References & Citations
Computer Science > Cryptography and Security
Title: A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference
(Submitted on 31 Mar 2023 (v1), last revised 25 Apr 2024 (this version, v4))
Abstract: The growing popularity of Machine Learning (ML) has led to its deployment in various sensitive domains, which has resulted in significant research focused on ML security and privacy. However, in some applications, such as Augmented/Virtual Reality, integrity verification of the outsourced ML tasks is more critical--a facet that has not received much attention. Existing solutions, such as multi-party computation and proof-based systems, impose significant computation overhead, which makes them unfit for real-time applications. We propose Fides, a novel framework for real-time integrity validation of ML-as-a-Service (MLaaS) inference. Fides features a novel and efficient distillation technique--Greedy Distillation Transfer Learning--that dynamically distills and fine-tunes a space and compute-efficient verification model for verifying the corresponding service model while running inside a trusted execution environment. Fides features a client-side attack detection model that uses statistical analysis and divergence measurements to identify, with a high likelihood, if the service model is under attack. Fides also offers a re-classification functionality that predicts the original class whenever an attack is identified. We devised a generative adversarial network framework for training the attack detection and re-classification models. The evaluation shows that Fides achieves an accuracy of up to 98% for attack detection and 94% for re-classification.
Submission history
From: Reza Tourani [view email][v1] Fri, 31 Mar 2023 19:17:30 GMT (10708kb,D)
[v2] Tue, 24 Oct 2023 22:19:46 GMT (2726kb,D)
[v3] Mon, 30 Oct 2023 14:40:39 GMT (3190kb,D)
[v4] Thu, 25 Apr 2024 01:43:03 GMT (14071kb,D)
Link back to: arXiv, form interface, contact.