Not Just Privacy: Improving Performance of Private Deep Learning in Mobile Cloud

TL;DR

This paper introduces ARDEN, a cloud-based framework that partitions deep neural networks between mobile devices and cloud data centers, enhancing privacy and inference performance through data transformation, privacy-preserving mechanisms, and robust training.

Contribution

The paper presents a novel DNN partitioning framework with privacy-preserving data transformation and a noisy training method to improve inference accuracy under privacy constraints.

Findings

ARDEN effectively preserves privacy with strong guarantees.

The framework improves inference performance despite data perturbation.

Experimental results validate ARDEN's practicality and effectiveness.

Abstract

The increasing demand for on-device deep learning services calls for a highly efficient manner to deploy deep neural networks (DNNs) on mobile devices with limited capacity. The cloud-based solution is a promising approach to enabling deep learning applications on mobile devices where the large portions of a DNN are offloaded to the cloud. However, revealing data to the cloud leads to potential privacy risk. To benefit from the cloud data center without the privacy risk, we design, evaluate, and implement a cloud-based framework ARDEN which partitions the DNN across mobile devices and cloud data centers. A simple data transformation is performed on the mobile device, while the resource-hungry training and the complex inference rely on the cloud data center. To protect the sensitive information, a lightweight privacy-preserving mechanism consisting of arbitrary data nullification and random noise addition is introduced, which provides strong privacy guarantee. A rigorous privacy budget analysis is given. Nonetheless, the private perturbation to the original data inevitably has a negative impact on the performance of further inference on the cloud side. To mitigate this influence, we propose a noisy training method to enhance the cloud-side network robustness to perturbed data. Through the sophisticated design, ARDEN can not only preserve privacy but also improve the inference performance. To validate the proposed ARDEN, a series of experiments based on three image datasets and a real mobile application are conducted. The experimental results demonstrate the effectiveness of ARDEN. Finally, we implement ARDEN on a demo system to verify its practicality.