Privacy-preserving Machine Learning as a Service

Hesamifard, Ehsan; Takabi, Hassan; Ghasemi, Mehdi; Wright, Rebecca N.

doi:10.1515/popets-2018-0024

Cited by 189 publications

(115 citation statements)

References 29 publications

Supporting

Mentioning

107

Contrasting

Order By: Relevance

“…The CryptoDL framework [121,122], implemented using HElib [72], approximates both the tanh and sigmoid functions with Chebyshev polynomials [122]. Rather than directly approximating ReLU, the authors approximate its derivative, and calculate its antiderivative for use as an activation function.…”

Section: Private Deep Learningmentioning

confidence: 99%

Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics

2020

View full text Add to dashboard Cite

Machine learning and statistical techniques are powerful tools for analyzing large amounts of medical and genomic data. On the other hand, ethical concerns and privacy regulations prevent free sharing of this data. Encryption techniques such as fully homomorphic encryption (FHE) enable evaluation over encrypted data. Using FHE, machine learning models such as deep learning, decision trees, and naive Bayes have been implemented for privacy-preserving applications using medical data. These applications include classifying encrypted data and training models on encrypted data. FHE has also been shown to enable secure genomic algorithms, such as paternity and ancestry testing and privacy-preserving applications of genome-wide association studies. This survey provides an overview of fully homomorphic encryption and its applications in medicine and bioinformatics. The high-level concepts behind FHE and its history are introduced and details on current open-source implementations are provided. The state of fully homomorphic encryption for privacy-preserving techniques in machine learning and bioinformatics is reviewed, along with descriptions of how these methods can be implemented in the encrypted domain. CCS Concepts: • Security and privacy → Cryptography; Usability in security and privacy; • Social and professional topics → Medical information policy.

show abstract

Section: Private Deep Learningmentioning

confidence: 99%

Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics

2020

View full text Add to dashboard Cite

show abstract

“…In centralised learning, the service provider collects all users' data to train a model. To preserve privacy, local data anonymisation [7], [8] or data encryption [14] can be performed on the user side, prior to transmission to the service provider. However, the curse of dimensionality may render these approaches impractical [15].…”

Section: Introductionmentioning

confidence: 99%

“…However, the curse of dimensionality may render these approaches impractical [15]. In addition to this, encryption may be needed to approximate the model, thus reducing accuracy [14]. In distributed learning, the service provider trains a model by iteratively aggregating the parameters or gradients of models trained locally by users [9]- [11].…”

Section: Introductionmentioning

confidence: 99%

PrivEdge: From Local to Distributed Private Training and Prediction

Shamsabadi

Gascón

Haddadi

et al. 2020

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Machine Learning as a Service (MLaaS) operators provide model training and prediction on the cloud. MLaaS applications often rely on centralised collection and aggregation of user data, which could lead to significant privacy concerns when dealing with sensitive personal data. To address this problem, we propose PrivEdge, a technique for privacy-preserving MLaaS that safeguards the privacy of users who provide their data for training, as well as users who use the prediction service. With PrivEdge, each user independently uses their private data to locally train a one-class reconstructive adversarial network that succinctly represents their training data. As sending the model parameters to the service provider in the clear would reveal private information, PrivEdge secret-shares the parameters among two non-colluding MLaaS providers, to then provide cryptographically private prediction services through secure multi-party computation techniques. We quantify the benefits of PrivEdge and compare its performance with state-ofthe-art centralised architectures on three privacy-sensitive imagebased tasks: individual identification, writer identification, and handwritten letter recognition. Experimental results show that PrivEdge has high precision and recall in preserving privacy, as well as in distinguishing between private and non-private images. Moreover, we show the robustness of PrivEdge to image compression and biased training data.

show abstract

“…If such models are deployed e.g. on smartphones [5] or as a service [4], they give attackers access to the memorized sensitive information.…”

Section: Introductionmentioning

confidence: 99%

Assessing Unintended Memorization in Neural Discriminative Sequence Models

Helali

Kleinbauer

Klakow

2020

Text, Speech, and Dialogue

View full text Add to dashboard Cite

Despite their success in a multitude of tasks, neural models trained on natural language have been shown to memorize the intricacies of their training data, posing a potential privacy threat. In this work, we propose a metric to quantify unintended memorization in neural discriminative sequence models. The proposed metric, named d-exposure (discriminative exposure), utilizes language ambiguity and classification confidence to elicit the model's propensity to memorization. Through experimental work on a named entity recognition task, we show the validity of d-exposure to measure memorization. In addition, we show that d-exposure is not a measure of overfitting as it does not increase when the model overfits.

show abstract

Privacy-preserving Machine Learning as a Service

Cited by 189 publications

References 29 publications

Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics

Homomorphic Encryption for Machine Learning in Medicine and Bioinformatics

PrivEdge: From Local to Distributed Private Training and Prediction

Assessing Unintended Memorization in Neural Discriminative Sequence Models

Contact Info

Product

Resources

About