政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/131633
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113318/144297 (79%)
Visitors : 50959957      Online Users : 961
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/131633


    Title: 結合隱私保護功能之GRU預測模型框架
    A Study on Privacy-preserving GRU Inference Framework
    Authors: 蕭守晴
    Hsiao, Shou-Ching
    Contributors: 左瑞麟
    Tso, Ray-Lin
    蕭守晴
    Hsiao, Shou-Ching
    Keywords: 隱私保護
    Gated Recurrent Unit模型
    秘密分享
    Universal Composability架構
    Privacy-preserving
    Gated Recurrent Unit Model
    Secret Sharing
    Universal Composability Framework
    Date: 2020
    Issue Date: 2020-09-02 12:15:48 (UTC+8)
    Abstract: Gated Recurrent Unit (GRU) 模型具有廣泛應用,包括情緒分析、語音辨識、惡意程式分析等領域。在提供服務階段,模型擁有者常選擇雲端機器學習服務 (Machine-learning-as-a-service, MLaaS) 作為系統架構,因其提供企業以低建置成本部屬模型且達到高效能機器學習服務;然而,資料上傳至雲端會產生隱私疑慮,包括模型隱私、使用者資料隱私以及預測結果隱私,無論是雲端代管商遭受外部入侵或內部員工竊取,都有可能造成隱私洩漏。本篇研究主要針對含有隱私資料的預測情境,如文字資料、網路封包資料、醫療心電圖等資料,並選用能學習時序關聯性的 GRU 模型來設計隱私保護預測框架。考量系統的準確度與效能,本文採用秘密分享 (Secret Sharing) 機制作為主要保護隱私方式,並設計基於秘密分享的 GRU 系統架構與演算法。由於所有雲端上的運算都針對分享秘密 (Secret Shares) 進行,任何一方都無法從部分秘密得知原本的模型參數、預測資料及預測結果,其安全性在半誠實攻擊者模型下可透過Universal Composability證明,並確保能安全地套用至不同架構之 GRU 模型。除此之外,本文也透過實作證實架構與演算法的正確性,並分別以時間與準確度呈現實驗結果。
    Gated Recurrent Unit (GRU) has broad application fields, such as sentiment analysis, speech recognition, malware analysis, and other sequential data processing. For low-cost deployment and efficient machine learning services, a growing number of model owners choose to deploy the trained GRU models through Machine-learning-as-a-service (MLaaS). However, privacy has become a significant concern for both model owners and prediction clients, including model weights privacy, input data privacy, and output results privacy. The privacy leakage may be caused by either external intrusion or insider attacks. To address the above issues, this research designs a framework for privacy-preserving GRU models, which aims for privacy scenarios such as predicting on textual data, network packets, heart rate data, and so on. In consideration of accuracy and efficiency, this research uses additive secret sharing to design the basic operations and gating mechanisms of GRU. The protocols can meet the security requirements of privacy and correctness under the Universal Composability framework with the semi-honest adversary. Additionally, the framework and protocols are realized with a proof-of-concept implementation. The experimental results are presented with respect to time consumption and inference accuracy.
    Reference: [1] M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, and L. Zhang. Deep
    learning with differential privacy. In Proceedings of the 2016 ACM SIGSAC Conference on
    Computer and Communications Security, pages 308–318, 2016.
    [2] A. F. Agarap and F. J. H. Pepito. Towards Building an Intelligent Anti-Malware System: A Deep
    Learning Approach using Support Vector Machine (SVM) for Malware Classification. arXiv
    preprint arXiv:1801.00318, 2017.
    [3] G. Beigi, K. Shu, R. Guo, S. Wang, and H. Liu. Privacy Preserving Text Representation Learning.
    Proceedings of the 30th on Hypertext and Social Media (HT’19). ACM, 2019.
    [4] S. Biswas, E. Chadda, and F. Ahmad. Sentiment Analysis with Gated Recurrent Units. Department
    of Computer Engineering. Annual Report Jamia Millia Islamia New Delhi, India, 2015.
    [5] G. R. Blakley. Safeguarding cryptographic keys. In 1979 International Workshop on Managing
    Requirements Knowledge (MARK), pages 313–318. IEEE, 1979.
    [6] R. Canetti. Security and Composition of Multiparty Cryptographic Protocols. Journal of CRYPTOLOGY,
    13(1):143–202, 2000.
    [7] R. Canetti. Universally Composable Security: A New Paradigm for Cryptographic Protocols.
    In Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pages 136–145.
    IEEE, 2001.
    [8] R. Canetti. Security and composition of cryptographic protocols: a tutorial (part i). ACM SIGACT
    News, 37(3):67–92, 2006.
    [9] R. Canetti, A. Cohen, and Y. Lindell. A Simpler Variant of Universally Composable Security
    for Standard Multiparty Computation. In Annual Cryptology Conference, pages 3–22. Springer,
    2015.
    [10] T. Capes, P. Coles, A. Conkie, L. Golipour, A. Hadjitarkhani, Q. Hu, N. Huddleston, M. Hunt,
    J. Li, M. Neeracher, et al. Siri On-Device Deep Learning-Guided Unit Selection Text-to-Speech
    System. In INTERSPEECH, pages 4011–4015, 2017.
    [11] H. Chabanne, A. de Wargny, J. Milgram, C. Morel, and E. Prouff. Privacy-preserving Classification
    on Deep Neural Network. IACR Cryptology ePrint Archive, 2017:35, 2017.
    [12] C.-C. Chiu, T. N. Sainath, Y. Wu, R. Prabhavalkar, P. Nguyen, Z. Chen, A. Kannan, R. J.
    Weiss, K. Rao, E. Gonina, et al. State-of-the-art Speech Recognition with Sequence-to-sequence
    Models. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing
    (ICASSP), pages 4774–4778. IEEE, 2018.
    [13] K. Cho, B. Van Merriënboer, C. Gulcehre, D. Bahdanau, F. Bougares, H. Schwenk, and Y. Bengio.
    Learning Phrase Representations using RNN Encoder-decoder for Statistical Machine
    Translation. arXiv preprint arXiv:1406.1078, 2014.
    [14] J. Chung, C. Gulcehre, K. Cho, and Y. Bengio. Empirical Evaluation of Gated Recurrent Neural
    Networks on Sequence Modeling. arXiv preprint arXiv:1412.3555, 2014.
    [15] M. De Cock, R. Dowsley, A. C. Nascimento, D. Reich, and A. Todoki. Privacy-Preserving
    Classification of Personal Text Messages with Secure Multi-Party Computation: An Application
    to Hate-Speech Detection. arXiv preprint arXiv:1906.02325, 2019.
    [16] W. Diffie and M. Hellman. New Directions in Cryptography. IEEE transactions on Information
    Theory, 22(6):644–654, 1976.
    [17] W. Du and M. J. Atallah. Protocols for Secure Remote Database Access with Approximate
    Matching. In E-Commerce Security and Privacy, pages 87–111. Springer, 2001.
    [18] C. Dwork. Differential Privacy. Encyclopedia of Cryptography and Security, pages 338–340,
    2011.
    [19] M. Fredrikson, E. Lantz, S. Jha, S. Lin, D. Page, and T. Ristenpart. Privacy in pharmacogenetics:
    An end-to-end case study of personalized warfarin dosing. In 23rd fUSENIXg Security
    Symposium (fUSENIXg Security 14), pages 17–32, 2014.
    [20] R. Fu, Z. Zhang, and L. Li. Using LSTM and GRU Neural Network Methods for Traffic Flow
    Prediction. In 2016 31st Youth Academic Annual Conference of Chinese Association of Automation
    (YAC), pages 324–328. IEEE, 2016.
    [21] R. Gilad-Bachrach, N. Dowlin, K. Laine, K. Lauter, M. Naehrig, and J. Wernsing. Cryptonets:
    Applying neural networks to encrypted data with high throughput and accuracy. In International
    Conference on Machine Learning, pages 201–210, 2016.
    [22] O. Goldreich. Foundations of Cryptography: volume 1, basic tools. Cambridge university press,
    2007.
    [23] O. Goldreich. Foundations of cryptography: volume 2, basic applications. Cambridge university
    press, 2009.
    [24] O. Goldreich, S. Micali, and A. Wigderson. How to Play Any Mental Game, or A Completeness
    Theorem for Protocols with Honest Majority. In Providing Sound Foundations for Cryptography:
    On the Work of Shafi Goldwasser and Silvio Micali, pages 307–328. 2019.
    [25] Q. Gu, N. Lu, and L. Liu. A Novel Recurrent Neural Network Algorithm with Long Short-term
    Memory Model for Futures Trading. Journal of Intelligent & Fuzzy Systems, 37(4):1–8.
    [26] X. Hu, L. Liang, L. Deng, S. Li, X. Xie, Y. Ji, Y. Ding, C. Liu, T. Sherwood, and Y. Xie. Neural
    network model extraction attacks in edge devices by hearing architectural hints. arXiv preprint
    arXiv:1903.03916, 2019.
    [27] Y. Huang. Practical Secure Two-party Computation. PhD thesis, Citeseer, 2012.
    [28] T. Hunt, C. Song, R. Shokri, V. Shmatikov, and E. Witchel. Chiron: Privacy-preserving Machine
    Learning as a Service. arXiv preprint arXiv:1803.05961, 2018.
    [29] Z. Ji, Z. C. Lipton, and C. Elkan. Differential Privacy and Machine Learning: A Survey and
    Review. arXiv preprint arXiv:1412.7584, 2014.
    [30] C. Juvekar, V. Vaikuntanathan, and A. Chandrakasan. GAZELLE: A Low Latency Framework
    for Secure Neural Network Inference. In 27th USENIX Security Symposium (USENIX Security
    18), pages 1651–1669, 2018.
    [31] R. Küsters and D. Rausch. A framework for universally composable diffie-hellman key exchange.
    In 2017 IEEE Symposium on Security and Privacy (SP), pages 881–900. IEEE, 2017.
    [32] R. Küsters and M. Tuengerthal. Universally composable symmetric encryption. In 2009 22nd
    IEEE Computer Security Foundations Symposium, pages 293–307. IEEE, 2009.
    [33] Y. Li, T. Baldwin, and T. Cohn. Towards Robust and Privacy-preserving Text Representations.
    arXiv preprint arXiv:1805.06093, 2018.
    [34] Y. Lindell. How to Simulate It–A Tutorial on the Simulation Proof Technique. In Tutorials on
    the Foundations of Cryptography, pages 277–346. Springer, 2017.
    [35] J. Liu, M. Juuti, Y. Lu, and N. Asokan. Oblivious Neural Network Predictions via Minionn
    Transformations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications
    Security, pages 619–631. ACM, 2017.
    [36] L. Ma, S. Liu, and Y. Wang. A DRM model based on Proactive Secret Sharing Scheme for P2P
    Networks. In 9th IEEE International Conference on Cognitive Informatics (ICCI’10), pages
    859–862. IEEE, 2010.
    [37] A. L. Maas, R. E. Daly, P. T. Pham, D. Huang, A. Y. Ng, and C. Potts. Learning Word Vectors
    for Sentiment Analysis. In Proceedings of the 49th annual meeting of the association for computational
    linguistics: Human language technologies, volume 1, pages 142–150. Association for
    Computational Linguistics, 2011.
    [38] P. Mohassel and Y. Zhang. Secureml: A System for Scalable Privacy-preserving Machine Learning.
    In 2017 IEEE Symposium on Security and Privacy (SP), pages 19–38. IEEE, 2017.
    [39] T. B. Pedersen, Y. Saygın, and E. Savaş. Secret Sharing vs. Encryption-based Techniques for
    Privacy Preserving Data Mining. 2007.
    [40] P. Poomka, W. Pongsena, N. Kerdprasop, and K. Kerdprasop. Sms spam detection based on
    long short-term memory and gated recurrent unit. International Journal of Future Computer
    and Communication, 8(1), 2019.
    [41] M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider, and F. Koushanfar.
    Chameleon: A Hybrid Secure Computation Framework for Machine Learning Applications. In
    Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pages
    707–721. ACM, 2018.
    [42] M. Ribeiro, K. Grolinger, and M. A. Capretz. Mlaas: Machine learning as a service. In 2015
    IEEE 14th International Conference on Machine Learning and Applications (ICMLA), pages
    896–902. IEEE, 2015.
    [43] V. Rijmen and J. Daemen. Advanced encryption standard. Proceedings of Federal Information
    Processing Standards Publications, National Institute of Standards and Technology, pages 19–
    22, 2001.
    [44] R. L. Rivest, L. Adleman, M. L. Dertouzos, et al. On Data Banks and Privacy Homomorphisms.
    Foundations of secure computation, 4(11):169–180, 1978.
    [45] B. D. Rouhani, M. S. Riazi, and F. Koushanfar. Deepsecure: Scalable Provably-secure Deep
    Learning. In Proceedings of the 55th Annual Design Automation Conference, page 2. ACM,
    2018.
    [46] S. van der Walt, S.C. Colbert, and G. Varoquaux. The NumPy Array: A Structure for Efficient
    Numerical Computation. Computing in Science Engineering, 13(2):22–30, March 2011.
    [47] N. Saleem, M. Irfan Khattak, and A. B. Qazi. Supervised Speech Enhancement based on Deep
    Neural Network. Journal of Intelligent & Fuzzy Systems, 37(4):5187–5201, 2019.
    [48] A. Shamir. How to Share a Secret. Communications of the ACM, 22(11):612–613, 1979.
    [49] D. Takabi, R. Podschwadt, J. Druce, C. Wu, and K. Procopio. Privacy Preserving Neural Network
    Inference on Encrypted Data with GPUs. arXiv preprint arXiv:1911.11377, 2019.
    [50] S. Wagh, D. Gupta, and N. Chandran. SecureNN: 3-Party Secure Computation for Neural Network
    Training. Proceedings on Privacy Enhancing Technologies, 1:24, 2019.
    [51] L. Wang, X. Shen, J. Li, J. Shao, and Y. Yang. Cryptographic Primitives in Blockchains. Journal
    of Network and Computer Applications, 127:43–58, 2019.
    [52] A. C.-C. Yao. How to Generate and Exchange Secrets. In 27th Annual Symposium on Foundations
    of Computer Science (SFCS 1986), pages 162–167. IEEE, 1986.
    [53] W. Yin, K. Kann, M. Yu, and H. Schütze. Comparative Study of CNN and RNN for Natural
    Language Processing. arXiv preprint arXiv:1702.01923, 2017.
    [54] Z. Ying, S. Cao, P. Zhou, S. Zhang, and X. Liu. Lightweight outsourced privacy-preserving heart
    failure prediction based on gru. In International Conference on Algorithms and Architectures
    for Parallel Processing, pages 521–536. Springer, 2019.
    [55] A. Zhang, Z. C. Lipton, M. Li, and A. J. Smola. Dive into Deep Learning. 2020. https:
    //d2l.ai.
    Description: 碩士
    國立政治大學
    資訊科學系
    107753010
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0107753010
    Data Type: thesis
    DOI: 10.6814/NCCU202001474
    Appears in Collections:[Department of Computer Science ] Theses

    Files in This Item:

    File Description SizeFormat
    301001.pdf4558KbAdobe PDF20View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback