Jian Liu,Mika Juuti,Yao Lu,N. Asokan

DOI: https://doi.org/10.1145/3133956.3134056

2017-01-01

Abstract:Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model. We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes . We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.

Zhang Qiao,Wang Cong,Xin Chunsheng,Wu Hongyi

2019-01-01

Abstract: Machine Learning as a Service (MLaaS) is enabling a wide range of smart applications on end devices. However, such convenience comes with a cost of privacy because users have to upload their private data to the cloud. This research aims to provide effective and efficient MLaaS such that the cloud server learns nothing about user data and the users cannot infer the proprietary model parameters owned by the server. This work makes the following contributions. First, it unveils the fundamental performance bottleneck of existing schemes due to the heavy permutations in computing linear transformation and the use of communication intensive Garbled Circuits for nonlinear transformation. Second, it introduces an ultra-fast secure MLaaS framework, CHEETAH, which features a carefully crafted secret sharing scheme that runs significantly faster than existing schemes without accuracy loss. Third, CHEETAH is evaluated on the benchmark of well-known, practical deep networks such as AlexNet and VGG-16 on the MNIST and ImageNet datasets. The results demonstrate more than 100x speedup over the fastest GAZELLE (Usenix Security'18), 2000x speedup over MiniONN (ACM CCS'17) and five orders of magnitude speedup over CryptoNets (ICML'16). This significant speedup enables a wide range of practical applications based on privacy-preserved deep neural networks.

Longfei Zheng,Chaochao Chen,Yingting Liu,Bingzhe Wu,Xibin Wu,Li Wang,Lei Wang,Jun Zhou,Shuang Yang

2020-01-01

Abstract:Deep Neural Network (DNN) has been showing great potential in kinds of real-world applications such as fraud detection and distress prediction. Meanwhile, data isolation has become a serious problem currently, i.e., different parties cannot share data with each other. To solve this issue, most research leverages cryptographic techniques to train secure DNN models for multi-parties without compromising their private data. Although such methods have strong security guarantee, they are difficult to scale to deep networks and large datasets due to its high communication and computation complexities. To solve the scalability of the existing secure Deep Neural Network (DNN) in data isolation scenarios, in this paper, we propose an industrial scale privacy preserving neural network learning paradigm, which is secure against semi-honest adversaries. Our main idea is to split the computation graph of DNN into two parts, i.e., the computations related to private data are performed by each party using cryptographic techniques, and the rest computations are done by a neutral server with high computation ability. We also present a defender mechanism for further privacy protection. We conduct experiments on real-world fraud detection dataset and financial distress prediction dataset, the encouraging results demonstrate the practicalness of our proposal.

Ding Li,Ziqi Zhang,Mengyu Yao,Yifeng Cai,Yao Guo,Xiangqun Chen

2024-11-15

Abstract:Trusted Execution Environments (TEE) are used to safeguard on-device models. However, directly employing TEEs to secure the entire DNN model is challenging due to the limited computational speed. Utilizing GPU can accelerate DNN's computation speed but commercial widely-available GPUs usually lack security protection. To this end, scholars introduce TSDP, a method that protects privacy-sensitive weights within TEEs and offloads insensitive weights to GPUs. Nevertheless, current methods do not consider the presence of a knowledgeable adversary who can access abundant publicly available pre-trained models and datasets. This paper investigates the security of existing methods against such a knowledgeable adversary and reveals their inability to fulfill their security promises. Consequently, we introduce a novel partition before training strategy, which effectively separates privacy-sensitive weights from other components of the model. Our evaluation demonstrates that our approach can offer full model protection with a computational cost reduced by a factor of 10. In addition to traditional CNN models, we also demonstrate the scalability to large language models. Our approach can compress the private functionalities of the large language model to lightweight slices and achieve the same level of protection as the shielding-whole-model baseline.

Cryptography and Security,Artificial Intelligence,Machine Learning

Furong Li,Yange Chen,Pu Duan,Benyu Zhang,Zhiyong Hong,Yupu Hu,Baocang Wang

DOI: https://doi.org/10.1002/int.22640

IF: 8.993

2021-08-31

International Journal of Intelligent Systems

Abstract:Convolutional neural networks (CNNs) have excellent and extensive applications in image recognition. With the continuous exploitation of data value and the proliferation of machine learning-as-a-service, convolutional neural network prediction schemes on privacy preservation have been introduced one after another, which makes much more attention focused on the privacy leakage and services offered to be efficient and light. Therefore, how to improve the convolutional neural prediction scheme on the premise of privacy preservation turns out to be an imperative research issue. In this paper, we propose a privacy-preserving convolutional neural network prediction scheme (PCP-LL) that supports low latency and lightweight users. The scheme starts from the perspective of lossless accuracy from underlying networks. First, we construct a secure activation function computing protocol (SActF) utilizing a commodity-based secure comparison protocol, which reduces the complexity and latency during the activation function computing under ciphertexts compared with common schemes. Second, to further support lightweight users, we introduce a secure output layer protocol (SOut) that enables users to obtain the prediction results without extra decryption after simple operations. Then, the scheme adopts the distributed two trapdoors public-key cryptosystem (DT-PKC) to achieve both data and model security, which well avoids security issues especially such as wiretapping by semi-honest participants commonly in secret sharing schemes. Finally, through relevant evaluations, the scheme not only achieves privacy preservation and low latency, but also supports lightweight users.

computer science, artificial intelligence

Jing Wang,Debiao He,Aniello Castiglione,Brij B. Gupta,Marimuthu Karuppiah,Libing Wu

DOI: https://doi.org/10.1109/tnse.2022.3177755

IF: 6.6

2022-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Deploying convolutional neural network (CNN) inference on resource-constrained devices remains a remarkable challenge for industrial Internet of Things (IIoT). Although the cloud computing shows great promise in machine learning training and prediction, outsourcing data to remote cloud always incurs privacy risk and high latency. Therefore, we design a new framework for efficient and privacy-preserving CNN inference based on cloud-edge-client collaboration $( m{named} , ext{PCNN}_{ ext{CEC}})$. In $ ext{PCNN}_{ ext{CEC}} $, the model of cloud and the data of client in IIoT are split into two shares and sent to two non-colluded edge servers. By applying the arithmetic secret sharing and pre-computation of beaver's triplets, the two edge servers can jointly calculate the predicting results without learning anything about the model and data. To speed up the pre-computation of offline phase and not sacrifice security, the task of triplets generation is delegated to the cloud, so that the edge servers do not require frequent interactions to generate triplets themselves or introducing additional trusted party. The experimental results show the proposed private comparison protocol achieves a better tradeoff between low latency and high throughput, when it is compared with garbled circuit based protocols and other secret sharing based protocols. Additionally, the benchmarks conducted on realistic MNIST and CIFAR-10 datasets demonstrate that $ ext{PCNN}_{ ext{CEC}} $ costs less communication and runtime than two recently related schemes under the same security level.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Yifan Tian,Jiawei Yuan,Shucheng Yu,Yantian Hou

DOI: https://doi.org/10.48550/arXiv.1901.04100

2019-01-14

Cryptography and Security

Abstract:Supporting convolutional neural network (CNN) inference on resource-constrained IoT devices in a timely manner has been an outstanding challenge for emerging smart systems. To mitigate the burden on IoT devices, the prevailing solution is to offload the CNN inference task, which is usually composed of billions of operations, to public cloud. However, the "offloading-to-cloud" solution may cause privacy breach while moving sensitive data to cloud. For privacy protection, the research community has resorted to advanced cryptographic primitives and approximation techniques to support CNN inference on encrypted data. Consequently, these attempts cause impractical computational overhead on IoT devices and degrade the performance of CNNs. Moreover, relying on the remote cloud can cause additional network latency and even make the system dysfunction when network connection is off. We proposes an extremely lightweight edge device assisted private CNN inference solution for IoT devices, namely LEP-CNN. The main design of LEP-CNN is based on a novel online/offline encryption scheme. The decryption of LEP-CNN is pre-computed offline via utilizing the linear property of the most time-consuming operations of CNNs. As a result, LEP-CNN allows IoT devices to securely offload over 99% CNN operations, and edge devices to execute CNN inference on encrypted data as efficient as on plaintext. LEP-CNN also provides an integrity check option to help IoT devices detect error results with a successful rate over 99%. Experiments on AlexNet show that LEP-CNN can speed up the CNN inference for more than 35 times for resource constrained IoT devices. A homomorphic encryption based AlexNet using CryptoNets is implemented to compare with LEP-CNN to demonstrate that LEP-CNN has a better performance than homomorphic encryption based privacy preserving neural networks under time-sensitive scenarios.

Ziyu Liu,Yukui Luo,Shijin Duan,Tong Zhou,Xiaolin Xu

DOI: https://doi.org/10.48550/arXiv.2311.09489

2023-11-16

Abstract:Deep neural network (DNN) models have become prevalent in edge devices for real-time inference. However, they are vulnerable to model extraction attacks and require protection. Existing defense approaches either fail to fully safeguard model confidentiality or result in significant latency issues. To overcome these challenges, this paper presents MirrorNet, which leverages Trusted Execution Environment (TEE) to enable secure on-device DNN inference. It generates a TEE-friendly implementation for any given DNN model to protect the model confidentiality, while meeting the stringent computation and storage constraints of TEE. The framework consists of two key components: the backbone model (BackboneNet), which is stored in the normal world but achieves lower inference accuracy, and the Companion Partial Monitor (CPM), a lightweight mirrored branch stored in the secure world, preserving model confidentiality. During inference, the CPM monitors the intermediate results from the BackboneNet and rectifies the classification output to achieve higher accuracy. To enhance flexibility, MirrorNet incorporates two modules: the CPM Strategy Generator, which generates various protection strategies, and the Performance Emulator, which estimates the performance of each strategy and selects the most optimal one. Extensive experiments demonstrate the effectiveness of MirrorNet in providing security guarantees while maintaining low computation latency, making MirrorNet a practical and promising solution for secure on-device DNN inference. For the evaluation, MirrorNet can achieve a 18.6% accuracy gap between authenticated and illegal use, while only introducing 0.99% hardware overhead.

Cryptography and Security

Qiushi Li,Ju Ren,Yan Zhang,Chengru Song,Yiqiao Liao,Yaoxue Zhang

DOI: https://doi.org/10.1109/DAC56929.2023.10247964

2023-01-01

Abstract:The embedded software may migrate the collected data to the server for DNN computation acceleration, which may compromise privacy. We propose a DNN computation framework that combines TEE and NNA to address the privacy leakage problem. We design an NNA-friendly encryption method that enables NNA to correctly compute the encrypted linear input. Facing the overhead of TEE-NNA interaction, we design a pipeline-based prefetch mechanism that can reduce the TEE interaction overhead. Experimentally, our approach proves to be compatible with a wide range of NPUs and TPUs, and improves the performance by 8-19 times over the TEE scheme.

Ruoli Zhao,Yong Xie,Debiao He,Kim-Kwang Raymond Choo,Zoe L. Jiang

DOI: https://doi.org/10.1109/tnse.2024.3434643

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Using Convolutional Neural Network (CNN) model to analyze monitoring data in Body Area Network (BAN) has become an important way to solve health related issues in the current large sub-health population and aging population. However, the inference and analysis process of BAN data needs to ensure efficiency and security. At present, ensuring a balance of efficiency and security in the inference of CCN models is challenging. Therefore, an efficient and secure CNN inference scheme is proposed based on two Edge-Cloud-Servers (CS$_{0}$ and CS$_{1}$). By analyzing the CNN model and combining two secret sharing semantics, we optimize the communication overhead of inference. Specifically, a new non-interactive secure convolutional layer computation protocol is designed to significantly reduce the number of interactions between CS$_{0}$ and CS$_{1}$. For non-linear layers, we propose a simpler secure comparison computation functionality to reduce the communication overhead. Moreover, we also design some lightweight secure building blocks based on secret sharing to improve computing efficiency. We implement our proposed scheme on two standard datasets. Through the theoretical analysis and experimental comparison, our scheme improves the computational efficiency.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Rongwu Xu,Zhixuan Fang

2024-01-21

Abstract:Cloud deep learning platforms provide cost-effective deep neural network (DNN) training for customers who lack computation resources. However, cloud systems are often untrustworthy and vulnerable to attackers, leading to growing concerns about model privacy. Recently, researchers have sought to protect data privacy in deep learning by leveraging CPU trusted execution environments (TEEs), which minimize the use of cryptography, but existing works failed to simultaneously utilize the computational resources of GPUs to assist in training and prevent model leakage. This paper presents Tempo, the first cloud-based deep learning system that cooperates with TEE and distributed GPUs for efficient DNN training with model confidentiality preserved. To tackle the challenge of preserving privacy while offloading linear algebraic operations from TEE to GPUs for efficient batch computation, we introduce a customized permutation-based obfuscation algorithm to blind both inputs and model parameters. An optimization mechanism that reduces encryption operations is proposed for faster weight updates during backpropagation to speed up training. We implement Tempo and evaluate it with both training and inference for two prevalent DNNs. Empirical results indicate that Tempo outperforms baselines and offers sufficient privacy protection.

Cryptography and Security,Machine Learning

Chuan Zhang,Chenfei Hu,Tong Wu,Liehuang Zhu,Ximeng Liu

DOI: https://doi.org/10.1109/TDSC.2022.3208706

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The neural network has been widely used to train predictive models for applications such as image processing, disease prediction, and face recognition. To produce more accurate models, powerful third parties (e.g., clouds) are usually employed to collect data from a large number of users, which however may raise concerns about user privacy. In this paper, we propose an Efficient and Privacy-preserving Neural Network scheme, named EPNN, to deal with the privacy issues in cloud-based neural networks. EPNN is designed based on a two-cloud model and techniques of data perturbation and additively homomorphic cryptosystem. This scheme enables two clouds to cooperatively perform neural network training and prediction in a privacy-preserving manner and significantly reduces the computation and communication overhead among participating entities. Through a detailed analysis, we demonstrate the security of EPNN. Extensive experiments based on real-world datasets show EPNN is more efficient than existing schemes in terms of computational costs and communication overhead.

Ziqi Zhang,Chen Gong,Yifeng Cai,Yuanyuan Yuan,Bingyan Liu,Ding Li,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1109/sp54263.2024.00052

2024-01-01

Abstract:On-device ML introduces new security challenges: DNN models become white-box accessible to device users. Based on white-box information, adversaries can conduct effective model stealing (MS) and membership inference attack (MIA). Using Trusted Execution Environments (TEEs) to shield on-device DNN models aims to downgrade (easy) white-box attacks to (harder) black-box attacks. However, one major shortcoming is the sharply increased latency (up to 50X). To accelerate TEE-shield DNN computation with GPUs, researchers proposed several model partition techniques. These solutions, referred to as TEE-Shielded DNN Partition (TSDP), partition a DNN model into two parts, offloading the privacy-insensitive part to the GPU while shielding the privacy-sensitive part within the TEE. This paper benchmarks existing TSDP solutions using both MS and MIA across a variety of DNN models, datasets, and metrics. We show important findings that existing TSDP solutions are vulnerable to privacy-stealing attacks and are not as safe as commonly believed. We also unveil the inherent difficulty in deciding optimal DNN partition configurations (i.e., the highest security with minimal utility cost) for present TSDP solutions. The experiments show that such “sweet spot” configurations vary across datasets and models. Based on lessons harvested from the experiments, we present TEESlice, a novel TSDP method that defends against MS and MIA during DNN inference. TEESlice follows a partition-before-training strategy, which allows for accurate separation between privacy-related weights from public weights. TEESlice delivers the same security protection as shielding the entire DNN model inside TEE (the “upper-bound” security guarantees) with over 10X less overhead (in both experimental and real-world environments) than prior TSDP solutions and no accuracy loss.

Peng Zhang,Zhiyuan Hu,Yu Wang,Liquan Chen

DOI: https://doi.org/10.1109/WCCCT60665.2024.10541346

2024-04-12

Abstract:The utilization of convolutional neural network (CNN) inference models has gained widespread adoption across various domains; however, it raises concerns regarding user privacy and security due to the requirement of plaintext information during the inference process. Homomorphic encryption has been proposed as a viable solution to address CNN’s security issues. Nevertheless, this encryption algorithm encounters certain limitations such as significant ciphertext expansion, restricted nonlinear computing power, and limited number of multiplications, which hinder its application in CNN inference models. In this paper, we present an inference model framework that leverages the single instruction multiple data and ciphertext rotation functions of homomorphic encryption along with the additive secret sharing (ASS) concept to design and transform each network layer of CNN. Our approach effectively mitigates ciphertext expansion rate while enhancing computational efficiency and reducing communication volume without compromising on inference accuracy.

Computer Science

Lucien K. L. Ng,Sherman S. M. Chow,Anna P. Y. Woo,Donald P. H. Wong,Yongjun Zhao

DOI: https://doi.org/10.1609/aaai.v35i17.17746

2021-05-18

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Deep learning unlocks applications with societal impacts, e.g., detecting child exploitation imagery and genomic analysis of rare diseases. Deployment, however, needs compliance with stringent privacy regulations. Training algorithms that preserve the privacy of training data are in pressing need. Purely cryptographic approaches can protect privacy, but they are still costly, even when they rely on two or more non-colluding servers. Seemingly-"trivial" operations in plaintext quickly become prohibitively inefficient when a series of them are "crypto-processed," e.g., (dynamic) quantization for ensuring the intermediate values would not overflow. Slalom, recently proposed by Tramer and Boneh, is the first solution that leverages both GPU (for efficient batch computation) and a trusted execution environment (TEE) (for minimizing the use of cryptography). Roughly, it works by a lot of pre-computation over known and fixed weights, and hence it only supports private inference. Five related problems for private training are left unaddressed. Goten, our privacy-preserving training and prediction framework, tackles all five problems simultaneously via our careful design over the "mismatched" cryptographic and GPU data types (due to the tension between precision and efficiency) and our round-optimal GPU-outsourcing protocol (hence minimizing the communication cost between servers). It 1) stochastically trains a low-bitwidth yet accurate model, 2) supports dynamic quantization (a challenge left by Slalom), 3) minimizes the memory-swapping overhead of the memory-limited TEE and its communication with GPU, 4) crypto-protects the (dynamic) model weight from untrusted GPU, and 5) outperforms a pure-TEE system, even without pre-computation (needed by Slalom). As a baseline, we build CaffeScone that secures Caffe using TEE but not GPU; Goten shows a 6.84x speed-up of the whole VGG-11. Goten also outperforms Falcon proposed by Wagh et al., the latest secure multi-server cryptographic solution, by 132.64x using VGG-11. Lastly, we demonstrate Goten's efficacy in training models for breast cancer diagnosis over sensitive images.

Li Minghui,Chow Sherman S. M.,Hu Shengshan,Yan Yuejing,Du Minxin,Wang Zhibo

2020-01-01

Abstract: Neural networks provide better prediction performance than previous techniques. Prediction-as-a-service thus becomes popular, especially in the outsourced setting since it involves extensive computation. Recent researches focus on the privacy of the query and results, but they do not provide model privacy against the model-hosting server and may leak partial information about the results. Some of them further require frequent interactions with the querier or heavy computation overheads. This paper proposes a new scheme for privacy-preserving neural network prediction in the outsourced setting, i.e., the server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S\&P'17), a representative work which provides model privacy, we leverage two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. Further, we adopt asynchronous computation to improve the throughput, and design garbled circuits for the non-polynomial activation function to keep the same accuracy as the underlying network (instead of approximating it). Our experiments on four neural network architectures show that our scheme achieves an average of 282 times improvements in reducing latency compared to SecureML. Compared to MiniONN (CCS'17) and EzPC (EuroS\&P'19), both without model privacy, our scheme also has 18 times and 10 times lower latency, respectively. For the communication costs, our scheme outperforms SecureML by 122 times, MiniONN by 49 times, and EzPC by 38 times.

Minghui Li,Yuejing Yan,Qian Wang,Minxin Du,Zhan Qin,Cong Wang

DOI: https://doi.org/10.1109/mnet.011.2000293

IF: 10.294

2021-01-01

IEEE Network

Abstract:Neural networks have attracted much attention due to their excellent performance in providing insightful predictions. The trained neural network models usually have millions of parameters requiring massive storage resources, which motivates the model owner to deploy their models to cloud servers for relieving the storage burden. The client can also directly enjoy the prediction service provided by the cloud server. Albeit convenient, untrusted cloud servers may violate the privacy of the model owners and the clients, which hinders the wide applications of such a prediction service. This survey reviews various privacy-preserving neural network prediction services, which protect the privacy of the model and the query. Many protocols are in the basic secure two-party computation (S2C) setting, which protects the secret of the querier and the model owner against the counterparty. Secure outsourcing further protects the privacy of the model against the cloud hosting it for the prediction service. We compare the existing approaches in terms of security, accuracy, and efficiency. We then propose an optimized neural network prediction scheme in the outsourcing setting, which simultaneously achieves high accuracy, model privacy, and low overheads, and conduct an experimental evaluation for computation time and communication costs. Finally, we highlight several future research directions and provide new insights into open problems in strengthening security and improving efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Xueshuo Xie,Haoxu Wang,Zhaolong Jian,Tao Li,Wei Wang,Zhiwei Xu,Guiling Wang

2024-03-19

Abstract:Edge intelligence enables resource-demanding Deep Neural Network (DNN) inference without transferring original data, addressing concerns about data privacy in consumer Internet of Things (IoT) devices. For privacy-sensitive applications, deploying models in hardware-isolated trusted execution environments (TEEs) becomes essential. However, the limited secure memory in TEEs poses challenges for deploying DNN inference, and alternative techniques like model partitioning and offloading introduce performance degradation and security issues. In this paper, we present a novel approach for advanced model deployment in TrustZone that ensures comprehensive privacy preservation during model inference. We design a memory-efficient management method to support memory-demanding inference in TEEs. By adjusting the memory priority, we effectively mitigate memory leakage risks and memory overlap conflicts, resulting in 32 lines of code alterations in the trusted operating system. Additionally, we leverage two tiny libraries: S-Tinylib (2,538 LoCs), a tiny deep learning library, and Tinylibm (827 LoCs), a tiny math library, to support efficient inference in TEEs. We implemented a prototype on Raspberry Pi 3B+ and evaluated it using three well-known lightweight DNN models. The experimental results demonstrate that our design significantly improves inference speed by 3.13 times and reduces power consumption by over 66.5% compared to non-memory optimization method in TEEs.

Cryptography and Security,Artificial Intelligence

Lingwei Xu,Xinpeng Zhou,Ye Tao,Lei Liu,Xu Yu,Neeraj Kumar

DOI: https://doi.org/10.1109/tii.2021.3082907

IF: 12.3

2022-03-01

IEEE Transactions on Industrial Informatics

Abstract:The global healthcare industry and artificial intelligence have promoted the development of the diversified intelligent healthcare applications. Internet of Things (IoT) will play an important role in meeting the high throughput requirements of diversified intelligent healthcare applications. However, the mobile IoT-enabled healthcare networks are diverse and open, the healthcare big data transmission is vulnerable to a potential attack, which can cause network outages and serious healthcare security issues. To process the complex healthcare security event in real time, security performance prediction is critical for mobile IoT-enabled healthcare networks. In this article, we first analyze the security performance, and derive the novel expressions for the security performance in a closed form. Then, to analyze the security performance in real time, a security performance intelligent prediction algorithm is proposed. An improved convolutional neural network (CNN) model is designed, which combines the four-layer convolution and a four-branch inception block, and can adopt different convolution kernels in the same layer. The four-branch inception block can increase the width of the CNN while reducing the parameters. The improved CNN model can not only increases the width of the CNN, extract different sizes of healthcare data features, but also increases the adaptability to the nonlinear healthcare big data. Compared with different methods, the proposed intelligent algorithm can obtain better security performance prediction. In particular, for prediction precision, the proposed intelligent algorithm is increased by 20%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jun Zhou,Longfei Zheng,Chaochao Chen,Yan Wang,Xiaolin Zheng,Bingzhe Wu,Cen Chen,Li Wang,Jianwei Yin

DOI: https://doi.org/10.1145/3501809

IF: 5

2022-01-01

ACM Transactions on Intelligent Systems and Technology

Abstract:Deep Neural Networks (DNNs) have achieved remarkable progress in various real-world applications, especially when abundant training data are provided. However, data isolation has become a serious problem currently. Existing works build privacy-preserving DNN models from either algorithmic perspective or cryptographic perspective. The former mainly splits the DNN computation graph between data holders or between data holders and server, which demonstrates good scalability but suffers from accuracy loss and potential privacy risks. In contrast, the latter leverages time-consuming cryptographic techniques, which has strong privacy guarantee but poor scalability. In this article, we propose SPNN-a Scalable and Privacy-preserving deep Neural Network learning framework, from an algorithmic-cryptographic co-perspective. From algorithmic perspective, we split the computation graph of DNN models into two parts, i.e., the private-data-related computations that are performed by data holders and the rest heavy computations that are delegated to a semi-honest server with high computation ability. From cryptographic perspective, we propose using two types of cryptographic techniques, i.e., secret sharing and homomorphic encryption, for the isolated data holders to conduct private-data-related computations privately and cooperatively. Furthermore, we implement SPNN in a decentralized setting and introduce user-friendly APIs. Experimental results conducted on real-world datasets demonstrate the superiority of our proposed SPNN.