InfoDecom: Decomposing Information for Defending Against Privacy Leakage in Split Inference

TL;DR

InfoDecom is a novel defense framework for split inference that decomposes and removes redundant information from smashed data, effectively balancing privacy protection and utility in deep learning applications.

Contribution

It introduces a method to decompose and eliminate redundant information in smashed data, enhancing privacy without significantly sacrificing utility.

Findings

Outperforms existing defenses in utility-privacy trade-off

Effectively reduces data reconstruction attacks in computer vision tasks

Provides theoretically guaranteed privacy levels

Abstract

Split inference (SI) enables users to access deep learning (DL) services without directly transmitting raw data. However, recent studies reveal that data reconstruction attacks (DRAs) can recover the original inputs from the smashed data sent from the client to the server, leading to significant privacy leakage. While various defenses have been proposed, they often result in substantial utility degradation, particularly when the client-side model is shallow. We identify a key cause of this trade-off: existing defenses apply excessive perturbation to redundant information in the smashed data. To address this issue in computer vision tasks, we propose InfoDecom, a defense framework that first decomposes and removes redundant information and then injects noise calibrated to provide theoretically guaranteed privacy. Experiments demonstrate that InfoDecom achieves a superior utility-privacy trade-off compared to existing baselines.