Controlling the privacy loss with the input feature maps of the layers in convolutional neural networks

TL;DR

This paper introduces a method to control privacy loss in CNNs by sanitizing input feature maps through a sample-and-hold approximation, enabling adjustable privacy levels independent of CNN architecture.

Contribution

It proposes a novel sanitization scheme for input feature maps that allows application-specific privacy control, independent of CNN configuration.

Findings

The method effectively controls privacy loss via a tunable sanitization degree.

The sample-and-hold scheme approximates feature maps while preserving essential information.

The approach is adaptable to various CNN architectures without modification.

Abstract

We propose the method to sanitize the privacy of the IFM(Input Feature Map)s that are fed into the layers of CNN(Convolutional Neural Network)s. The method introduces the degree of the sanitization that makes the application using a CNN be able to control the privacy loss represented as the ratio of the probabilistic accuracies for original IFM and sanitized IFM. For the sanitization of an IFM, the sample-and-hold based approximation scheme is devised to satisfy an application-specific degree of the sanitization. The scheme approximates an IFM by replacing all the samples in a window with the non-zero sample closest to the mean of the sampling window. It also removes the dependency on CNN configuration by unfolding multi-dimensional IFM tensors into one-dimensional streams to be approximated.