Interpretable Complex-Valued Neural Networks for Privacy Protection

TL;DR

This paper introduces a complex-valued neural network approach that enhances privacy by obscuring input information in intermediate features, effectively reducing adversarial inference while maintaining high output accuracy.

Contribution

The authors propose a novel complex-valued feature transformation method that hides input details in a randomized phase, balancing privacy protection with model performance.

Findings

Significantly reduces adversarial input inference.

Maintains high accuracy on various datasets.

Effective across different network structures.

Abstract

Previous studies have found that an adversary attacker can often infer unintended input information from intermediate-layer features. We study the possibility of preventing such adversarial inference, yet without too much accuracy degradation. We propose a generic method to revise the neural network to boost the challenge of inferring input attributes from features, while maintaining highly accurate outputs. In particular, the method transforms real-valued features into complex-valued ones, in which the input is hidden in a randomized phase of the transformed features. The knowledge of the phase acts like a key, with which any party can easily recover the output from the processing result, but without which the party can neither recover the output nor distinguish the original input. Preliminary experiments on various datasets and network structures have shown that our method significantly diminishes the adversary's ability in inferring about the input while largely preserves the resulting accuracy.