Yuqi Nie,Andrea Goldsmith,Vincent Poor

2024-06-01

Abstract:Collaborative inference in next-generation networks can enhance Artificial Intelligence (AI) applications, including autonomous driving, personal identification, and activity classification. This method involves a three-stage process: a) data acquisition through sensing, b) feature extraction, and c) feature encoding for transmission. Transmission of the extracted features entails the potential risk of exposing sensitive personal data. To address this issue, in this work a new privacy-protecting collaborative inference mechanism is developed. Under this mechanism, each edge device in the network protects the privacy of extracted features before transmitting them to a central server for inference. This mechanism aims to achieve two main objectives while ensuring effective inference performance: 1) reducing communication overhead, and 2) maintaining strict privacy guarantees during features transmission.

Information Theory,Cryptography and Security

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe,M. Atiquzzaman

DOI: https://doi.org/10.1109/JIOT.2019.2952146

2019-11-09

Abstract:The internet of things (IoT) is transforming major industries including but not limited to healthcare, agriculture, finance, energy, and transportation. IoT platforms are continually improving with innovations such as the amalgamation of software-defined networks (SDN) and network function virtualization (NFV) in the edge-cloud interplay. Deep learning (DL) is becoming popular due to its remarkable accuracy when trained with a massive amount of data, such as generated by IoT. However, DL algorithms tend to leak privacy when trained on highly sensitive crowd-sourced data such as medical data. Existing privacy-preserving DL algorithms rely on the traditional server-centric approaches requiring high processing powers. We propose a new local differentially private (LDP) algorithm named LATENT that redesigns the training process. LATENT enables a data owner to add a randomization layer before data leave the data owners' devices and reach a potentially untrusted machine learning service. This feature is achieved by splitting the architecture of a convolutional neural network (CNN) into three layers: (1) convolutional module, (2) randomization module, and (3) fully connected module. Hence, the randomization module can operate as an NFV privacy preservation service in an SDN-controlled NFV, making LATENT more practical for IoT-driven cloud-based environments compared to existing approaches. The randomization module employs a newly proposed LDP protocol named utility enhancing randomization, which allows LATENT to maintain high utility compared to existing LDP protocols. Our experimental evaluation of LATENT on convolutional deep neural networks demonstrates excellent accuracy (e.g. 91%- 96%) with high model quality even under low privacy budgets (e.g. $\varepsilon=0.5$).

Machine Learning,Cryptography and Security

Shuya Feng,Meisam Mohammady,Han Wang,Xiaochen Li,Zhan Qin,Yuan Hong

2024-07-20

Abstract:Streaming data, crucial for applications like crowdsourcing analytics, behavior studies, and real-time monitoring, faces significant privacy risks due to the large and diverse data linked to individuals. In particular, recent efforts to release data streams, using the rigorous privacy notion of differential privacy (DP), have encountered issues with unbounded privacy leakage. This challenge limits their applicability to only a finite number of time slots (''finite data stream'') or relaxation to protecting the events (''event or $w$-event DP'') rather than all the records of users. A persistent challenge is managing the sensitivity of outputs to inputs in situations where users contribute many activities and data distributions evolve over time. In this paper, we present a novel technique for Differentially Private data streaming over Infinite disclosure (DPI) that effectively bounds the total privacy leakage of each user in infinite data streams while enabling accurate data collection and analysis. Furthermore, we also maximize the accuracy of DPI via a novel boosting mechanism. Finally, extensive experiments across various streaming applications and real datasets (e.g., COVID-19, Network Traffic, and USDA Production), show that DPI maintains high utility for infinite data streams in diverse settings. Code for DPI is available at <a class="link-external link-https" href="https://github.com/ShuyaFeng/DPI" rel="external noopener nofollow">this https URL</a>.

Cryptography and Security

Jiahao Zhang,Ruo Peng,Chenbei Lu,Chenye Wu

DOI: https://doi.org/10.1016/j.apenergy.2024.124714

IF: 11.2

2024-10-30

Applied Energy

Abstract:This study addresses the challenges of privacy, utility, and efficiency in releasing privacy-preserving operational data for AC Optimal Power Flow (AC-OPF) research. Traditional methods, injecting noise into operational data ( i.e. , demand data and dispatch profiles) within the Differential Privacy (DP) framework, often violate physical constraints within the data, leading to unrealistic and infeasible outcomes that diminish data utility. While AC-OPF-solver-based bi-level post-processing optimizations can enforce physical feasibility, the objective divergence between post-processing and AC-OPF leads to discrepancies, compromising data utility. Additionally, their non-convex and adversarial nature makes computation prohibitively expensive, further preventing efficient data release. To overcome these challenges, our research introduces a DP approach that combines strategic noise injection for demand data with the computation of corresponding dispatch profiles, ensuring the privacy-preserving data satisfy AC-OPF's physical constraints. To accelerate data release, we employ Physics-Informed Neural Networks (PINNs). This ensures solutions' physical feasibility while enhancing computational efficiency. Furthermore, we incorporate active learning to target the most informative data samples, enhancing PINN training and optimizing efficiency while maintaining solution accuracy. Comprehensive experiments on IEEE test systems reveal our approach's improved performance and accelerated computation speed over traditional methods, highlighting its efficiency in maintaining data privacy and utility and decreasing computational burden amidst diverse privacy considerations.

energy & fuels,engineering, chemical

Yu-Lin Tsai,Yizhe Li,Zekai Chen,Po-Yu Chen,Chia-Mu Yu,Xuebin Ren,Francois Buet-Golfouse

2024-06-03

Abstract:The integration of Differential Privacy (DP) with diffusion models (DMs) presents a promising yet challenging frontier, particularly due to the substantial memorization capabilities of DMs that pose significant privacy risks. Differential privacy offers a rigorous framework for safeguarding individual data points during model training, with Differential Privacy Stochastic Gradient Descent (DP-SGD) being a prominent implementation. Diffusion method decomposes image generation into iterative steps, theoretically aligning well with DP's incremental noise addition. Despite the natural fit, the unique architecture of DMs necessitates tailored approaches to effectively balance privacy-utility trade-off. Recent developments in this field have highlighted the potential for generating high-quality synthetic data by pre-training on public data (i.e., ImageNet) and fine-tuning on private data, however, there is a pronounced gap in research on optimizing the trade-offs involved in DP settings, particularly concerning parameter efficiency and model scalability. Our work addresses this by proposing a parameter-efficient fine-tuning strategy optimized for private diffusion models, which minimizes the number of trainable parameters to enhance the privacy-utility trade-off. We empirically demonstrate that our method achieves state-of-the-art performance in DP synthesis, significantly surpassing previous benchmarks on widely studied datasets (e.g., with only 0.47M trainable parameters, achieving a more than 35% improvement over the previous state-of-the-art with a small privacy budget on the CelebA-64 dataset). Anonymous codes available at https://anonymous.4open.science/r/DP-LORA-F02F.

Computer Vision and Pattern Recognition,Artificial Intelligence,Cryptography and Security

Yun Lu,Malik Magdon-Ismail,Yu Wei,Vassilis Zikas

2024-06-22

Abstract:Differential Privacy (DP) (and its variants) is the most common method for machine learning (ML) on privacy-sensitive data. In big data analytics, one often uses randomized sketching/aggregation algorithms to make processing high-dimensional data tractable. Intuitively, such ML algorithms should provide some inherent privacy, yet most existing DP mechanisms do not leverage or under-utilize this inherent randomness, resulting in potentially redundant noising. The motivating question of our work is: (How) can we improve the utility of DP mechanisms for randomized ML queries, by leveraging the randomness of the query itself? Towards a (positive) answer, our key contribution is (proving) what we call the NDIS theorem, a theoretical result with several practical implications. In a nutshell, NDIS is a closed-form analytic computation for the (varepsilon,delta)-indistinguishability-spectrum (IS) of two arbitrary normal distributions N1 and N2, i.e., the optimal delta (for any given varepsilon) such that N1 and N2 are (varepsilon,delta)-close according to the DP distance. The importance of the NDIS theorem lies in that (1) it yields efficient estimators for IS, and (2) it allows us to analyze DP-mechanism with normally-distributed outputs, as well as more general mechanisms by leveraging their behavior on large inputs. We apply the NDIS theorem to derive DP mechanisms for queries with normally-distributed outputs--i.e., Gaussian Random Projections (RP)--and for more general queries--i.e., Ordinary Least Squares (OLS). Compared to existing techniques, our new DP mechanisms achieve superior privacy/utility trade-offs by leveraging the randomness of the underlying algorithms. We then apply the NDIS theorem to a data-driven DP notion--in particular relative DP introduced by Lu et al. [S&P 2024]. Our method identifies the range of (varepsilon,delta) for which no additional noising is needed.

Cryptography and Security,Machine Learning

Teng Wang,Jun Zhao,Zhi Hu,Xinyu Yang,Xuebin Ren,Kwok-Yan Lam

DOI: https://doi.org/10.1016/j.neucom.2020.09.073

IF: 6

2021-02-01

Neurocomputing

Abstract:<p>Local Differential Privacy (LDP) can provide each user with strong privacy guarantees under untrusted data curators while ensuring accurate statistics derived from privatized data. Due to its powerfulness, LDP has been widely adopted to protect privacy in various tasks (e.g., heavy hitters discovery, probability estimation) and systems (e.g., Google Chrome, Apple iOS). In particular, <span class="math"><math>(∊,δ)</math></span>-LDP has been studied in related statistical tasks like private learning and hypothesis testing, but is mainly achieved by using Gaussian mechanism, leading to the limited data utility. In this paper, we investigate several novel mechanisms that achieve <span class="math"><math>(∊,δ)</math></span>-LDP with higher data utility in collecting and analyzing users' data. Specifically, we first design two <span class="math"><math>(∊,δ)</math></span>-LDP algorithms for mean estimations on multi-dimensional numeric data, which can ensure higher accuracy than the optimal Gaussian mechanism. Then, we investigate different local protocols for frequency estimations on categorical attributes under <span class="math"><math>(∊,δ)</math></span>-LDP. Based on the proposed mechanisms, we further study on <span class="math"><math>(∊,δ)</math></span>-LDP-compliant stochastic gradient descent algorithms for machine learning models. Besides, the theoretical analysis of the error bound and the variance of the proposed algorithms are also presented in the paper. We have conducted extensive experiments on both real-world and synthetic datasets and demonstrated the high data utility of our proposed algorithms in the perspectives of simple data statistics tasks and complex machine learning tasks. The experimental results have shown that our proposed algorithms can effectively improve the data utility in different tasks while alleviating the privacy concerns of each individual.</p>

computer science, artificial intelligence

Ben Niu,Yahong Chen,Boyang Wang,Zhibo Wang,Fenghua Li,Jin Cao

DOI: https://doi.org/10.1109/infocom42981.2021.9488825

2021-01-01

Abstract:Users usually have different privacy demands when they contribute individual data to a dataset that is maintained and queried by others. To tackle this problem, several personalized differential privacy (PDP) mechanisms have been proposed to render statistical information of the entire dataset without revealing individual privacy. However, existing mechanisms produce query results with low accuracy, which leads to poor data utility. This is primarily because (1) some users are over protected; (2) utility is not explicitly included in the design objective. Poor data utility impedes the adoption of PDP in the real-world applications. In this paper, we present an adaptive personalized differential privacy framework, called AdaPDP. Specifically, to maximize data utility in different cases, AdaPDP adaptively selects underlying noise generation algorithms and calculates the corresponding parameters based on the type of query functions, data distributions and privacy settings. In addition, AdaPDP performs multiple rounds of utility-aware sampling to satisfy different privacy requirements for users. Our privacy analysis shows that the proposed framework renders rigorous privacy guarantee. We conduct extensive experiments on synthetic and real-world datasets to demonstrate the much less utility losses of the proposed framework over various query functions.

Pratik Thantharate,Shyam Bhojwani,Anurag Thantharate

DOI: https://doi.org/10.3390/electronics13122333

IF: 2.9

2024-06-15

Electronics

Abstract:The proliferation of cloud computing has amplified the need for robust privacy-preserving technologies, particularly when dealing with sensitive financial and human resources (HR) data. However, traditional differential privacy methods often struggle to balance rigorous privacy protections with maintaining data utility. This study introduces DPShield, an optimized adaptive framework that enhances the trade-off between privacy guarantees and data utility in cloud environments. DPShield leverages advanced differential privacy techniques, including dynamic noise-injection mechanisms tailored to data sensitivity, cumulative privacy loss tracking, and domain-specific optimizations. Through comprehensive evaluations on synthetic financial and real-world HR datasets, DPShield demonstrated a remarkable 21.7% improvement in aggregate query accuracy over existing differential privacy approaches. Moreover, it maintained machine learning model accuracy within 5% of non-private benchmarks, ensuring high utility for predictive analytics. These achievements signify a major advancement in differential privacy, offering a scalable solution that harmonizes robust privacy assurances with practical data analysis needs. DPShield's domain adaptability and seamless integration with cloud architectures underscore its potential as a versatile privacy-enhancing tool. This work bridges the gap between theoretical privacy guarantees and practical implementation demands, paving the way for more secure, ethical, and insightful data usage in cloud computing environments.

engineering, electrical & electronic,computer science, information systems,physics, applied

Khadija Hafeez,Donna OShea,Thomas Newe,Mubashir Husain Rehmani

2023-09-06

Abstract:High frequency reporting of energy consumption data in smart grids can be used to infer sensitive information regarding the consumer's life style and poses serious security and privacy threats. Differential privacy (DP) based privacy models for smart grids ensure privacy when analysing energy consumption data for billing and load monitoring. However, DP models for smart grids are vulnerable to collusion attack where an adversary colludes with malicious smart meters and un-trusted aggregator in order to get private information from other smart meters. We first show the vulnerability of DP based privacy model for smart grids against collusion attacks to establish the need of a collusion resistant model privacy model. Then, we propose an Enhanced Differential Private Noise Cancellation Model for Load Monitoring and Billing for Smart Meters (E-DPNCT) which not only provides resistance against collusion attacks but also protects the privacy of the smart grid data while providing accurate billing and load monitoring. We use differential privacy with a split noise cancellation protocol with multiple master smart meters (MSMs) to achieve colluison resistance. We did extensive comparison of our E-DPNCT model with state of the art attack resistant privacy preserving models such as EPIC for collusion attack. We simulate our E-DPNCT model with real time data which shows significant improvement in privacy attack scenarios. Further, we analyze the impact of selecting different sensitivity parameters for calibrating DP noise over the privacy of customer electricity profile and accuracy of electricity data aggregation such as load monitoring and billing.

Cryptography and Security

Qingxiu Liu,Qun Huang,Xiang Chen,Sa Wang,Wenhao Wang,Shujie Han,Patrick P. C. Lee

DOI: https://doi.org/10.1109/ICDE60146.2024.00123

2024-01-01

Abstract:Privacy preservation is critical for neural network inference, which often involves collaborative execution of different parties to make predictions on sensitive data based on sensitive neural network models. However, the expensive cryptographic operations of privacy preservation also pose performance chal-lenges to neural network inference. We address this performance-security tension by designing PP-Stream, a distributed stream processing system for high-performance privacy-preserving neural network inference. PP-Stream adopts hybrid privacy-preserving mechanisms for linear and non-linear operations of neural network inference. It treats inference data as real-time data streams, and parallelizes the inference operations across multiple pipelined stages that are executed by multiple servers and threads. It also solves the load-balanced resource allocation across servers and threads as an optimization problem. We prototype PP-Stream and show via testbed experiments that it achieves low inference latencies on various neural network models.

Jessica Smith,David Williams,Emily Brown

2024-09-17

Abstract:Large language models (LLMs) are increasingly integrated into real-time machine learning applications, where safeguarding user privacy is paramount. Traditional differential privacy mechanisms often struggle to balance privacy and accuracy, particularly in fast-changing environments with continuously flowing data. To address these issues, we introduce Scalable Differential Privacy (SDP), a framework tailored for real-time machine learning that emphasizes both robust privacy guarantees and enhanced model performance. SDP employs a hierarchical architecture to facilitate efficient noise aggregation across various learning agents. By integrating adaptive noise scheduling and gradient compression methods, our approach minimizes performance degradation while ensuring significant privacy protection. Extensive experiments on diverse datasets reveal that SDP maintains high accuracy levels while applying differential privacy effectively, showcasing its suitability for deployment in sensitive domains. This advancement points towards the potential for widespread adoption of privacy-preserving techniques in machine learning workflows.

Cryptography and Security