Skip to main content
SpringerLink
Log in

A Cycle-GAN Based Image Encoding Scheme for Privacy Enhanced Deep Neural Networks

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14424))

Included in the following conference series:

  • 320 Accesses

Abstract

Deep learning model training on cloud platforms typically require users to upload raw input data. However, uploading raw image data to cloud service providers raises serious privacy concerns. To address this problem, we propose a Cycle-Gan based-image transformation scheme that leverages convolutional autoencoder image encoding for domain translation. Our Cycle-GAN based image transformation scheme enhances privacy of deep neural networks while preserving model utility. In this paper, we demonstrate that our Cycle-GAN based image transformation scheme protects visual feature information of sensitive image data. We evaluate the effectiveness of our proposed method to preserve model utility using classification accuracy and robustness against reconstruction attacks using structural similarity index measure (SSIM). The classification accuracy of encoded images using our proposed method is 92.48, 91.05, 90.37 for Chest X-ray, Dermoscopy and OCT datasets, respectively. The SSIM scores for reconstruction attacks where the attacker only has access to the encoded data and corresponding labels are 0.1002, 0.0995 and 0.0329 for Chest X-ray, Dermoscopy and OCT datasets, respectively. Our results demonstrate that the Cycle GAN based encoding scheme effectively enhance privacy while preserving model utility.

Research supported in part by NSF CREST Grant HRD-1736209 (RK) and NSF CAREER Grant CNS-1553696 (RK).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Atallah, M.J., Pantazopoulos, K.N., Rice, J.R., Spafford, E.E.: Secure outsourcing of scientific computations. In: Advances in Computers, vol. 54, pp. 215–272. Elsevier (2002)

    Google Scholar 

  2. Yuan, X., Wang, X., Wang, C., Squicciarini, A., Ren, K.: Enabling privacy-preserving image-centric social discovery. In: Proceedings of the 2014 IEEE 34th International Conference on Distributed Computing Systems, ser. ICDCS 2014, pp. 198–207. IEEE Computer Society, USA (2014). https://doi.org/10.1109/ICDCS.2014.28

  3. Wu, Z., Huang, Y., Wang, L., Wang, X., Tan, T.: A comprehensive study on cross-view gait based human identification with deep CNNs. IEEE Trans. Pattern Anal. Mach. Intell. 39(2), 209–226 (2016)

    Article  Google Scholar 

  4. Packhäuser, K., Gündel, S., Münster, N., Syben, C., Christlein, V., Maier, A.: Is medical chest X-ray data anonymous? arXiv preprint arXiv:2103.08562 (2021)

  5. Ma, X., et al.: Understanding adversarial attacks on deep learning based medical image analysis systems. Pattern Recognit. 110, 107332 (2021). https://doi.org/10.1016/j.patcog.2020.107332

    Article  Google Scholar 

  6. Tanaka, M.: Learnable image encryption. In: 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pp. 1–2 (2018)

    Google Scholar 

  7. Sirichotedumrong, W., Maekawa, T., Kinoshita, Y., Kiya, H.: Privacy-preserving deep neural networks with pixel-based image encryption considering data augmentation in the encrypted domain. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 674–678 (2019)

    Google Scholar 

  8. Sirichotedumrong, W., Kiya, H.: A GAN-based image transformation scheme for privacy-preserving deep neural networks (2020). https://arxiv.org/abs/2006.01342

  9. Li, T., Li, N.: On the tradeoff between privacy and utility in data publishing. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 517–526 (2009)

    Google Scholar 

  10. Zhu, J.-Y., Park, T., Isola, P., Efros, A.A.: Unpaired image-to-image translation using cycle-consistent adversarial networks (2020)

    Google Scholar 

  11. Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science (SFCS 1982), pp. 160–164. IEEE (1982)

    Google Scholar 

  12. Chase, M., Gilad-Bachrach, R., Laine, K., Lauter, K., Rindal, P.: Private collaborative neural network learning. Cryptology ePrint Archive (2017)

    Google Scholar 

  13. Mohassel, P., Zhang, Y.: Secureml: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 19–38 (2017)

    Google Scholar 

  14. Wagh, S., Gupta, D., Chandran, N.: Securenn: 3-party secure computation for neural network training. Proc. Priv. Enhancing Technol. 2019(3), 26–49 (2019)

    Article  Google Scholar 

  15. Nikolaenko, V., Weinsberg, U., Ioannidis, S., Joye, M., Boneh, D., Taft, N.: Privacy-preserving ridge regression on hundreds of millions of records. In: 2013 IEEE Symposium on Security and Privacy, pp. 334–348 (2013)

    Google Scholar 

  16. Aono, Y., Hayashi, T., Trieu Phong, L., Wang, L.: Scalable and secure logistic regression via homomorphic encryption. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, pp. 142–144 (2016)

    Google Scholar 

  17. Bonte, C., Vercauteren, F.: Privacy-preserving logistic regression training. BMC Med. Genomics 11(4), 13–21 (2018)

    Google Scholar 

  18. Crawford, J.L.H., Gentry, C., Halevi, S., Platt, D., Shoup, V.: Doing real work with FHE: the case of logistic regression. Cryptology ePrint Archive, Paper 2018/202 (2018). https://eprint.iacr.org/2018/202

  19. Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5_1

    Chapter  Google Scholar 

  20. Kim, M., Song, Y., Wang, S., Xia, Y., Jiang, X., et al.: Secure logistic regression based on homomorphic encryption: design and evaluation. JMIR Med. Inform. 6(2), e8805 (2018)

    Article  Google Scholar 

  21. Nandakumar, K., Ratha, N., Pankanti, S., Halevi, S.: Towards deep neural network training on encrypted data. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (2019)

    Google Scholar 

  22. Li, T., Sahu, A.K., Talwalkar, A., Smith, V.: Federated learning: challenges, methods, and future directions. IEEE Signal Process. Mag. 37(3), 50–60 (2020)

    Article  Google Scholar 

  23. Bonawitz, K., et al.: Towards federated learning at scale: system design. Proc. Mach. Learn. Syst. 1, 374–388 (2019)

    Google Scholar 

  24. Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-IID data, arXiv preprint arXiv:1806.00582 (2018)

  25. Konečný, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency (2016). https://arxiv.org/abs/1610.05492

  26. McPherson, R., Shokri, R., Shmatikov, V.: Defeating image obfuscation with deep learning, arXiv preprint arXiv:1609.00408 (2016)

  27. Huang, Y., Song, Z., Li, K., Arora, S.: InstaHide: instance-hiding schemes for private distributed learning. In: Daume III, H., Singh, A. (eds.) Proceedings of the 37th International Conference on Machine Learning, ser. Proceedings of Machine Learning Research, vol. 119, pp. 4507–4518. PMLR (2020). https://proceedings.mlr.press/v119/huang20i.html

  28. Yala, A., et al.: Neuracrypt: hiding private health data via random neural networks for public training (2021). https://arxiv.org/abs/2106.02484

  29. Carlini, N., et al.: Is private learning possible with instance encoding? (2020). https://arxiv.org/abs/2011.05315

  30. Raynal, M., Achanta, R., Humbert, M.: Image obfuscation for privacy-preserving machine learning (2020). https://arxiv.org/abs/2010.10139

  31. Carlini, N., Garg, S., Jha, S., Mahloujifar, S., Mahmoody, M., Tramer, F.: Neuracrypt is not private (2021)

    Google Scholar 

  32. Sirichotedumrong, W., Kinoshita, Y., Kiya, H.: Pixel-based image encryption without key management for privacy-preserving deep neural networks. IEEE Access 7, 177844–177855 (2019)

    Article  Google Scholar 

  33. Chen, Z., Zhu, T., Xiong, P., Wang, C., Ren, W.: Privacy preservation for image data: a GAN-based method. Int. J. Intell. Syst. 36(4), 1668–1685 (2021)

    Article  Google Scholar 

  34. Sirichotedumrong, W., Kiya, H.: A GAN-based image transformation scheme for privacy-preserving deep neural networks (2020)

    Google Scholar 

  35. Kermany, D.S., et al.: Identifying medical diagnoses and treatable diseases by image-based deep learning. Cell 172(5), 1122–1131 (2018)

    Article  Google Scholar 

  36. Scarlat, A.: dermoscopic pigmented skin lesions from ham10k (2019). https://www.kaggle.com/drscarlat/melanoma. Accessed 02 May 2020

  37. Rasul, M.F., Kumar Dey, N., Hashem, M.: A comparative study of neural network architectures for lesion segmentation and melanoma detection (2020)

    Google Scholar 

  38. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition (2015). https://arxiv.org/abs/1512.03385

  39. Ulyanov, D., Vedaldi, A., Lempitsky, V.: Instance normalization: the missing ingredient for fast stylization (2017)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Texas at San Antonio, San Antonio, TX, 78249, USA

    David Rodriguez & Ram Krishnan

Authors
  1. David Rodriguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ram Krishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to David Rodriguez or Ram Krishnan .

Editor information

Editors and Affiliations

  1. Griffith University, Gold Coast, QLD, Australia

    Vallipuram Muthukkumarasamy

  2. Centre for Development of Advanced Computing (C-DAC), Bangalore, India

    Sithu D. Sudarsan

  3. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rodriguez, D., Krishnan, R. (2023). A Cycle-GAN Based Image Encoding Scheme for Privacy Enhanced Deep Neural Networks. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49099-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49098-9

  • Online ISBN: 978-3-031-49099-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation