/PrivEdge

Implementation of PrivEdge in Keras, IEEE TIFS.

Primary LanguagePython

PrivEdge

This is the official repository of PrivEdge: From Local to Distributed Private Training and Prediction, a work published in the IEEE Transactions on Information Forensics and Security (TIFS), April, 2020.

Setup

  1. Download source code from GitHub
     git clone https://github.com/smartcameras/PrivEdge.git 
    
  2. Create conda virtual-environment
     conda create --name PrivEdge python=2
    
  3. Activate conda environment
     source activate PrivEdge
    
  4. Install requirements
     pip install -r requirements.txt
    
    Install keras_contrib
     git clone https://www.github.com/keras-team/keras-contrib.git
     cd keras-contrib
     python setup.py install
    

Description

PrivEdge is a technique for privacy-preserving MLaaS that safeguards the privacy of users who provide their data for training, as well as users who use the prediction service. We decompose an N-class classifier into N one-class classifiers. With PrivEdge, each user independently uses their private data to locally train a one-class reconstructive adversarial network (RAN) that succinctly represents their training data. The training phases of the one-class RANs were implemented in Python with the publicly available Keras library. For private prediction, we assume that a non-colluding regulator is available and use the 2-server model of multi-party computation (2PC). We used the ABY library for secure 2PC (i.e. additive secret-sharing and Garbled circuit) with 128-bit security parameter and SIMD circuits.

Data distribution

We model each user as a distinct class:

  1. Go to Dataset directory
cd Dataset
  1. Create/Download your dataset:
wget https://www.kaggle.com/olgabelitskaya/classification-of-handwritten-letters/version/9#LetterColorImages_123.h5
  1. Split and save the N-class dataset to N set for N users:
python Distribute_data.py

Local training

Each user train locally a one-class RAN, which is composed of a reconstructor and a discriminator, on their private data:

python run_train.py

The trained RAN will be save in the saved_model directory. Some visualization of results also will be saved in the images directory.

Prediction

It includes the private reconstruction of each one-class classifier followed by dissimilarity based prediction. We do the accuracy experiments in the python while timing the secure protocols of our prediction using ABY (coming soon):

python test.py

Authors

References

If you use our code, please cite the following paper:

  @article{shamsabadi2020privedge,
    title = {PrivEdge: From Local to Distributed Private Training and Prediction},
    author = {Shamsabadi, Ali Shahin and Gascón, Adrià and Haddadi, Hamed and Cavallaro, Andrea},
    journal = {IEEE Transactions on Information Forensics and Security (TIFS)},
    year = {2020},
    month = April
  }

License

The content of this project itself is licensed under the Creative Commons Non-Commercial (CC BY-NC).