Protecting Inference Privacy With Accuracy Improvement in Mobile-Cloud Deep Learning

With the wide spread of data-driven deep learning applications, a growing number of users outsource compute-intensive inference processes to the cloud. To protect inference privacy, Liu (INFOCOM 2022) proposed two steganography-based solutions, named GHOST and GHOST ⁺ , relying on the mobile-cloud collaborative framework, where the mobile device hides sensitive images into public cover images before feature extraction, while launching adversarial attacks on the cloud-side deep neural network (DNN) to obtain desired results. Although both solutions demonstrate significant advantages in private deep learning, they suffer from limited practicality; since the inference accuracy decreases sharply as the hiding ratio increases. To address this, we propose two improved solutions, IGHO and IGHO ⁺ , which ensure high inference accuracy even when abundant sensitive images need to be hidden. Specifically, IGHO as the improved version of GHOST proposes two feature fusion methods, feature synthesis and pixel synthesis, to preprocess cover images, making the poisoned DNN learn hidden sensitive features better, while IGHO ⁺ as the improved version of GHOST ⁺ designs a novel feature mining generative adversarial network (FMGAN) to craft adversarial perturbations highly robust against variable sensitive types. Experimental results show that the proposed solutions highly improve the practicality of GHOST and GHOST ⁺ .