This is the official repository of PrivEdge: From Local to Distributed Private Training and Prediction, a work published in the IEEE Transactions on Information Forensics and Security (TIFS), April, 2020.
- Download source code from GitHub
git clone https://github.com/smartcameras/PrivEdge.git - Create conda virtual-environment
conda create --name PrivEdge python=2 - Activate conda environment
source activate PrivEdge - Install requirements
Install keras_contrib
pip install -r requirements.txtgit clone https://www.github.com/keras-team/keras-contrib.git cd keras-contrib python setup.py install
PrivEdge is a technique for privacy-preserving MLaaS that safeguards the privacy of users who provide their data for training, as well as users who use the prediction service. We decompose an N-class classifier into N one-class classifiers. With PrivEdge, each user independently uses their private data to locally train a one-class reconstructive adversarial network (RAN) that succinctly represents their training data. The training phases of the one-class RANs were implemented in Python with the publicly available Keras library. For private prediction, we assume that a non-colluding regulator is available and use the 2-server model of multi-party computation (2PC). We used the ABY library for secure 2PC (i.e. additive secret-sharing and Garbled circuit) with 128-bit security parameter and SIMD circuits.
We model each user as a distinct class:
- Go to Dataset directory
cd Dataset
- Create/Download your dataset:
wget https://www.kaggle.com/olgabelitskaya/classification-of-handwritten-letters/version/9#LetterColorImages_123.h5
- Split and save the N-class dataset to N set for N users:
python Distribute_data.py
Each user train locally a one-class RAN, which is composed of a reconstructor and a discriminator, on their private data:
python run_train.py
The trained RAN will be save in the saved_model directory. Some visualization of results also will be saved in the images directory.
It includes the private reconstruction of each one-class classifier followed by dissimilarity based prediction. We do the accuracy experiments in the python while timing the secure protocols of our prediction using ABY (coming soon):
python test.py
If you use our code, please cite the following paper:
@article{shamsabadi2020privedge,
title = {PrivEdge: From Local to Distributed Private Training and Prediction},
author = {Shamsabadi, Ali Shahin and Gascón, Adrià and Haddadi, Hamed and Cavallaro, Andrea},
journal = {IEEE Transactions on Information Forensics and Security (TIFS)},
year = {2020},
month = April
}
The content of this project itself is licensed under the Creative Commons Non-Commercial (CC BY-NC).