Skip to main content
SpringerLink
Log in

ScrambleMix: A Privacy-Preserving Image Processing for Edge-Cloud Machine Learning

  • Conference paper
  • First Online:
Image and Video Technology (PSIVT 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14403))

Included in the following conference series:

  • 84 Accesses

Abstract

This paper proposes ScrambleMix, a novel privacy-preserving image processing for edge-cloud machine learning. ScrambleMix combines image scrambling and AugMix to improve visual information hiding. Specifically, to make two scrambled images from a single input image, each copy of the input image is scrambled using a different key every time. Then, the scrambled images are mixed with a randomly sampled mixing ratio. A self-teaching loss is introduced to improve the classification performance of ScrambleMix. In this study, we first evaluate the visual information hiding quantitatively using Learned Perceptual Image Patch Similarity (LPIPS). Then, the experiments with different settings demonstrate the proposed ScrambleMix outperforms the existing approaches for edge-cloud machine learning in terms of both classification accuracy and visual information hiding.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The reproduction code will be available when the paper is accepted.

  2. 2.

    https://github.com/Hazelsuko07/InstaHide.

  3. 3.

    https://github.com/mastnk/ICCE-TW2018.

  4. 4.

    https://github.com/carlini/privacy/tree/instahide/research/instahide_attack_2020.

  5. 5.

    https://github.com/Hazelsuko07/InstaHide_Challenge,.

References

  1. Abadi, M., et al.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (SIGSAC), October 2016

    Google Scholar 

  2. Carlini, N., et al.: Is private learning possible with instance encoding? In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 410–427. IEEE (2021)

    Google Scholar 

  3. Chuman, T., Sirichotedumrong, W., Kiya, H.: Encryption-then-compression systems using grayscale-based image encryption for jpeg images. IEEE Trans. Inf. Forensics Secur. 14, 1515–1525 (2019)

    Article  Google Scholar 

  4. He, K., Zhang, X., Ren, S., Sun, J.: Spatial pyramid pooling in deep convolutional networks for visual recognition. IEEE Trans. Pattern Anal. Mach. Intell. 37, 1904–1916 (2015)

    Article  Google Scholar 

  5. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 770–778 (2016)

    Google Scholar 

  6. Hendrycks, D., Mu, N., Cubuk, E.D., Zoph, B., Gilmer, J., Lakshminarayanan, B.: AugMix: a simple data processing method to improve robustness and uncertainty. In: Proceedings of the International Conference on Learning Representations (ICLR) (2020)

    Google Scholar 

  7. Huang, Y., Song, Z., Li, K., Arora, S.: InstaHide: instance-hiding schemes for private distributed learning. In: Daumé III, H., Singh, A., (eds.) Proceedings of the 37th International Conference on Machine Learning (ICML), vol. 119, Proceedings of Machine Learning Research, pp. 4507–4518. PMLR, 13–18 July 2020

    Google Scholar 

  8. Konečný, J., Brendan McMahan, H., Yu, F.X., Richtarik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. In: NIPS Workshop on Private Multi-Party Machine Learning (2016)

    Google Scholar 

  9. Krizhevsky, A.: Learning multiple layers of features from tiny images. Master’s thesis, University of Tront (2009)

    Google Scholar 

  10. Kullback, S., Leibler, R.A.: On information and sufficiency. Ann. Math. Statist. 22(1), 79–86 (1951)

    Article  MathSciNet  Google Scholar 

  11. Liu, Z., Wu, Z., Gan, C., Zhu, L., Han, S.: Datamix: efficient privacy-preserving edge-cloud inference. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) (2020)

    Google Scholar 

  12. Gontijo Lopes, R., Yin, D., Poole, B., Gilmer, J., Cubuk, E.D.: Improving robustness without sacrificing accuracy with patch gaussian augmentation. arXiv preprint arXiv:1906.02611 (2019)

  13. Madono, K., Tanaka, M., Onishi, M., Ogawa, T.: Block-wise scrambled image recognition using adaptation network. In: Workshop on AAAI conference Artificial Intellignece (AAAI-WS), abs/2001.07761 (2020)

    Google Scholar 

  14. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In Proceedings of the International Conference on Learning Representations (ICLR). OpenReview.net (2018)

    Google Scholar 

  15. McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)

    Google Scholar 

  16. Yuval Netzer, Tao Wang, Adam Coates, Alessandro Bissacco, Bo Wu, and Andrew Y. Ng. Reading digits in natural images with unsupervised feature learning. In NIPS Workshop on Deep Learning and Unsupervised Feature Learning 2011, 2011

    Google Scholar 

  17. Salimans, T., et al.: Improved techniques for training GANs. In: Lee, D., Sugiyama, M., Luxburg, U., Guyon, I., Garnett, R., (eds.) Advances in Neural Information Processing Systems (NIPS), vol. 29. Curran Associates Inc. (2016)

    Google Scholar 

  18. Singh, S., Jeong, Y.-S., Park, J.H.: A survey on cloud computing security: issues, threats, and solutions. J. Netw. Comput. Appl. 75, 200–222 (2016)

    Article  Google Scholar 

  19. Sirichotedumrong, W., Kinoshita, Y., Kiya, H.: Pixel-based image encryption without key management for privacy-preserving deep neural networks. IEEE Access 7, 177844–177855 (2019)

    Article  Google Scholar 

  20. Sirichotedumrong, W., Maekawa, T., Kinoshita, Y., Kiya, H.: Privacy-preserving deep neural networks with pixel-based image encryption considering data augmentation in the encrypted domain. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 674–678. IEEE (2019)

    Google Scholar 

  21. Takahashi, R., Matsubara, T., Uehara, K.: Data augmentation using random image cropping and patching for deep CNNs. IEEE Trans. Circuits Syst. Video Technol. 30, 2917–2931 (2019)

    Article  Google Scholar 

  22. Tanaka, M.: Learnable image encryption. In: 2018 IEEE International Conference on Consumer Electronics-Taiwan (ICCE-TW), pp. 1–2. IEEE (2018)

    Google Scholar 

  23. Taylor, L., Nitschke, G.S.: Improving deep learning with generic data augmentation. In: 2018 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1542–1547 (2018)

    Google Scholar 

  24. Tokozume, Y., Ushiku, Y., Harada, T.: Between-class learning for image classification. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 5486–5494 (2018)

    Google Scholar 

  25. van Elsloo, T., Patrini, G., Ivey-Law, H.: Sealion: a framework for neural network inference on encrypted data (2019). arXiv:1904.12840

  26. Yamada, Y., Iwamura, M., Akiba, T., Kise, K.: Shakedrop regularization for deep residual learning. IEEE Access 7, 186126–186136 (2019)

    Article  Google Scholar 

  27. Yun, et al.: Cutmix: regularization strategy to train strong classifiers with localizable features. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 6023–6032 (2019)

    Google Scholar 

  28. Zagoruyko, S., Komodakis, N.: Wide residual networks. In: Hancock, E.R., Wilson, R.C., Smith, W.A.P., (eds.) Proceedings of the British Machine Vision Conference (BMVC), pp. 87.1–87.12. BMVA Press, September 2016

    Google Scholar 

  29. Zhang, H., Cissé, M., Dauphin, Y.N., Lopez-Paz, D.: mixup: beyond empirical risk minimization. In: Proceedings of the International Conference on Learning Representations (ICLR). OpenReview.net (2018)

    Google Scholar 

  30. Zhang, R., Isola, P., Efros, A.A., Shechtman, E., Wang, O.: The unreasonable effectiveness of deep features as a perceptual metric. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 586–595 (2018)

    Google Scholar 

  31. Zhong, Z., Zheng, L., Kang, G., Li, S., Yang, Y.: Random erasing data augmentation. In: Association for the Advancement of Artificial Intelligence (AAAI), pp. 13001–13008 (2020)

    Google Scholar 

  32. Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. In: Wallach, H., Larochelle, H., Beygelzimer, A., d’Alché-Buc, F., Fox, E., Garnett, R., (eds.), Advances in Neural Information Processing Systems, vol. 32. Curran Associates Inc. (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Communications and Computer Engineering, Waseda University, Tokyo, Japan

    Koki Madono

  2. National Institute of Advanced Industrial Science and Technology (AIST), Tokyo, Japan

    Masayuki Tanaka

  3. Tokyo Institute of Technology, Tokyo, Japan

    Masayuki Tanaka & Masaki Onishi

Authors
  1. Koki Madono
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Masayuki Tanaka
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masaki Onishi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Koki Madono .

Editor information

Editors and Affiliations

  1. Auckland University of Technology, Auckland, New Zealand

    Wei Qi Yan

  2. Auckland University of Technology, Auckland, New Zealand

    Minh Nguyen

  3. Auckland University of Technology, Auckland, New Zealand

    Parma Nand

  4. Auckland University of Technology, Auckland, New Zealand

    Xuejun Li

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Madono, K., Tanaka, M., Onishi, M. (2024). ScrambleMix: A Privacy-Preserving Image Processing for Edge-Cloud Machine Learning. In: Yan, W.Q., Nguyen, M., Nand, P., Li, X. (eds) Image and Video Technology. PSIVT 2023. Lecture Notes in Computer Science, vol 14403. Springer, Singapore. https://doi.org/10.1007/978-981-97-0376-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-0376-0_25

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-0375-3

  • Online ISBN: 978-981-97-0376-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation