Andy Wang,Chen Wang,Meng Bi,Jian Xu

DOI: https://doi.org/10.1007/978-3-030-00015-8_58

2018-01-01

Abstract:Machine Learning (ML) Classification has already become one of the most commonly used techniques in many areas such as banking, medicine, spam detection and data mining applications. Often, the training of models require massive data which may contain sensitive information and the classification phase may expose the train models and the inputs from the users. Neither the models nor the train datasets and inputs should expose private information. Addressing this goal, several schemes have been proposed for privacy preserving classification. In this paper, we review those privacy preserving techiniques which applied for different machine learning classification algorithms. These algorithms conclude k-NN, SVM, Bayesian, neural networks, decision tree and etc. we sum up the comparison protocols. Finally, this work comes up with some correlative problems which are worthy to study in the future.

Runhua Xu,Nathalie Baracaldo,James Joshi

DOI: https://doi.org/10.48550/arXiv.2108.04417

IF: 5.414

2021-08-10

Machine Learning

Abstract:Machine learning (ML) is increasingly being adopted in a wide variety of application domains. Usually, a well-performing ML model relies on a large volume of training data and high-powered computational resources. Such a need for and the use of huge volumes of data raise serious privacy concerns because of the potential risks of leakage of highly privacy-sensitive information; further, the evolving regulatory environments that increasingly restrict access to and use of privacy-sensitive data add significant challenges to fully benefiting from the power of ML for data-driven applications. A trained ML model may also be vulnerable to adversarial attacks such as membership, attribute, or property inference attacks and model inversion attacks. Hence, well-designed privacy-preserving ML (PPML) solutions are critically needed for many emerging applications. Increasingly, significant research efforts from both academia and industry can be seen in PPML areas that aim toward integrating privacy-preserving techniques into ML pipeline or specific algorithms, or designing various PPML architectures. In particular, existing PPML research cross-cut ML, systems and applications design, as well as security and privacy areas; hence, there is a critical need to understand state-of-the-art research, related challenges and a research roadmap for future research in PPML area. In this paper, we systematically review and summarize existing privacy-preserving approaches and propose a Phase, Guarantee, and Utility (PGU) triad based model to understand and guide the evaluation of various PPML solutions by decomposing their privacy-preserving functionalities. We discuss the unique characteristics and challenges of PPML and outline possible research directions that leverage as well as benefit multiple research communities such as ML, distributed systems, security and privacy.

Alejandro Guerra-Manzanares,L. Julian Lechuga Lopez,Michail Maniatakos,Farah E. Shamout

DOI: https://doi.org/10.1007/978-3-031-39539-0_3

2023-03-28

Abstract:Machine Learning (ML) has recently shown tremendous success in modeling various healthcare prediction tasks, ranging from disease diagnosis and prognosis to patient treatment. Due to the sensitive nature of medical data, privacy must be considered along the entire ML pipeline, from model training to inference. In this paper, we conduct a review of recent literature concerning Privacy-Preserving Machine Learning (PPML) for healthcare. We primarily focus on privacy-preserving training and inference-as-a-service, and perform a comprehensive review of existing trends, identify challenges, and discuss opportunities for future research directions. The aim of this review is to guide the development of private and efficient ML models in healthcare, with the prospects of translating research efforts into real-world settings.

Machine Learning,Cryptography and Security

Jiang Han,Liu Yiran,Song Xiangfu,Wang Hao,Zheng Zhihua,Xu Qiuliang

DOI: https://doi.org/10.11999/jeit190887

2020-01-01

Abstract:The characteristics of the new generation of artificial intelligence technology are shown as follows: with the help of GPU computing, cloud computing and other high-performance distributed computing capabilities, machine learning algorithms represented by deep learning algorithms are used for learning and training on big data to simulate, extend and expand human intelligence. Different data sources and computing physical locations make the current machine learning face serious privacy leakage problem, so the Privacy Protection of Machine (PPM) Learning has become a widely concerned research area. Using cryptography technology to solve the problem of privacy in machine learning is an important technology to protect the privacy of machine learning. Cryptographic tools used in privacy-preserving machine learning are introduced, such as general Secure Multi-Party Computing (SMPC), privacy protection set operation and Homomorphic Encryption (HE), describes the status and developments applying the tools to solving the problems of privacy protection in various stages of machine learning, such as data processing, model training, model testing, and data prediction.

Chaoyu Zhang

2024-02-26

Abstract:This paper examines the evolving landscape of machine learning (ML) and its profound impact across various sectors, with a special focus on the emerging field of Privacy-preserving Machine Learning (PPML). As ML applications become increasingly integral to industries like telecommunications, financial technology, and surveillance, they raise significant privacy concerns, necessitating the development of PPML strategies. The paper highlights the unique challenges in safeguarding privacy within ML frameworks, which stem from the diverse capabilities of potential adversaries, including their ability to infer sensitive information from model outputs or training data.

Cryptography and Security,Artificial Intelligence

K. Meenakshi,G. Maragatham

DOI: https://doi.org/10.1007/978-3-030-32150-5_109

2019-11-07

Abstract:Machine learning is the powerful techniques in computing and Linguistics Science. It is broadly applied in various domains such as computer vision, pattern recognition, image processing, network security and Natural language processing. Machine learning (ML) techniques have generated huge social impacts in a variety of applications such as malware detection, spam detection and health care. It is also more sensitive towards security attack. In supervised learning algorithm Machine Learning Models mainly depend upon the large input datasets, called training data and testing data. The slight modifications in the input data will affect the model performance to a greater extent. Many research works have been carried out by analysing various security threats against ML algorithms such as Naïve Bayes Algorithm, Decision tree, Support Vector Machine and Artificial Deep Neural Networks. In this paper, we have explained taxonomy of security threats happened in training and testing stage of learning. Finally we have presented various defending techniques, counter measures which are used in training and testing phases, few security policies to prevent adversarial attacks and make a robust Machine Learning model.

Muhammad Tayyab,Mohsen Marjani,N.Z. Jhanjhi,Ibrahim Abaker Targio Hashem,Raja Sher Afgun Usmani,Faizan Qamar

DOI: https://doi.org/10.1016/j.cose.2023.103297

2023-05-20

Abstract:Machine Learning (ML) algorithms are used to train the machines to perform various complicated tasks that begin to modify and improve with experiences. It has become widely used for automated decisions. In particular, the applications which have a profound impact on society that rely on Deep Learning (DL) for autonomous decisions, such as Patient Health Record (PHR), Unmanned Aerial Vehicles (UAVs), etc. Such impacts have a vital concern about the potential vulnerabilities introduced by DL. Traditional attackers have powerful motives that can alter and modify DL algorithms to subvert the outcomes. In poisoning attacks, an attacker can consciously change training dataset, which is used to operate the outcomes of decision-based model. While in privacy and evasion attacks, an adversary can also misclassify new datasets to infer private information. Therefore, in this paper, we have provided a review of security and privacy issues of DL algorithms and analyzed their applications and challenges based on state-of-the-art literature. We have classified attacks, devised a taxonomy, and comprehensive analysis of defense techniques for the most common attacks such as poisoning, evasion, model extraction, and model inversion. We have also presented various privacy preserving techniques to ensure the privacy of dataset. We have proposed a secure cryptographic framework for dataset based on hash functions and Homomorphic Encryption (HE) scheme. Finally, we have provided recent research challenges and future studies concerning security and privacy issues. We believed that the highlighted limitations and weaknesses provide possible research questions and open matters for designing efficient future DL algorithms.

computer science, information systems

Harry Chandra Tanuwidjaja,Rakyong Choi,Seunggeun Baek,Kwangjo Kim

DOI: https://doi.org/10.1109/access.2020.3023084

IF: 3.9

2020-01-01

IEEE Access

Abstract:The exponential growth of big data and deep learning has increased the data exchange traffic in society. Machine Learning as a Service, (MLaaS) which leverages deep learning techniques for predictive analytics to enhance decision-making, has become a hot commodity. However, the adoption of MLaaS introduces data privacy challenges for data owners and security challenges for deep learning model owners. Data owners are concerned about the safety and privacy of their data on MLaaS platforms, while MLaaS platform owners worry that their models could be stolen by adversaries who pose as clients. Consequently, Privacy-Preserving Deep Learning (PPDL) arises as a possible solution to this problem. Recently, several papers about PPDL for MLaaS have been published. However, to the best of our knowledge, no previous paper has summarized the existing literature on PPDL and its specific applicability to the MLaaS environment. In this paper, we present a comprehensive survey of privacy-preserving techniques, starting from classical privacy-preserving techniques to well-known deep learning techniques. Additionally, we present a detailed description of PPDL and address the issue of using PPDL for MLaaS. Furthermore, we undertake detailed comparisons between state-of-the-art PPDL methods. Subsequently, we classify an adversarial model on PPDL by highlighting possible PPDL attacks and their potential solutions. Ultimately, our paper serves as a single point of reference for detailed knowledge on PPDL and its applicability to MLaaS environments for both new and experienced researchers.

Tanveer Khan,Mindaugas Budzys,Khoa Nguyen,Antonis Michalas

DOI: https://doi.org/10.56553/popets-2024-0072

2024-07-01

Proceedings on Privacy Enhancing Technologies

Abstract:Machine Learning (ML), addresses a multitude of complex issues in multiple disciplines, including social sciences, finance, and medical research. ML models require substantial computing power and are only as powerful as the data utilized. Due to the high computational cost of ML methods, data scientists frequently use Machine Learning-as-a-Service (MLaaS) to outsource computation to external servers. However, when working with private information, like financial data or health records, outsourcing the computation might result in privacy issues. Recent advances in Privacy-Preserving Techniques (PPTs) have enabled ML training and inference over protected data through the use of Privacy-Preserving Machine Learning (PPML). However, these techniques are still at a preliminary stage and their application in real-world situations is demanding. In order to comprehend the discrepancy between theoretical research suggestions and actual applications, this work examines the past and present of PPML, focusing on Homomorphic Encryption (HE) and Secure Multi-party Computation (SMPC) applied to ML. This work primarily focuses on the ML model's training phase, where maintaining user data privacy is of utmost importance. We provide a solid theoretical background that eases the understanding of current approaches and their limitations. We also provide some preliminaries of SMPC, HE, and ML. In addition, we present a systemization of knowledge of the most recent PPML frameworks for model training and provide a comprehensive comparison in terms of the unique properties and performances on standard benchmarks. Also, we reproduce the results for some of the surveyed papers and examine at what level existing works in the field provide support for open science. We believe our work serves as a valuable contribution by raising awareness about the current gap between theoretical advancements and real-world applications in PPML, specifically regarding open-source availability, reproducibility, and usability.

Tanveer Khan,Mindaugas Budzys,Khoa Nguyen,Antonis Michalas

2024-03-06

Abstract:Machine Learning (ML), addresses a multitude of complex issues in multiple disciplines, including social sciences, finance, and medical research. ML models require substantial computing power and are only as powerful as the data utilized. Due to high computational cost of ML methods, data scientists frequently use Machine Learning-as-a-Service (MLaaS) to outsource computation to external servers. However, when working with private information, like financial data or health records, outsourcing the computation might result in privacy issues. Recent advances in Privacy-Preserving Techniques (PPTs) have enabled ML training and inference over protected data through the use of Privacy-Preserving Machine Learning (PPML). However, these techniques are still at a preliminary stage and their application in real-world situations is demanding. In order to comprehend discrepancy between theoretical research suggestions and actual applications, this work examines the past and present of PPML, focusing on Homomorphic Encryption (HE) and Secure Multi-party Computation (SMPC) applied to ML. This work primarily focuses on the ML model's training phase, where maintaining user data privacy is of utmost importance. We provide a solid theoretical background that eases the understanding of current approaches and their limitations. In addition, we present a SoK of the most recent PPML frameworks for model training and provide a comprehensive comparison in terms of the unique properties and performances on standard benchmarks. Also, we reproduce the results for some of the papers and examine at what level existing works in the field provide support for open science. We believe our work serves as a valuable contribution by raising awareness about the current gap between theoretical advancements and real-world applications in PPML, specifically regarding open-source availability, reproducibility, and usability.

Cryptography and Security,Artificial Intelligence

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Mohammad Al-Rubaie,J. Morris Chang

DOI: https://doi.org/10.48550/arXiv.1804.11238

2018-03-27

Abstract:For privacy concerns to be addressed adequately in current machine learning systems, the knowledge gap between the machine learning and privacy communities must be bridged. This article aims to provide an introduction to the intersection of both fields with special emphasis on the techniques used to protect the data.

Cryptography and Security,Machine Learning

Ishu Gupta,Rishabh Gupta,Ashutosh Kumar Singh,Rajkumar Buyya

DOI: https://doi.org/10.1109/jsyst.2020.3035666

IF: 4.802

2021-09-01

IEEE Systems Journal

Abstract:The organizational valuable data needs to be shared with multiple parties and stakeholders in a cloud environment for storage, analysis, and data utilization. However, to ensure the security, preserve privacy while sharing the data effectively among various parties have become formidable challenges. In this article, by utilizing encryption, machine learning, and probabilistic approaches, we propose a novel model that supports multiple participants to securely share their data for distinct purposes. The model defines the access policy and communication protocol among the involved multiple untrusted parties to process the owners' data. The proposed model minimizes the risk associated with the leakage by providing a robust mechanism for prevention coupled with detection. The experimental results demonstrate the efficiency of the proposed model for different classifiers over various datasets. The proposed model ensures high accuracy and precision up to 97% and 100% relatively and secures a significant improvement up to 0.01%, 103%, 151%, 87%, 96%, 43%, and 186% for average probability, average success rate, detection rate, accuracy, precision, recall, and specificity, respectively, compared to the prior works that prove its effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Xueyun Li,Zheng Yan,Peng Zhang

DOI: https://doi.org/10.1109/cit.2014.135

2014-01-01

Abstract:Data mining has been widely studied and applied into many fields such as Internet of Things (IoT) and business development. However, data mining techniques also occur serious challenges due to increased sensitive information disclosure and privacy violation. Privacy-Preserving Data Mining (PPDM), as an important branch of data mining and an interesting topic in privacy preservation, has gained special attention in recent years. In addition to extracting useful information and revealing patterns from large amounts of data, PPDM also protects private and sensitive data from disclosure without the permission of data owners or providers. This paper reviews main PPDM techniques based on a PPDM framework. We compare the advantages and disadvantages of different PPDM techniques and discuss open issues and future research trends in PPDM.

Chengkun Wei,Minghu Zhao,Zhikun Zhang,Min Chen,Wenlong Meng,Bo Liu,Yuan Fan,Wenzhi Chen

DOI: https://doi.org/10.1145/3576915.3616593

2023-01-01

Abstract:Differential privacy (DP), as a rigorous mathematical definition quantifying privacy leakage, has become a well-accepted standard for privacy protection. Combined with powerful machine learning (ML) techniques, differentially private machine learning (DPML) is increasingly important. As the most classic DPML algorithm, DP-SGD incurs a significant loss of utility, which hinders DPML's deployment in practice. Many studies have recently proposed improved algorithms based on DP-SGD to mitigate utility loss. However, these studies are isolated and cannot comprehensively measure the performance of improvements proposed in algorithms. More importantly, there is a lack of comprehensive research to compare improvements in these DPML algorithms across utility, defensive capabilities, and generalizability. We fill this gap by performing a holistic measurement of improved DPML algorithms on utility and defense capability against membership inference attacks (MIAs) on image classification tasks. We first present a taxonomy of where improvements are located in the ML life cycle. Based on our taxonomy, we jointly perform an extensive measurement study of the improved DPML algorithms, over twelve algorithms, four model architectures, four datasets, two attacks, and various privacy budget configurations. We also cover state-of-the-art label differential privacy (Label DP) algorithms in the evaluation. According to our empirical results, DP can effectively defend against MIAs, and sensitivity-bounding techniques such as per-sample gradient clipping play an important role in defense. We also explore some improvements that can maintain model utility and defend against MIAs more effectively. Experiments show that Label DP algorithms achieve less utility loss but are fragile to MIAs. ML practitioners may benefit from these evaluations to select appropriate algorithms. To support our evaluation, we implement a modular re-usable software, DPMLBench,(1) which enables sensitive data owners to deploy DPML algorithms and serves as a benchmark tool for researchers and practitioners.

Shaik Khaleel Ahamed,Neerav Nishant,Ayyakkannu Selvaraj,Nisarg Gandhewar,Srithar A,K.K.Baseer

DOI: https://doi.org/10.58414/scientifictemper.2023.14.4.37

2023-12-31

Abstract:Privacy-Preserving Machine Learning (PPML) is a pivotal paradigm in healthcare research, offering innovative solutions to the challenges of data sharing and privacy preservation. In the context of Federated Learning, this paper investigates the implementation of PPML for healthcare data sharing, focusing on the dynamic nature of data collection, sample sizes, data modalities, patient demographics, and comorbidity indices. The results reveal substantial variations in sample sizes across substudies, underscoring the need to align data collection with research objectives and available resources. The distribution of measures demonstrates a balanced approach to healthcare data modalities, ensuring data fairness and equity. The interplay between average age and sample size highlights the significance of tailored privacy-preserving strategies. The comorbidity index distribution provides insights into the health status of the studied population and aids in personalized healthcare. Additionally, the fluctuation of sample sizes over substudies emphasizes the adaptability of privacy-preserving machine learning models in diverse healthcare research scenarios. Overall, this investigation contributes to the evolving landscape of healthcare data sharing by addressing the challenges of data heterogeneity, regulatory compliance, and collaborative model development. The findings empower researchers and healthcare professionals to strike a balance between data utility and privacy preservation, ultimately advancing the field of privacy-preserving machine learning in healthcare research.

Vankamamidi S. Naresh,Muthusamy Thamarai

DOI: https://doi.org/10.1002/widm.1490

2023-01-25

Abstract:Data mining (DM) and machine learning (ML) applications in medical diagnostic systems are budding. Data privacy is extremely essential in these systems as healthcare data are highly sensitive. The proposed work first discusses various privacy and security challenges in these systems. To address these next, we discussed different privacy‐preserving (PP) computation techniques in the context of DM and ML for secure data evaluation and processing. The state‐of‐the‐art applications of these systems in healthcare are analyzed at various stages such as data collection, data publication, data distribution, and output phases regarding PPDM, and input, model, training, and output phases in the context of PPML. Furthermore, PP federated learning is also discussed. Data mining (DM) and machine learning (ML) applications in medical diagnostic systems are budding. Data privacy is essential in these systems as healthcare data are highly sensitive. The proposed work first discusses various privacy and security challenges in these systems. To address these next, we discuss different privacy‐preserving (PP) computation techniques in the context of DM and ML for secure data evaluation and processing. The state‐of‐the‐art applications of these systems in healthcare are analyzed at various stages such as data collection, data publication, data distribution, and output phases regarding PPDM and input, model, training, and output phases in the context of PPML. Furthermore, PP federated learning is also discussed. Finally, we present open challenges in these systems and future research directions. This article is categorized under: Application Areas > Health Care Technologies > Machine Learning Commercial, Legal, and Ethical Issues > Security and Privacy

computer science, artificial intelligence, theory & methods

Tianpei Lu,Bingsheng Zhang,Lichun Li,Kui Ren

2024-11-14

Abstract:With the increasing emphasis on privacy regulations, such as GDPR, protecting individual privacy and ensuring compliance have become critical concerns for both individuals and organizations. Privacy-preserving machine learning (PPML) is an innovative approach that allows for secure data analysis while safeguarding sensitive information. It enables organizations to extract valuable insights from data without compromising privacy. Secure multi-party computation (MPC) is a key tool in PPML, as it allows multiple parties to jointly compute functions without revealing their private inputs, making it essential in multi-server environments. We address the performance overhead of existing maliciously secure protocols, particularly in finite rings like $\mathbb{Z}_{2^\ell}$, by introducing an efficient protocol for secure linear function evaluation. We implement our maliciously secure MPC protocol on GPUs, significantly improving its efficiency and scalability. We extend the protocol to handle linear and non-linear layers, ensuring compatibility with a wide range of machine-learning models. Finally, we comprehensively evaluate machine learning models by integrating our protocol into the workflow, enabling secure and efficient inference across simple and complex models, such as convolutional neural networks (CNNs).

Cryptography and Security

Qiao Zhang,Tao Xiang,Yifei Cai,Zhichao Zhao,Ning Wang,Hongyi Wu

DOI: https://doi.org/10.1109/mnet.127.2200342

IF: 10.294

2023-01-01

IEEE Network

Abstract:Privacy-preserving machine learning as a service (PP-MLaaS) can achieve the secure model computation towards the client's private input through a series of privacy-preserving operations. However, existing PP-MLaaS schemes are suffering from low computational efficiency thwarting their application in real-world scenarios. To mitigate this issue, this article seeks to identify the main algorithmic problems biting computation efficiency and present possible enablers to accelerate the process of secure model computation. The investigation consists of four hierarchical parts. In the first part, existing PP-MLaaS frameworks are reviewed, and the problem statement is discussed in the next part, in which the possible issues that lead to inefficient computation are illustrated from computational logic and computational model, respectively. In the third part, we investigate two potential strategies to improve the calculation efficiency of privacy-preserving neural computing, involving the optimization of cost hierarchy in the calculation process and the crypto-friendly pruning in the neural computation model. Research directions and open topics for efficient PP-MLaaS are discussed in the last part, including rotation-free, neural architecture searching, hardware-aware, and nonlinearity-efficient PPMLaaS.

Soumia Zohra El Mestari,Gabriele Lenzini,Huseyin Demirci

DOI: https://doi.org/10.1016/j.cose.2023.103605

IF: 5.105

2023-11-01

Computers & Security

Abstract:The wide adoption of Machine Learning to solve a large set of real-life problems came with the need to collect and process large volumes of data, some of which are considered personal and sensitive, raising serious concerns about data protection. Privacy-enhancing technologies (PETs) are often indicated as a solution to protect personal data and to achieve a general trustworthiness as required by current EU regulations on data protection and AI. However, an off-the-shelf application of PETs is insufficient to ensure a high-quality of data protection, which one needs to understand. This work systematically discusses the risks against data protection in modern Machine Learning systems taking the original perspective of the data owners, who are those who hold the various data sets, data models, or both, throughout the machine learning life cycle and considering the different Machine Learning architectures. It argues that the origin of the threats, the risks against the data, and the level of protection offered by PETs depend on the data processing phase, the role of the parties involved, and the architecture where the machine learning systems are deployed. By offering a framework in which to discuss privacy and confidentiality risks for data owners and by identifying and assessing privacy-preserving countermeasures for machine learning, this work could facilitate the discussion about compliance with EU regulations and directives. We discuss current challenges and research questions that are still unsolved in the field. In this respect, this paper provides researchers and developers working on machine learning with a comprehensive body of knowledge to let them advance in the science of data protection in machine learning field as well as in closely related fields such as Artificial Intelligence.

computer science, information systems