Probabilistic Selective Encryption of Convolutional Neural Networks for Hierarchical Services

TL;DR

This paper introduces a probabilistic selective encryption scheme for CNNs that protects models by encrypting only a small subset of parameters, enabling hierarchical service levels and maintaining high performance.

Contribution

It proposes a novel probabilistic selection and encryption method for CNN protection that allows hierarchical access and minimal performance degradation.

Findings

Encrypting 8% of VGG19's parameters effectively protects the model.

The scheme enables different performance levels through access permissions.

Hierarchical denoising services are demonstrated with DnCNN.

Abstract

Model protection is vital when deploying Convolutional Neural Networks (CNNs) for commercial services, due to the massive costs of training them. In this work, we propose a selective encryption (SE) algorithm to protect CNN models from unauthorized access, with a unique feature of providing hierarchical services to users. Our algorithm firstly selects important model parameters via the proposed Probabilistic Selection Strategy (PSS). It then encrypts the most important parameters with the designed encryption method called Distribution Preserving Random Mask (DPRM), so as to maximize the performance degradation by encrypting only a very small portion of model parameters. We also design a set of access permissions, using which different amounts of the most important model parameters can be decrypted. Hence, different levels of model performance can be naturally provided for users. Experimental results demonstrate that the proposed scheme could effectively protect the classification model VGG19 by merely encrypting 8% parameters of convolutional layers. We also implement the proposed model protection scheme in the denoising model DnCNN, showcasing the hierarchical denoising services