Secure and verifiable inference in deep neural networks

Secure and verifiable inference in deep neural networks

Outsourced inference service has enormously promoted the popularity of deep learning, and helped users to customize a range of personalized applications. However, it also entails a variety of security and privacy issues brought by untrusted service providers. Particularly, a malicious adversary may...

Full description

Saved in:
Bibliographic Details
Main Authors: XU, Guowen, LI, Hongwei, REN, Hao, SUN, Jianfei, XU, Shengmin, NING, Jianting, YANG, Haoming, YANG, Kan, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
Deep learning
Privacy protection
Variable inference
Network security
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/5910
https://ink.library.smu.edu.sg/context/sis_research/article/6913/viewcontent/3427228.3427232.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:Outsourced inference service has enormously promoted the popularity of deep learning, and helped users to customize a range of personalized applications. However, it also entails a variety of security and privacy issues brought by untrusted service providers. Particularly, a malicious adversary may violate user privacy during the inference process, or worse, return incorrect results to the client through compromising the integrity of the outsourced model. To address these problems, we propose SecureDL to protect the model’s integrity and user’s privacy in Deep Neural Networks (DNNs) inference process. In SecureDL, we first transform complicated non-linear activation functions of DNNs to low-degree polynomials. Then, we give a novel method to generate sensitive-samples, which can verify the integrity of a model’s parameters outsourced to the server with high accuracy. Finally, We exploit Leveled Homomorphic Encryption (LHE) to achieve the privacy-preserving inference. We shown that our sensitive-samples are indeed very sensitive to model changes, such that even a small change in parameters can be reflected in the model outputs. Based on the experiments conducted on real data and different types of attacks, we demonstrate the superior performance of SecureDL in terms of detection accuracy, inference accuracy, computation, and communication overheads.

Similar Items