Unsupervised Information Obfuscation for Split Inference of Neural Networks

TL;DR

This paper introduces an unsupervised obfuscation technique for split neural network inference that effectively removes irrelevant attribute information, enhances privacy, reduces communication costs, and maintains accuracy.

Contribution

It proposes a novel unsupervised information obfuscation method based on an information theoretical framework for split neural networks, addressing unseen attribute privacy issues.

Findings

Outperforms existing methods in removing irrelevant attribute information.

Reduces communication cost in split inference.

Maintains high accuracy on target labels.

Abstract

Splitting network computations between the edge device and a server enables low edge-compute inference of neural networks but might expose sensitive information about the test query to the server. To address this problem, existing techniques train the model to minimize information leakage for a given set of sensitive attributes. In practice, however, the test queries might contain attributes that are not foreseen during training. We propose instead an unsupervised obfuscation method to discard the information irrelevant to the main task. We formulate the problem via an information theoretical framework and derive an analytical solution for a given distortion to the model output. In our method, the edge device runs the model up to a split layer determined based on its computational capacity. It then obfuscates the obtained feature vector based on the first layer of the server model by removing the components in the null space as well as the low-energy components of the remaining signal. Our experimental results show that our method outperforms existing techniques in removing the information of the irrelevant attributes and maintaining the accuracy on the target label. We also show that our method reduces the communication cost and incurs only a small computational overhead.