When receiving machine learning services from the cloud, the provider does
not need to receive all features; in fact, only a subset of the features are
necessary for the target prediction task. Discerning this subset is the key
problem of this work. We formulate this problem as a gradient-based
perturbation maximization method that discovers this subset in the input
feature space with respect to the functionality of the prediction model used by
the provider. After identifying the subset, our framework, Cloak, suppresses
the rest of the features using utility-preserving constant values that are
discovered through a separate gradient-based optimization process. We show that
Cloak does not necessarily require collaboration from the service provider
beyond its normal service, and can be applied in scenarios where we only have
black-box access to the service provider’s model. We theoretically guarantee
that Cloak’s optimizations reduce the upper bound of the Mutual Information
(MI) between the data and the sifted representations that are sent out.
Experimental results show that Cloak reduces the mutual information between the
input and the sifted representations by 85.01% with only a negligible reduction
in utility (1.42%). In addition, we show that Cloak greatly diminishes
adversaries’ ability to learn and infer non-conducive features.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Mireshghallah_F/0/1/0/all/0/1">Fatemehsadat Mireshghallah</a>, <a href="http://arxiv.org/find/cs/1/au:+Taram_M/0/1/0/all/0/1">Mohammadkazem Taram</a>, <a href="http://arxiv.org/find/cs/1/au:+Jalali_A/0/1/0/all/0/1">Ali Jalali</a>, <a href="http://arxiv.org/find/cs/1/au:+Elthakeb_A/0/1/0/all/0/1">Ahmed Taha Elthakeb</a>, <a href="http://arxiv.org/find/cs/1/au:+Tullsen_D/0/1/0/all/0/1">Dean Tullsen</a>, <a href="http://arxiv.org/find/cs/1/au:+Esmaeilzadeh_H/0/1/0/all/0/1">Hadi Esmaeilzadeh</a>

By admin