A novel secure deep ensemble learning protocol based on Conjugacy search problem homomorphic encryption scheme
DOI:
https://doi.org/10.54654/isj.v1i15.830Keywords:
Deep learning, Privacy Preserving machine learning, secure multi-participant computationTóm tắt
Abstract—Nowadays, machine learning and deep learning have been widely employed. User privacy is an issue to consider in problems such as medicine, and finance. Machine learning models not only require accurate predictions but also ensure the privacy and security of data for users. In this paper, we propose a method to ensure the privacy for training and using deep learning models that employs a homomorphic encryption scheme based on the conjugate search problem. This method implements encryption on the data before transferring them to a cloud server, which stores local deep learning models from participants to predict the encrypted data, then the encrypted prediction results are sent back to users, and they perform decryption to get the model’s prediction result. These results can also be assembled to create a new training dataset for a model from the client. It is evident that our proposed model on the MNIST dataset produces an accuracy over 98% with some very simple network architectures and approximates the accuracy of centralized complex models, which does not ensure privacy.
Tóm tắt— Hiện nay, học máy và học sâu nói chung đã và đang được ứng dụng rất rộng rãi. Tuy nhiên, trong nhiều bài toán như y tế, tài chính, dữ liệu riêng tư của người dùng là một vấn đề cần xem xét. Các mô hình học máy không chỉ yêu cầu dự đoán chính xác mà còn cần đảm bảo được tính riêng tư và bảo mật của dữ liệu cho người dùng. Trong bài báo này, nhóm tác giả trình bày một phương pháp đảm bảo tính riêng tư cho việc huấn luyện và sử dụng các mô hình học máy đặc biệt là học sâu sử dụng hệ mã hóa đồng cấu dựa trên bài toán tìm kiếm liên hợp. Phương pháp pháp mã hóa đồng cấu này thực hiện mã hóa dữ liệu trước khi gửi lên các máy chủ đám mây, nơi lưu trữ mô hình học học sâu cục bộ của các bên tham gia để đưa ra các dự đoán tương ứng trên dữ liệu đầu vào ở dạng mã hóa, sau đó kết quả dự đoán sẽ được trả về người dùng và người dùng thực hiện giả mã để nhận được kết quả dự đoán của mô hình. Các kết quả này cũng có thể được xây dựng thành một bộ dữ liệu huấn luyện để thực hiện quá trình xây dựng và huấn luyện lại một mô hình cho máy khách. Nhóm tác giả chỉ ra rằng, mô hình đề xuất của nhóm tác giả trên bộ dữ liệu chuẩn MNIST cho độ chính xác lên tới gần 99% với kiến trúc mạng rất đơn giản và gần như có độ chính xác xấp xỉ với các mô hình phức tạp tập trung không đảm bảo tính riêng tư cho dữ liệu.
Downloads
References
C. Aggarwal. Neural Networks and Deep Learning. Springer, Cham, 2018..
C. C. Aggarwal and P. S. Yu, editors. PrivacyPreserving Data Mining - Models and Algorithms, volume 34 of Advances in Database Systems. Springer, 2008
U. M. A¨ıvodji, S. Gambs, and A. Martin. Iotfla: A secured and privacy-preserving smart home architecture implementing federated learning. In 2019 IEEE Security and Privacy Workshops (SPW), pages 175–180. IEEE, 2019.
M. Al-Rubaie and J. M. Chang. Privacypreserving machine learning: Threats and solutions. IEEE Security Privacy, 17(2):49–58, 2019.
Y. Bengio, I. Goodfellow, and A. Courville. Deep learning, volume 1. MIT press Massachusetts, USA:, 2017.
Boles and P. Rad. Voice biometrics: Deep learning-based voiceprint authentication system. In 2017 12th System of Systems Engineering Conference (SoSE), pages 1–6. IEEE, 2017.
Bu, Y. Ma, Z. Chen, and H. Xu. Privacy preserving backpropagation based on bgv on
cloud. In 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems, pages 1791– 1795, 2015.
J. Chen, X. Pan, R. Monga, S. Bengio, and R. Jozefowicz. Revisiting distributed synchronous sgd. arXiv preprint arXiv:1604.00981, 2016.
Guo and N. Zhang. A survey on deep learning based face recognition. Computer vision and image understanding, 189:102805, 2019.
Gupta and R. Raskar. Distributed learning of deep neural network over multiple agents. Journal of Network and Computer Applications, 116:1 – 8, 2018.
Hard, C. M. Kiddon, D. Ramage, F. Beaufays, H. Eichner, K. Rao, R. Mathews, and S. Augenstein. Federated learning for mobile keyboard prediction, 2018.
Hitaj, G. Ateniese, and F. Perez-Cruz. Deep models under the gan: Information leakage from collaborative deep learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, page 603–618, New York, NY, USA, 2017. Association for Computing Machinery.
P. Li, J. Li, Z. Huang, T. Li, C.-Z. Gao, S.-M. Yiu, and K. Chen. Multi-key privacy-preserving deep learning in cloud computing. Future Generation Computer Systems, 74:76 – 85, 2017.
T. Li, A. K. Sahu, A. Talwalkar, and V. Smith. Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 37(3):50–60, 2020.
L. Lyu, X. He, Y. W. Law, and M. Palaniswami. Privacypreserving collaborative deep learning with application to human activity recognition. In Proceedings of the 2017 ACM on Conference on Information and Knowledge Management, CIKM ’17, page 1219–1228, New York, NY, USA, 2017. Association for Computing Machinery.
P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE Symposium on Security and Privacy (SP), pages 19–38, 2017.
N. Papernot, M. Abadi, U. Erlingsson, I. Goodfellow, and K. Talwar. Semi-supervised knowledge transfer for deep learning from private training data. arXiv preprint arXiv:1610.05755, 2016.
L. T. Phong, Y. Aono, T. Hayashi, L. Wang, and S. Moriai. Privacy-preserving deep learning via additively homomorphic encryption. Trans. Info. For. Sec., 13(5):1333–1345, May 2018.
M. I. Razzak, S. Naz, and A. Zaib. Deep learning for medical image processing: Overview, challenges and the future. Classification in BioApps, pages 323–350, 2018.
L. Rokach. Ensemble Learning: Pattern Classification Using Ensemble Methods (Second Edition). World Scientific Publishing Co Pte Ltd, Singapore, 2nd edition, 2019.
R. Shokri and V. Shmatikov. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pages 1310–1321, 2015.
Voulodimos, N. Doulamis, A. Doulamis, and E. Protopapadakis. Deep learning for computer vision: A brief review. Computational intelligence and neuroscience, 2018.
S. Wagh, D. Gupta, and N. Chandran. Securenn: Efficient and private neural network training. In Privacy Enhancing Technologies Symposium. (PETS 2019), February 2019.
X. Wang, Y. Zhao, and F. Pourpanah. Recent advances in deep learning, 2020.
J. Yuan and S. Yu. Privacy preserving backpropagation neural network learning made practical with cloud computing. IEEE Transactions on Parallel and Distributed Systems, 25(1):212– 221, 2014.
Q. Zhang, L. T. Yang, and Z. Chen. Privacy preserving deep computation model on cloud for big data feature learning. IEEE Trans. Comput., 65(5):1351–1362, May 2016.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
