Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
133 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Securing Neural Networks with Knapsack Optimization (2304.10442v2)

Published 20 Apr 2023 in cs.CV

Abstract: MLaaS Service Providers (SPs) holding a Neural Network would like to keep the Neural Network weights secret. On the other hand, users wish to utilize the SPs' Neural Network for inference without revealing their data. Multi-Party Computation (MPC) offers a solution to achieve this. Computations in MPC involve communication, as the parties send data back and forth. Non-linear operations are usually the main bottleneck requiring the bulk of communication bandwidth. In this paper, we focus on ResNets, which serve as the backbone for many Computer Vision tasks, and we aim to reduce their non-linear components, specifically, the number of ReLUs. Our key insight is that spatially close pixels exhibit correlated ReLU responses. Building on this insight, we replace the per-pixel ReLU operation with a ReLU operation per patch. We term this approach 'Block-ReLU'. Since different layers in a Neural Network correspond to different feature hierarchies, it makes sense to allow patch-size flexibility for the various layers of the Neural Network. We devise an algorithm to choose the optimal set of patch sizes through a novel reduction of the problem to the Knapsack Problem. We demonstrate our approach in the semi-honest secure 3-party setting for four problems: Classifying ImageNet using ResNet50 backbone, classifying CIFAR100 using ResNet18 backbone, Semantic Segmentation of ADE20K using MobileNetV2 backbone, and Semantic Segmentation of Pascal VOC 2012 using ResNet50 backbone. Our approach achieves competitive performance compared to a handful of competitors. Our source code is publicly available: https://github.com/yg320/secure_inference.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (44)
  1. Knapsack pruning with inner distillation. arXiv preprint arXiv:2002.08258.
  2. Berger, T. 2003. Rate-distortion theory. Wiley Encyclopedia of Telecommunications.
  3. Rethinking atrous convolution for semantic image segmentation. arXiv preprint arXiv:1706.05587.
  4. Selective network linearization for efficient private inference. In International Conference on Machine Learning, 3947–3961. PMLR.
  5. Contributors, M. 2020a. MMSegmentation: OpenMMLab Semantic Segmentation Toolbox and Benchmark. https://github.com/open-mmlab/mmsegmentation.
  6. Contributors, M. 2020b. OpenMMLab’s Image Classification Toolbox and Benchmark. https://github.com/open-mmlab/mmclassification.
  7. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, 248–255. Ieee.
  8. Coreset-based neural network compression. In Proceedings of the European Conference on Computer Vision (ECCV), 454–470.
  9. The pascal visual object classes (voc) challenge. International journal of computer vision, 88: 303–338.
  10. Circa: Stochastic relus for private deep learning. Advances in Neural Information Processing Systems, 34: 2241–2252.
  11. Cryptonas: Private inference on a relu budget. Advances in Neural Information Processing Systems, 33: 16961–16971.
  12. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International conference on machine learning, 201–210. PMLR.
  13. Deep compression: Compressing deep neural networks with pruning, trained quantization and huffman coding. arXiv preprint arXiv:1510.00149.
  14. Learning both weights and connections for efficient neural network. Advances in neural information processing systems, 28.
  15. Second order derivatives for network pruning: Optimal brain surgeon. Advances in neural information processing systems, 5.
  16. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, 770–778.
  17. Channel pruning for accelerating very deep neural networks. In Proceedings of the IEEE international conference on computer vision, 1389–1397.
  18. Reducing ReLU count for privacy-preserving CNN speedup. arXiv preprint arXiv:2101.11835.
  19. Privacy-preserving machine learning as a service. Proc. Priv. Enhancing Technol., 2018(3): 123–142.
  20. Accurate post training quantization with small calibration sets. In International Conference on Machine Learning, 4466–4475. PMLR.
  21. Deepreduce: Relu reduction for fast private inference. In International Conference on Machine Learning, 4839–4849. PMLR.
  22. {{\{{GAZELLE}}\}}: A low latency framework for secure neural network inference. In 27th USENIX Security Symposium (USENIX Security 18), 1651–1669.
  23. Reconstruction error aware pruning for accelerating neural networks. In Advances in Visual Computing: 14th International Symposium on Visual Computing, ISVC 2019, Lake Tahoe, NV, USA, October 7–9, 2019, Proceedings, Part I 14, 59–72. Springer.
  24. The multiple-choice knapsack problem. Knapsack Problems, 317–347.
  25. Blind faith: Privacy-preserving machine learning using function approximation. In 2021 IEEE Symposium on Computers and Communications (ISCC), 1–7. IEEE.
  26. Cifar-10 (canadian institute for advanced research). URL http://www. cs. toronto. edu/kriz/cifar. html, 5(4): 1.
  27. Cryptflow: Secure tensorflow inference. In 2020 IEEE Symposium on Security and Privacy (SP), 336–353. IEEE.
  28. Numba: A llvm-based python jit compiler. In Proceedings of the Second Workshop on the LLVM Compiler Infrastructure in HPC, 1–6.
  29. Falcon: A fourier transform based approach for fast and secure convolutional neural network predictions. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 8705–8714.
  30. Oblivious neural network predictions via minionn transformations. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 619–631.
  31. Thinet: A filter level pruning method for deep neural network compression. In Proceedings of the IEEE international conference on computer vision, 5058–5066.
  32. ABY3: A mixed protocol framework for machine learning. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, 35–52.
  33. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE symposium on security and privacy (SP), 19–38. IEEE.
  34. Multiparty computation for interval, equality, and comparison without bit-decomposition protocol. In Public Key Cryptography–PKC 2007: 10th International Conference on Practice and Theory in Public-Key Cryptography Beijing, China, April 16-20, 2007. Proceedings 10, 343–360. Springer.
  35. {{\{{ABY2. 0}}\}}: Improved {{\{{Mixed-Protocol}}\}} Secure {{\{{Two-Party}}\}} Computation. In 30th USENIX Security Symposium (USENIX Security 21), 2165–2182.
  36. Chameleon: A hybrid secure computation framework for machine learning applications. In Proceedings of the 2018 on Asia conference on computer and communications security, 707–721.
  37. Reducing duplicate filters in deep neural networks. In NIPS workshop on deep learning: Bridging theory and practice, volume 1, 1.
  38. Mobilenetv2: Inverted residuals and linear bottlenecks. In Proceedings of the IEEE conference on computer vision and pattern recognition, 4510–4520.
  39. Structural pruning via latency-saliency knapsack. Advances in Neural Information Processing Systems, 35: 12894–12908.
  40. Clustering convolutional kernels to compress deep neural networks. In Proceedings of the European conference on computer vision (ECCV), 216–232.
  41. DELPHI: A cryptographic inference service for neural networks. In Proc. 29th USENIX Secur. Symp, 2505–2522.
  42. SecureNN: 3-Party Secure Computation for Neural Network Training. Proc. Priv. Enhancing Technol., 2019(3): 26–49.
  43. Falcon: Honest-majority maliciously secure framework for private deep learning. arXiv preprint arXiv:2004.02229.
  44. Scene parsing through ade20k dataset. In Proceedings of the IEEE conference on computer vision and pattern recognition, 633–641.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Github Logo Streamline Icon: https://streamlinehq.com

GitHub

  1. GitHub - yg320/secure_inference (3 stars)