DISCO: Dynamic and Invariant Sensitive Channel Obfuscation for Deep Neural Networks

Abhishek Singh; Ayush Chopra; Ethan Garza; Emily Zhang; Praneeth Vepakomma; Vivek Sharma; Ramesh Raskar

2021 CVPR CVPR 2021

DISCO: Dynamic and Invariant Sensitive Channel Obfuscation for Deep Neural Networks

Abstract

Recent deep learning models have shown remarkable performance in image classification. While these deep learning systems are getting closer to practical deployment, the common assumption made about data is that it does not carry any sensitive information. This assumption may not hold for many practical cases, especially in the domain where an individual's personal information is involved, like healthcare and facial recognition systems. We posit that selectively removing features in this latent space can protect the sensitive information and provide better privacy-utility trade-off. Consequently, we propose DISCO which learns a dynamic and data driven pruning filter to selectively obfuscate sensitive information in the feature space. We propose diverse attack schemes for sensitive inputs and attributes and demonstrate the effectiveness of DISCO against state-of-the-art methods through quantitative and qualitative evaluation. Finally, we also release an evaluation benchmark dataset of 1 million sensitive representations to encourage rigorous exploration of novel attack and defense schemes at https://github.com/splitlearning/InferenceBenchmark

🌉 Interdisciplinary Bridge — Artificial Intelligence and Computer Vision and Deep Learning and Machine Learning

🧭 Keyword Pioneer — inference attack defense

🐣 Hot Topic Early Bird — privacy protection

🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Abhishek Singh , Ayush Chopra , Ethan Garza , Emily Zhang , Praneeth Vepakomma , Vivek Sharma , Ramesh Raskar

Topics

Machine Learning > Application Areas > Privacy Deep Learning > Techniques > Model Architecture Computer Vision > Analysis > Face Recognition Machine Learning > Application Areas > Model Compression Artificial Intelligence > Core AI > Privacy Deep Learning > Optimization & Theory > Model Compression Machine Learning > Learning Types > Privacy

Keywords

feature space deep neural network adversarial defense privacy-utility trade-off inference attack defense privacy protection sensitive information inference attack channel obfuscation feature space pruning sensitive information removal

Download PDF

Related papers

Learning To Reconstruct High Speed and High Dynamic Range Videos From Events 2021

DeFLOCNet: Deep Image Editing via Flexible Low-Level Controls 2021

Vx2Text: End-to-End Learning of Video-Based Text Generation From Multimodal Inputs 2021

Coming Down to Earth: Satellite-to-Street View Synthesis for Geo-Localization 2021

Pose-Guided Human Animation From a Single Image in the Wild 2021