Robust Encrypted Inference in Deep Learning: A Pathway to Secure Misinformation Detection

To combat the rapid spread of misinformation on social networks, automated misinformation detection systems based on deep neural networks (DNNs) have been developed. However, these tools are often proprietary and lack transparency, which limits their usefulness. Furthermore, privacy concerns limit d...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2024-08, p.1-12
Main Authors: Ali, Hassan, Javed, Rana Tallal, Qayyum, Adnan, AlGhadhban, Amer, Alazmi, Meshari, Alzamil, Ahmad, Al-utaibi, Khaled, Qadir, Junaid
Format: Article
Language:English
Subjects:
Data models
Data privacy
Encrypted Inference (EI)
Fake news
Machine Learning as a Service (MLaaS)
Misinformation detection
Noise
Servers
Social networking (online)
Transforms
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To combat the rapid spread of misinformation on social networks, automated misinformation detection systems based on deep neural networks (DNNs) have been developed. However, these tools are often proprietary and lack transparency, which limits their usefulness. Furthermore, privacy concerns limit data sharing by data owners as well as by data-driven misinformation-detection services. Although data encryption techniques can help address privacy concerns in DNN inference, there is a challenge to the seamless integration of these techniques due to the encryption errors induced by cascaded encrypted operations, as well as a mismatch between the tools used for DNNs and cryptography. In this paper, we make two-fold contributions. Firstly, we study the noise bounds of homomorphic encryption (HE) operations as error propagation in DNN layers and derive two properties that, if satisfied by the layer, will considerably reduce the output error. We identify that L_{2} regularization and sigmoid activation satisfy these properties and validate our hypothesis, for instance, replacing ReLU with sigmoid reduced the output error by 10^{6}\times(best case) to 10\times(worst case). Secondly, we extend the Python encryption library TenSeal by enabling the automatic conversion of a TensorFlow DNN into an encryption-compatible DNN with a few lines of code. These contributions are significant as encryption-friendly DL architectures are sorely needed to close the gap between DL-in-research and DL-in-practice.
ISSN:1545-5971
DOI:10.1109/TDSC.2024.3447629