Citation: | WANG Zhibo, LIU Kaixin, HU Jiahui, et al., “AttrLeaks on the Edge: Exploiting Information Leakage from Privacy-Preserving Co-inference,” Chinese Journal of Electronics, vol. 32, no. 1, pp. 1-12, 2023, doi: 10.23919/cje.2022.00.031 |
[1] |
K. He, X. Zhang, S. Ren, et al., “Deep residual learning for image recognition,” in Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, NV, USA, pp.770–778, 2016.
|
[2] |
M. T. Luong, H. Pham, and C. D. Manning, “Effective approaches to attention-based neural machine translation,” arXiv preprint, arXiv: 1508.04025, 2015.
|
[3] |
A. Hannun, C. Case, J. Casper, et al., “Deep speech: Scaling up end-to-end speech recognition,” arXiv preprint, arXiv: 1412.5567, 2014.
|
[4] |
C. Song and A. Raghunathan, “Information leakage in embedding models,” in Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event USA, pp.377–390, 2020.
|
[5] |
Z. He, T. Zhang, and R. B. Lee, “Model inversion attacks against collaborative inference,” in Proceedings of the 35th Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA, pp.148–162, 2019.
|
[6] |
L. Melis, C. Song, E. de Cristofaro, et al., “Exploiting unintended feature leakage in collaborative learning,” in Proceedings of 2019 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, pp.691–706, 2019.
|
[7] |
J. Wang, J. Zhang, W. Bao, et al., “Not just privacy: Improving performance of private deep learning in mobile cloud,” in Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, London, UK, pp.2407–2416, 2018.
|
[8] |
F. Mireshghallah, M. Taram, P. Ramrakhyani, et al., “Shredder: Learning noise distributions to protect inference privacy,” in Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, pp.3–18, 2020.
|
[9] |
H. Edwards and A. Storkey, “Censoring representations with an adversary,” arXiv preprint, arXiv: 1511.05897, 2015.
|
[10] |
Q. Xie, Z. Dai, Y. Du, et al., “Controllable invariance through adversarial feature learning,” arXiv preprint, arXiv: 1705.11122, 2017.
|
[11] |
D. Madras, E. Creager, T. Pitassi, et al., “Learning adversarially fair and transferable representations,” arXiv preprint, arXiv: 1802.06309, 2018.
|
[12] |
D. Moyer, S. Gao, R. Brekelmans, et al., “Invariant representations without adversarial training,” arXiv preprint, arXiv: 1805.09458, 2018.
|
[13] |
S. A. Osia, A. Taheri, A. S. Shamsabadi, et al., “Deep private-feature extraction,” IEEE Transactions on Knowledge and Data Engineering, vol.32, no.1, pp.54–66, 2020. doi: 10.1109/TKDE.2018.2878698
|
[14] |
C. Song and V. Shmatikov, “Overlearning reveals sensitive attributes,” arXiv preprint, arXiv: 1905.11742, 2019.
|
[15] |
M. Fredrikson, S. Jha, and T. Ristenpart, “Model inversion attacks that exploit confidence information and basic countermeasures,” in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, pp.1322–1333, 2015.
|
[16] |
M. Fredrikson, E. Lantz, S. Jha, et al., “Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing,” in Proceedings of the 23rd USENIX Conference on Security Symposium, San Diego, CA, USA, pp.17–32, 2014.
|
[17] |
F. McSherry, “Statistical inference considered harmful,” available at: https://github.com/frankmcsherry/blog/blob/master/posts/2016-06-14.md, Accessed 2022-01-18.
|
[18] |
S. P. Liew and T. Takahashi, “FaceLeaks: Inference attacks against transfer learning models via black-box queries,” arXiv preprint, arXiv: 2010.14023, 2020.
|
[19] |
I. J. Goodfellow, J. Pouget-Abadie, M. Mirza, et al., “Generative adversarial networks,” arXiv preprint, arXiv: 1406.2661, 2014.
|
[20] |
Y. Li, T. Baldwin, and T. Cohn, “Towards robust and privacy-preserving text representations,” arXiv preprint, arXiv: 1805.06093, 2018.
|
[21] |
M. Coavoux, S. Narayan, and S. B. Cohen, “Privacy-preserving neural representations of text,” in Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, Brussels, Belgium, pp.1–10, 2018.
|
[22] |
Y. Elazar and Y. Goldberg, “Adversarial removal of demographic attributes from text data,” in Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, Brussels, Belgium, pp.11–21, 2018.
|
[23] |
“Mutual information,” available at: https://en.wikipedia.org/wiki/Mutual information, Accessed 2021-10-30.
|
[24] |
A. A. Alemi, I. Fischer, J. V. Dillon, et al., “Deep variational information bottleneck,” arXiv preprint, arXiv: 1612.00410, 2016.
|
[25] |
G. E. Hinton and R. R. Salakhutdinov, “Reducing the dimensionality of data with neural networks,” Science, vol.313, no.5786, pp.504–507, 2006. doi: 10.1126/science.1127647
|
[26] |
E. Li, Z. Zhou, and X. Chen, “Edge intelligence: On-demand deep learning model co-inference with device-edge synergy,” in Proceedings of the 2018 Workshop on Mobile Edge Communications, Budapest, Hungary, pp.31–36, 2018.
|
[27] |
Z. Zhang, Y. Song, and H. Qi, “Age progression/regression by conditional adversarial autoencoder,” in Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition, Honolulu, HI, USA, pp.4352–4360, 2017.
|
[28] |
Z. Liu, P. Luo, X. Wang, et al., “Deep learning face attributes in the wild,” in Proceedings of 2015 IEEE International Conference on Computer Vision, Santiago, Chile, pp.3730–3738, 2015.
|
[29] |
Z. P. Zhang, P. Luo, C. C. Loy, et al., “Facial landmark detection by deep multi-task learning,” in Proceedings of Computer Vision - ECCV 2014, Part VI, Lecture Notes in Computer Science, vol.8694, Springer, Cham., DOI: 10.1007/978-3-319-10599-4_7, 2014.
|