Fake Gradient: A Security and Privacy Protection Framework for DNN-based Image Classification

Xianglong Feng, Yi Xie, Mengmei Ye, Zhongze Tang, Bo Yuan, Sheng Wei

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep neural networks (DNNs) have demonstrated phenomenal success in image classification applications and are widely adopted in multimedia internet of things (IoT) use cases, such as smart home systems. To compensate for the limited resources on the IoT devices, the computation-intensive image classification tasks are often offloaded to remote cloud services. However, the offloading-based image classification could pose significant security and privacy concerns to the user data and the DNN model, leading to effective adversarial attacks that compromise the classification accuracy. The existing defense methods either impact the original functionality or result in high computation or model re-training overhead. In this paper, we develop a novel defense approach, namely Fake Gradient, to protect the privacy of the data and defend against adversarial attacks based on encryption of the output. Fake Gradient can hide the real output information by generating fake classes and further mislead the adversarial perturbation generation based on fake gradient knowledge, which helps maintain a high classification accuracy on the perturbed data. Our evaluations using ImageNet and 7 popular DNN models indicate that Fake Gradient is effective in protecting the privacy and defending against adversarial attacks targeting image classification applications.

Original languageEnglish (US)
Title of host publicationMM 2021 - Proceedings of the 29th ACM International Conference on Multimedia
PublisherAssociation for Computing Machinery, Inc
Pages5510-5518
Number of pages9
ISBN (Electronic)9781450386517
DOIs
StatePublished - Oct 17 2021
Event29th ACM International Conference on Multimedia, MM 2021 - Virtual, Online, China
Duration: Oct 20 2021Oct 24 2021

Publication series

NameMM 2021 - Proceedings of the 29th ACM International Conference on Multimedia

Conference

Conference29th ACM International Conference on Multimedia, MM 2021
Country/TerritoryChina
CityVirtual, Online
Period10/20/2110/24/21

All Science Journal Classification (ASJC) codes

  • Human-Computer Interaction
  • Software
  • Computer Graphics and Computer-Aided Design

Keywords

  • adversarial attack
  • deep neural network
  • image classification

Fingerprint

Dive into the research topics of 'Fake Gradient: A Security and Privacy Protection Framework for DNN-based Image Classification'. Together they form a unique fingerprint.

Cite this