Enabling Inference Privacy with Adaptive Noise Injection

by   Sanjay Kariyappa, et al.

User-facing software services are becoming increasingly reliant on remote servers to host Deep Neural Network (DNN) models, which perform inference tasks for the clients. Such services require the client to send input data to the service provider, who processes it using a DNN and returns the output predictions to the client. Due to the rich nature of the inputs such as images and speech, the input often contains more information than what is necessary to perform the primary inference task. Consequently, in addition to the primary inference task, a malicious service provider could infer secondary (sensitive) attributes from the input, compromising the client's privacy. The goal of our work is to improve inference privacy by injecting noise to the input to hide the irrelevant features that are not conducive to the primary classification task. To this end, we propose Adaptive Noise Injection (ANI), which uses a light-weight DNN on the client-side to inject noise to each input, before transmitting it to the service provider to perform inference. Our key insight is that by customizing the noise to each input, we can achieve state-of-the-art trade-off between utility and privacy (up to 48.5 sensitive-task accuracy with <1 significantly outperforming existing noise injection schemes. Our method does not require prior knowledge of the sensitive attributes and incurs minimal computational overheads.


Shredder: Learning Noise to Protect Privacy with Partial DNN Inference on the Edge

A wide variety of DNN applications increasingly rely on the cloud to per...

XONN: XNOR-based Oblivious Deep Neural Network Inference

Advancements in deep learning enable cloud servers to provide inference-...

Partial Weight Adaptation for Robust DNN Inference

Mainstream video analytics uses a pre-trained DNN model with an assumpti...

A Diffractive Neural Network with Weight-Noise-Injection Training

We propose a diffractive neural network with strong robustness based on ...

Data-driven control on encrypted data

We provide an efficient and private solution to the problem of encryptio...

Privacy-Aware Data Cleaning-as-a-Service (Extended Version)

Data cleaning is a pervasive problem for organizations as they try to re...

CheapET-3: Cost-Efficient Use of Remote DNN Models

On complex problems, state of the art prediction accuracy of Deep Neural...

Please sign up or login with your details

Forgot password? Click here to reset