research-article

DAPter: Preventing User Data Abuse in Deep Learning Inference Services

Authors:

Fengyuan XuAuthors Info & Claims

WWW '21: Proceedings of the Web Conference 2021

Pages 1017 - 1028

https://doi.org/10.1145/3442381.3449907

Published: 03 June 2021 Publication History

Abstract

The data abuse issue has risen along with the widespread development of the deep learning inference service (DLIS). Specifically, mobile users worry about their input data being labeled to secretly train new deep learning models that are unrelated to the DLIS they subscribe to. This unique issue, unlike the privacy problem, is about the rights of data owners in the context of deep learning. However, preventing data abuse is demanding when considering the usability and generality in the mobile scenario. In this work, we propose, to our best knowledge, the first data abuse prevention mechanism called DAPter. DAPter is a user-side DLIS-input converter, which removes unnecessary information with respect to the targeted DLIS. The converted input data by DAPter maintains good inference accuracy and is difficult to be labeled manually or automatically for the new model training. DAPter’s conversion is empowered by our lightweight generative model trained with a novel loss function to minimize abusable information in the input data. Furthermore, adapting DAPter requires no change in the existing DLIS backend and models. We conduct comprehensive experiments with our DAPter prototype on mobile devices and demonstrate that DAPter can substantially raise the bar of the data abuse difficulty with little impact on the service quality and overhead.

References

[1]

2011. Popular Synsets of ImageNet. http://image-net.org/explore.php. [Online; accessed Jan-28-2020].

[2]

2019. Zao’s deepfake face-swapping app shows uploading your photos is riskier than ever. https://blogs.lse.ac.uk/medialse/2019/09/10/zaos-deepfake-face-swapping-app-shows-uploading-your-photos-is-riskier-than-ever/. [Online; accessed Jan-28-2020].

[3]

2020. AI’s new workforce: the data-labelling industry spreads globally. https://www.ft.com/content/56dde36c-aa40-11e9-984c-fac8325aaa04. [Online; accessed Jan-28-2020].

[4]

2020. Artificial Intelligence as a Service Market by Service Type (Software Tools and Services), Technology (Machine Learning and Deep Learning, and Natural Language Processing), Organization Size, Vertical, and Region - Global Forecast 2023. https://www.marketsandmarkets.com/Market-Reports/artificial-intelligence-ai-as-a-service-market-121842268.html. [Online; accessed Sep-18-2020].

[5]

2020. Face++ Privacy Policy. https://www.faceplusplus.com/privacy-policy/. [Online; accessed Jan-28-2020].

[6]

Martín Abadi, Paul Barham, Jianmin Chen, Zhifeng Chen, Andy Davis, Jeffrey Dean, Matthieu Devin, Sanjay Ghemawat, Geoffrey Irving, Michael Isard, 2016. Tensorflow: A system for large-scale machine learning. In USENIX symposium on operating systems design and implementation (OSDI 16). 265–283.

[7]

Hervé Chabanne, Amaury de Wargny, Jonathan Milgram, Constance Morel, and Emmanuel Prouff. 2017. Privacy-preserving classification on deep neural network. IACR Cryptology ePrint Archive(2017), 35.

[8]

J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei. 2009. ImageNet: A Large-Scale Hierarchical Image Database. In Conference on Computer Vision and Pattern Recognition.

[9]

Alexey Dosovitskiy and Thomas Brox. 2016. Inverting visual representations with convolutional networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 4829–4837.

[10]

Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. 2016. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning. 201–210.

[11]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770–778.

[12]

Ehsan Hesamifard, Hassan Takabi, and Mehdi Ghasemi. 2017. Cryptodl: Deep neural networks over encrypted data. arXiv preprint arXiv:1711.05189(2017).

[13]

Gary B. Huang, Marwan Mattar, Honglak Lee, and Erik Learned-Miller. 2012. Learning to Align from Scratch. In Neural Information Processing Systems.

[14]

Tyler Hunt, Congzheng Song, Reza Shokri, Vitaly Shmatikov, and Emmett Witchel. 2018. Chiron: Privacy-preserving machine learning as a service. arXiv preprint arXiv:1803.05961(2018).

[15]

Andrew Ilyas, Shibani Santurkar, Dimitris Tsipras, Logan Engstrom, Brandon Tran, and Aleksander Madry. 2019. Adversarial examples are not bugs, they are features. arXiv preprint arXiv:1905.02175(2019).

[16]

Jagat Narain Kapur, Prasanna K Sahoo, and Andrew KC Wong. 1985. A new method for gray-level picture thresholding using the entropy of the histogram. Computer vision, graphics, and image processing (1985), 273–285.

[17]

Alex Krizhevsky, Geoffrey Hinton, 2009. Learning multiple layers of features from tiny images. Technical Report. Citeseer.

[18]

Yann LeCun, Léon Bottou, Yoshua Bengio, Patrick Haffner, 1998. Gradient-based learning applied to document recognition. Proc. IEEE (1998), 2278–2324.

[19]

Sicong Liu, Junzhao Du, Anshumali Shrivastava, and Lin Zhong. 2019. Privacy Adversarial Network: Representation Learning for Mobile Data Privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (2019).

Digital Library

[20]

Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. 2015. Deep Learning Face Attributes in the Wild. In Proceedings of International Conference on Computer Vision.

Digital Library

[21]

Fatemehsadat Mirshghallah, Mohammadkazem Taram, Praneeth Vepakomma, Abhishek Singh, Ramesh Raskar, and Hadi Esmaeilzadeh. 2020. Privacy in Deep Learning: A Survey. arXiv preprint arXiv:2004.12254(2020).

[22]

Maxime Oquab, Leon Bottou, Ivan Laptev, and Josef Sivic. 2014. Learning and transferring mid-level image representations using convolutional neural networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1717–1724.

Digital Library

[23]

Seyed Ali Osia, Ali Shahin Shamsabadi, Ali Taheri, Kleomenis Katevas, Sina Sajadmanesh, Hamid R Rabiee, Nicholas D Lane, and Hamed Haddadi. 2017. A hybrid deep learning architecture for privacy-preserving mobile analytics. arXiv preprint arXiv:1703.02952(2017).

[24]

Olaf Ronneberger, Philipp Fischer, and Thomas Brox. 2015. U-net: Convolutional networks for biomedical image segmentation. In International Conference on Medical image computing and computer-assisted intervention. Springer, 234–241.

[25]

Olga Russakovsky, Jia Deng, Hao Su, Jonathan Krause, Sanjeev Satheesh, Sean Ma, Zhiheng Huang, Andrej Karpathy, Aditya Khosla, Michael Bernstein, Alexander C. Berg, and Li Fei-Fei. 2015. ImageNet Large Scale Visual Recognition Challenge. International Journal of Computer Vision(2015), 211–252.

[26]

Ramprasaath R Selvaraju, Michael Cogswell, Abhishek Das, Ramakrishna Vedantam, Devi Parikh, and Dhruv Batra. 2017. Grad-cam: Visual explanations from deep networks via gradient-based localization. In Proceedings of the IEEE International Conference on Computer Vision. 618–626.

[27]

Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556(2014).

[28]

Jonathan Soifer, Jason Li, Mingqin Li, Jeffrey Zhu, Yingnan Li, Yuxiong He, Elton Zheng, Adi Oltean, Maya Mosyak, Chris Barnes, Thomas Liu, and Junhua Wang. 2019. Deep Learning Inference Service at Microsoft. In USENIX Conference on Operational Machine Learning. USENIX Association, 15–17.

[29]

Lizhi Sun, Shuocheng Wang, Hao Wu, Yuhang Gong, Fengyuan Xu, Yunxin Liu, Hao Han, and Sheng Zhong. 2021. App Developer Centric Trusted Execution Environment. arXiv preprint arXiv:2102.02465(2021).

[30]

Florian Tramer and Dan Boneh. 2018. Slalom: Fast, verifiable and private execution of neural networks in trusted hardware. arXiv preprint arXiv:1806.03287(2018).

[31]

Paul Voigt and Axel Von dem Bussche. 2017. The eu general data protection regulation (gdpr). A Practical Guide, 1st Ed., Cham: Springer International Publishing (2017).

[32]

Ji Wang, Jianguo Zhang, Weidong Bao, Xiaomin Zhu, Bokai Cao, and Philip S Yu. 2018. Not just privacy: Improving performance of private deep learning in mobile cloud. In Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining. ACM, 2407–2416.

Digital Library

[33]

Zhou Wang, Alan C Bovik, Hamid R Sheikh, and Eero P Simoncelli. 2004. Image quality assessment: from error visibility to structural similarity. IEEE transactions on image processing 13, 4 (2004), 600–612.

Digital Library

[34]

Hao Wu, Xuejin Tian, Minghao Li, Yunxin Liu, Ganesh Ananthanarayanan, Fengyuan Xu, and Sheng Zhong. 2021. PECAM: Privacy-Enhanced Video Streaming and Analytics via Securely-Reversible Transformation. In The 27th Annual International Conference on Mobile Computing and Networking.

Digital Library

Cited By

Zhao RZhang YWang TWen WXiang YCao X(2025)Visual Content Privacy Protection: A SurveyACM Computing Surveys10.1145/370850157:5(1-36)Online publication date: 24-Jan-2025
https://dl.acm.org/doi/10.1145/3708501
Du LJia JZhang XLan G(2024)PrivateGaze: Preserving User Privacy in Black-box Mobile Gaze Tracking ServicesProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785958:3(1-28)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678595
ZHAO RZHANG YZHU YLAN RHUA Z(2023)Metaverse: Security and Privacy ConcernsMetaverse: Security and Privacy ConcernsJournal of Metaverse10.57019/jmv.12865263:2(93-99)Online publication date: 31-Dec-2023
https://doi.org/10.57019/jmv.1286526
Show More Cited By

DAPter: Preventing User Data Abuse in Deep Learning Inference Services
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches

Recommendations

APter: Privacy Enhancement in Deep Learning Services following Principle of Least Privilege
ACM TURC '23: Proceedings of the ACM Turing Award Celebration Conference - China 2023

The data abuse concern has risen along with the widespread development of Deep Learning Services (DLS). Mobile users specifically worry about data privacy being compromised. Mitigating this new concern is demanding because it requires excellent ...
Crowdlearning: Crowded Deep Learning with Data Privacy
2018 15th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON)
Deep Learning has shown promising performance in a variety of pattern recognition tasks owning to large quantities of training data and complex structures of neural networks. However conventional deep neural network (DNN) training involves centrally ...
Deep semi-supervised learning with contrastive learning and partial label propagation for image data
Abstract
Deep semi-supervised learning is becoming an active research topic because it jointly utilizes labeled and unlabeled samples in training deep neural networks. Recent advances are mainly focused on inductive semi-supervised learning ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WWW '21: Proceedings of the Web Conference 2021

April 2021

4054 pages

ISBN:9781450383127

DOI:10.1145/3442381

Editors:
Jure Leskovec
Stanford
,
Marko Grobelnik
Jožef Stefan Institute
,
Marc Najork
Google
,
Jie Tang
Tsinghua University
,
Leila Zia
Wikimedia Foundation

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

WWW '21

Sponsor:

SIGWEB

WWW '21: The Web Conference 2021

April 19 - 23, 2021

Ljubljana, Slovenia

Acceptance Rates

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
407
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhao RZhang YWang TWen WXiang YCao X(2025)Visual Content Privacy Protection: A SurveyACM Computing Surveys10.1145/370850157:5(1-36)Online publication date: 24-Jan-2025
https://dl.acm.org/doi/10.1145/3708501
Du LJia JZhang XLan G(2024)PrivateGaze: Preserving User Privacy in Black-box Mobile Gaze Tracking ServicesProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785958:3(1-28)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678595
ZHAO RZHANG YZHU YLAN RHUA Z(2023)Metaverse: Security and Privacy ConcernsMetaverse: Security and Privacy ConcernsJournal of Metaverse10.57019/jmv.12865263:2(93-99)Online publication date: 31-Dec-2023
https://doi.org/10.57019/jmv.1286526
Wu HYang BKe XHe SXu FZhong S(2023)GAPter: Gray-Box Data Protector for Deep Learning Inference Services at User SideICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)10.1109/ICASSP49357.2023.10096286(1-5)Online publication date: 4-Jun-2023
https://doi.org/10.1109/ICASSP49357.2023.10096286
Vadlamudi S(2022)The Taxonomy of Security issues and Countermeasures in the Metaverse World2022 International Conference on Recent Trends in Microelectronics, Automation, Computing and Communications Systems (ICMACC)10.1109/ICMACC54824.2022.10093534(553-558)Online publication date: 28-Dec-2022
https://doi.org/10.1109/ICMACC54824.2022.10093534

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View Table of Conten