Controlling the privacy loss with the input feature maps of the layers in convolutional neural networks
This work addresses privacy concerns for users of CNNs in sensitive applications, but it appears incremental as it builds on existing sanitization techniques with a novel control mechanism.
The paper tackles the problem of privacy leakage in convolutional neural networks by sanitizing input feature maps, enabling control over privacy loss through a sample-and-hold approximation scheme that adjusts the degree of sanitization based on application-specific needs.
We propose the method to sanitize the privacy of the IFM(Input Feature Map)s that are fed into the layers of CNN(Convolutional Neural Network)s. The method introduces the degree of the sanitization that makes the application using a CNN be able to control the privacy loss represented as the ratio of the probabilistic accuracies for original IFM and sanitized IFM. For the sanitization of an IFM, the sample-and-hold based approximation scheme is devised to satisfy an application-specific degree of the sanitization. The scheme approximates an IFM by replacing all the samples in a window with the non-zero sample closest to the mean of the sampling window. It also removes the dependency on CNN configuration by unfolding multi-dimensional IFM tensors into one-dimensional streams to be approximated.