Deep learning training involves large training data and expensive model tweaking, for which cloud GPU resources can be a popular option. However, outsourcing data often raises privacy concerns. The challenge is to preserve data and model confidentiality without sacrificing GPU-based scalable training and low-cost client-side preprocessing, which is difficult for conventional cryptographic solutions to achieve. This demonstration shows a new approach, image disguising, represented by recent work: DisguisedNets, NeuraCrypt, and InstaHide, which aim to securely transform training images while still enabling the desired scalability and efficiency. We present an interactive system for visually and comparatively exploring these methods. Users can view disguised images, note low client-side processing costs, and observe the maintained efficiency and model quality during server-side GPU-accelerated training. This demo aids researchers and practitioners in swiftly grasping the advantages and limitations of image-disguising methods.
@inproceedings{10.1145/3576915.3624364,address={New York, NY, USA},author={Gu, Yuechun and Sharma, Sagar and Chen, Keke},booktitle={Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security},date-added={2024-03-05 13:11:38 -0600},date-modified={2024-03-05 13:11:38 -0600},doi={10.1145/3576915.3624364},isbn={9798400700507},keywords={gpu-acceleration, instance encoding, privacy-preserving machine learning},location={<conf-loc>, <city>Copenhagen</city>, <country>Denmark</country>, </conf-loc>},numpages={3},pages={3679--3681},publisher={Association for Computing Machinery},series={CCS '23},title={Demo: Image Disguising for Scalable GPU-accelerated Confidential Deep Learning (ACM CCS'23)},url={https://doi.org/10.1145/3576915.3624364},year={2023},bdsk-url-1={https://doi.org/10.1145/3576915.3624364}}
GAN-based domain inference attack (AAAI’23)
Yuechun Gu , and Keke Chen
In Proceedings of the AAAI Conference on Artificial Intelligence , 2023
Model-based attacks can infer training data information from deep neural network models. These attacks heavily depend on the attacker’s knowledge of the application domain, eg, using it to determine the auxiliary data for model-inversion attacks. However, attackers may not know what the model is used for in practice. We propose a generative adversarial network (GAN) based method to explore likely or similar domains of a target model–the model domain inference (MDI) attack. For a given target (classification) model, we assume that the attacker knows nothing but the input and output formats and can use the model to derive the prediction for any input in the desired form. Our basic idea is to use the target model to affect a GAN training process for a candidate domain’s dataset that is easy to obtain. We find that the target model may distort the training procedure less if the domain is more similar to the target domain. We then measure the distortion level with the distance between GAN-generated datasets, which can be used to rank candidate domains for the target model. Our experiments show that the auxiliary dataset from an MDI top-ranked domain can effectively boost the result of model-inversion attacks.
@inproceedings{gu2023gan,author={Gu, Yuechun and Chen, Keke},booktitle={Proceedings of the AAAI Conference on Artificial Intelligence},date-added={2024-03-05 13:11:16 -0600},date-modified={2024-03-05 13:11:16 -0600},number={12},pages={14214--14222},title={GAN-based domain inference attack (AAAI'23)},volume={37},year={2023}}
I prefer contacting through email. Please click the email button to send an email.
