References & Citations
Computer Science > Cryptography and Security
Title: A Generative Framework for Low-Cost Result Validation of Outsourced Machine Learning Tasks
(Submitted on 31 Mar 2023 (v1), revised 24 Oct 2023 (this version, v2), latest version 25 Apr 2024 (v4))
Abstract: The growing popularity of Machine Learning (ML) has led to its deployment in various sensitive domains, which has resulted in significant research focused on ML security and privacy. However, in some applications, such as autonomous driving, integrity verification of the outsourced ML workload is more critical--a facet that has not received much attention. Existing solutions, such as multi-party computation and proof-based systems, impose significant computation overhead, which makes them unfit for real-time applications. We propose Fides, a novel framework for real-time validation of outsourced ML workloads. Fides features a novel and efficient distillation technique--Greedy Distillation Transfer Learning--that dynamically distills and fine-tunes a space and compute-efficient verification model for verifying the corresponding service model while running inside a trusted execution environment. Fides features a client-side attack detection model that uses statistical analysis and divergence measurements to identify, with a high likelihood, if the service model is under attack. Fides also offers a re-classification functionality that predicts the original class whenever an attack is identified. We devised a generative adversarial network framework for training the attack detection and re-classification models. The evaluation shows that Fides achieves an accuracy of up to 98% for attack detection and 94% for re-classification.
Submission history
From: Reza Tourani [view email][v1] Fri, 31 Mar 2023 19:17:30 GMT (10708kb,D)
[v2] Tue, 24 Oct 2023 22:19:46 GMT (2726kb,D)
[v3] Mon, 30 Oct 2023 14:40:39 GMT (3190kb,D)
[v4] Thu, 25 Apr 2024 01:43:03 GMT (14071kb,D)
Link back to: arXiv, form interface, contact.