PrivyNet: A Flexible Framework for Privacy-Preserving Deep Neural Network Training

TL;DR

PrivyNet introduces a flexible framework that splits DNN training between local devices and the cloud, enhancing privacy protection while maintaining high classification accuracy.

Contribution

It proposes a novel DNN splitting method and a topology optimization approach to balance privacy, accuracy, and resource constraints in cloud-based training.

Findings

Effective privacy-accuracy trade-off demonstrated on CIFAR-10

PrivyNet's topology optimization improves accuracy under privacy constraints

Framework reduces local computation and storage requirements

Abstract

Massive data exist among user local platforms that usually cannot support deep neural network (DNN) training due to computation and storage resource constraints. Cloud-based training schemes provide beneficial services but suffer from potential privacy risks due to excessive user data collection. To enable cloud-based DNN training while protecting the data privacy simultaneously, we propose to leverage the intermediate representations of the data, which is achieved by splitting the DNNs and deploying them separately onto local platforms and the cloud. The local neural network (NN) is used to generate the feature representations. To avoid local training and protect data privacy, the local NN is derived from pre-trained NNs. The cloud NN is then trained based on the extracted intermediate representations for the target learning task. We validate the idea of DNN splitting by characterizing the dependency of privacy loss and classification accuracy on the local NN topology for a convolutional NN (CNN) based image classification task. Based on the characterization, we further propose PrivyNet to determine the local NN topology, which optimizes the accuracy of the target learning task under the constraints on privacy loss, local computation, and storage. The efficiency and effectiveness of PrivyNet are demonstrated with the CIFAR-10 dataset.