PrivEdge: From Local to Distributed Private Training and Prediction
- URL: http://arxiv.org/abs/2004.05574v1
- Date: Sun, 12 Apr 2020 09:26:12 GMT
- Title: PrivEdge: From Local to Distributed Private Training and Prediction
- Authors: Ali Shahin Shamsabadi, Adria Gascon, Hamed Haddadi and Andrea
Cavallaro
- Abstract summary: PrivEdge is a technique for privacy-preserving Machine Learning (ML)
PrivEdge safeguards the privacy of users who provide their data for training, as well as users who use the prediction service.
We show that PrivEdge has high precision and recall in preserving privacy, as well as in distinguishing between private and non-private images.
- Score: 43.02041269239928
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Machine Learning as a Service (MLaaS) operators provide model training and
prediction on the cloud. MLaaS applications often rely on centralised
collection and aggregation of user data, which could lead to significant
privacy concerns when dealing with sensitive personal data. To address this
problem, we propose PrivEdge, a technique for privacy-preserving MLaaS that
safeguards the privacy of users who provide their data for training, as well as
users who use the prediction service. With PrivEdge, each user independently
uses their private data to locally train a one-class reconstructive adversarial
network that succinctly represents their training data. As sending the model
parameters to the service provider in the clear would reveal private
information, PrivEdge secret-shares the parameters among two non-colluding
MLaaS providers, to then provide cryptographically private prediction services
through secure multi-party computation techniques. We quantify the benefits of
PrivEdge and compare its performance with state-of-the-art centralised
architectures on three privacy-sensitive image-based tasks: individual
identification, writer identification, and handwritten letter recognition.
Experimental results show that PrivEdge has high precision and recall in
preserving privacy, as well as in distinguishing between private and
non-private images. Moreover, we show the robustness of PrivEdge to image
compression and biased training data. The source code is available at
https://github.com/smartcameras/PrivEdge.
Related papers
- PrivacyRestore: Privacy-Preserving Inference in Large Language Models via Privacy Removal and Restoration [18.67432819687349]
We propose PrivacyRestore to protect the privacy of user inputs during Large Language Models inference.
PrivacyRestore directly removes privacy spans in user inputs and restores privacy information via activation steering during inference.
Experiments show that PrivacyRestore can protect private information while maintaining acceptable levels of performance and inference efficiency.
arXiv Detail & Related papers (2024-06-03T14:57:39Z) - Differentially Private Model-Based Offline Reinforcement Learning [51.1231068185106]
We introduce DP-MORL, an algorithm coming with differential privacy guarantees.
A private model of the environment is first learned from offline data.
We then use model-based policy optimization to derive a policy from the private model.
arXiv Detail & Related papers (2024-02-08T10:05:11Z) - DP-OPT: Make Large Language Model Your Privacy-Preserving Prompt Engineer [57.04801796205638]
Large Language Models (LLMs) have emerged as dominant tools for various tasks.
However, concerns surrounding data privacy present obstacles due to the tuned prompts' dependency on sensitive private information.
We present Differentially-Private Offsite Prompt Tuning (DP-OPT) to address this challenge.
arXiv Detail & Related papers (2023-11-27T02:01:10Z) - Privacy Preserving Large Language Models: ChatGPT Case Study Based Vision and Framework [6.828884629694705]
This article proposes the conceptual model called PrivChatGPT, a privacy-generative model for LLMs.
PrivChatGPT consists of two main components i.e., preserving user privacy during the data curation/pre-processing together with preserving private context and the private training process for large-scale data.
arXiv Detail & Related papers (2023-10-19T06:55:13Z) - Unlocking Accuracy and Fairness in Differentially Private Image
Classification [43.53494043189235]
Differential privacy (DP) is considered the gold standard framework for privacy-preserving training.
We show that pre-trained foundation models fine-tuned with DP can achieve similar accuracy to non-private classifiers.
arXiv Detail & Related papers (2023-08-21T17:42:33Z) - Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining [75.25943383604266]
We question whether the use of large Web-scraped datasets should be viewed as differential-privacy-preserving.
We caution that publicizing these models pretrained on Web data as "private" could lead to harm and erode the public's trust in differential privacy as a meaningful definition of privacy.
We conclude by discussing potential paths forward for the field of private learning, as public pretraining becomes more popular and powerful.
arXiv Detail & Related papers (2022-12-13T10:41:12Z) - Mixed Differential Privacy in Computer Vision [133.68363478737058]
AdaMix is an adaptive differentially private algorithm for training deep neural network classifiers using both private and public image data.
A few-shot or even zero-shot learning baseline that ignores private data can outperform fine-tuning on a large private dataset.
arXiv Detail & Related papers (2022-03-22T06:15:43Z) - Personalized PATE: Differential Privacy for Machine Learning with
Individual Privacy Guarantees [1.2691047660244335]
We propose three novel methods to support training an ML model with different personalized privacy guarantees within the training data.
Our experiments show that our personalized privacy methods yield higher accuracy models than the non-personalized baseline.
arXiv Detail & Related papers (2022-02-21T20:16:27Z) - Federated $f$-Differential Privacy [19.499120576896228]
Federated learning (FL) is a training paradigm where the clients collaboratively learn models by repeatedly sharing information.
We introduce federated $f$-differential privacy, a new notion specifically tailored to the federated setting.
We then propose a generic private federated learning framework PriFedSync that accommodates a large family of state-of-the-art FL algorithms.
arXiv Detail & Related papers (2021-02-22T16:28:21Z) - TIPRDC: Task-Independent Privacy-Respecting Data Crowdsourcing Framework
for Deep Learning with Anonymized Intermediate Representations [49.20701800683092]
We present TIPRDC, a task-independent privacy-respecting data crowdsourcing framework with anonymized intermediate representation.
The goal of this framework is to learn a feature extractor that can hide the privacy information from the intermediate representations; while maximally retaining the original information embedded in the raw data for the data collector to accomplish unknown learning tasks.
arXiv Detail & Related papers (2020-05-23T06:21:26Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.