XNN: Paradigm Shift in Mitigating Identity Leakage within Cloud-Enabled Deep Learning

TL;DR

This paper introduces XNN and XNN-d, innovative methods that incorporate randomized perturbations into neural networks to enhance privacy against identity leakage in cloud-based deep learning, while maintaining high utility.

Contribution

The paper presents novel XNN and XNN-d techniques that embed randomized perturbations and adversarial noise into neural networks for improved privacy in cloud environments.

Findings

XNN significantly reduces identity leakage compared to existing methods.

XNN-d effectively counters black-box attacks with minimal impact on accuracy.

Both methods maintain high utility while enhancing privacy.

Abstract

In the domain of cloud-based deep learning, the imperative for external computational resources coexists with acute privacy concerns, particularly identity leakage. To address this challenge, we introduce XNN and XNN-d, pioneering methodologies that infuse neural network features with randomized perturbations, striking a harmonious balance between utility and privacy. XNN, designed for the training phase, ingeniously blends random permutation with matrix multiplication techniques to obfuscate feature maps, effectively shielding private data from potential breaches without compromising training integrity. Concurrently, XNN-d, devised for the inference phase, employs adversarial training to integrate generative adversarial noise. This technique effectively counters black-box access attacks aimed at identity extraction, while a distilled face recognition network adeptly processes the perturbed features, ensuring accurate identification. Our evaluation demonstrates XNN's effectiveness, significantly outperforming existing methods in reducing identity leakage while maintaining a high model accuracy.