Oblivious Neural Network Predictions via MiniONN Transformations

Jian Liu; Mika Juuti; Yao Lu; N. Asokan

Oblivious Neural Network Predictions via MiniONN Transformations

Jian Liu, Mika Juuti, Yao Lu, N. Asokan

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model.

We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes. We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.

Original language	English
Title of host publication	Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Publisher	ACM
Pages	619-631
ISBN (Electronic)	978-1-4503-4946-8
Publication status	Published - 30 Oct 2017
MoE publication type	A4 Conference publication
Event	ACM Conference on Computer and Communications Security - Dallas, United States Duration: 30 Oct 2017 → 3 Nov 2017 Conference number: 24

Conference

Conference	ACM Conference on Computer and Communications Security
Abbreviated title	CCS
Country/Territory	United States
City	Dallas
Period	30/10/2017 → 03/11/2017

Keywords

privacy
machine learning
neural network predictions
secure two-party computation

Access to Document

https://dl.acm.org/citation.cfm?doid=3133956.3134056

Science-IT
Hakala, M. (Manager)
School of Science
Facility/equipment: Facility

Cite this

@inproceedings{675e57c1c5614bbe9b73bd7452b3c257,

title = "Oblivious Neural Network Predictions via MiniONN Transformations",

abstract = "Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model.We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes. We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.",

keywords = "privacy, machine learning, neural network predictions, secure two-party computation",

author = "Jian Liu and Mika Juuti and Yao Lu and N. Asokan",

year = "2017",

month = oct,

day = "30",

language = "English",

pages = "619--631",

booktitle = "Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "ACM",

address = "United States",

note = "ACM Conference on Computer and Communications Security , CCS ; Conference date: 30-10-2017 Through 03-11-2017",

}

Liu, J, Juuti, M, Lu, Y & Asokan, N 2017, Oblivious Neural Network Predictions via MiniONN Transformations. in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . ACM, pp. 619-631, ACM Conference on Computer and Communications Security , Dallas, Texas, United States, 30/10/2017. <https://dl.acm.org/citation.cfm?doid=3133956.3134056>

TY - GEN

T1 - Oblivious Neural Network Predictions via MiniONN Transformations

AU - Liu, Jian

AU - Juuti, Mika

AU - Lu, Yao

AU - Asokan, N.

N1 - Conference code: 24

PY - 2017/10/30

Y1 - 2017/10/30

N2 - Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model.We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes. We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.

AB - Machine learning models hosted in a cloud service are increasingly popular but risk privacy: clients sending prediction requests to the service need to disclose potentially sensitive information. In this paper, we explore the problem of privacy-preserving predictions: after each prediction, the server learns nothing about clients' input and clients learn nothing about the model.We present MiniONN, the first approach for transforming an existing neural network to an oblivious neural network supporting privacy-preserving predictions with reasonable efficiency. Unlike prior work, MiniONN requires no change to how models are trained. To this end, we design oblivious protocols for commonly used operations in neural network prediction models. We show that MiniONN outperforms existing work in terms of response latency and message sizes. We demonstrate the wide applicability of MiniONN by transforming several typical neural network models trained from standard datasets.

KW - privacy

KW - machine learning

KW - neural network predictions

KW - secure two-party computation

M3 - Conference article in proceedings

SP - 619

EP - 631

BT - Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

PB - ACM

T2 - ACM Conference on Computer and Communications Security

Y2 - 30 October 2017 through 3 November 2017

ER -

Oblivious Neural Network Predictions via MiniONN Transformations

Abstract

Conference

Keywords

Access to Document

Fingerprint

Equipment

Science-IT

Cite this