A Privacy-Preserving Scheme for Convolutional Neural Network-based Applications in Mobile Cloud

In recent years, more and more mobile applications adopt deep learning technologies, especially CNN-based image recognition. To protect service providers' interests, the CNN models are usually deployed on the cloud, and the users are required to upload raw images, which cause serious privacy concerns since images may contain sensitive information unrelated to the desired recognition tasks. The previous solution off-loads the shallow portions of the CNN to the clients, and thus the uploaded data becomes the extracted lower-level features rather than the raw images. Nevertheless, although service providers are prevented from obtaining the original images, it is still probably for them to perform some sensitive recognition tasks other than the desired one on the lower-level features (even after being perturbed to satisfy Differential Privacy). Different from such solution, in this paper, we propose an independent local CNN, which is dedicated for the image perturbation on the clients. It is co-trained with the cloud CNN to learn to intelligently allocate diverse noises among pixels depending on their significance to the desired recognition service. Extensive experiments demonstrate that our mechanism can well prevent curious service providers from performing undesired recognition tasks while maintaining the high accuracy of the desired one.