Interpretable Complex-Valued Neural Networks for Privacy Protection
This addresses privacy protection in neural networks for applications where data sensitivity is a concern, representing an incremental improvement by adapting existing methods to enhance security.
The paper tackles the problem of preventing adversarial inference of input information from intermediate-layer features in neural networks, proposing a method that transforms real-valued features into complex-valued ones with randomized phases to hide inputs, and reports that it significantly reduces inference ability while largely preserving accuracy.
Previous studies have found that an adversary attacker can often infer unintended input information from intermediate-layer features. We study the possibility of preventing such adversarial inference, yet without too much accuracy degradation. We propose a generic method to revise the neural network to boost the challenge of inferring input attributes from features, while maintaining highly accurate outputs. In particular, the method transforms real-valued features into complex-valued ones, in which the input is hidden in a randomized phase of the transformed features. The knowledge of the phase acts like a key, with which any party can easily recover the output from the processing result, but without which the party can neither recover the output nor distinguish the original input. Preliminary experiments on various datasets and network structures have shown that our method significantly diminishes the adversary's ability in inferring about the input while largely preserves the resulting accuracy.