Zhiqiang Wang, Jiahui Hou, Haifeng Sun, Jingmiao Zhang, Yunhao Yao, Haikuo Yu, and Xiang-Yang Li, University of Science and Technology of China
Cloud-based model training presents significant privacy challenges, as users must upload personal data for training high-performance models. Once uploaded, this data goes beyond the user's control and could be misused for other purposes. Users need tools to control the usage scope of the uploaded training data, preventing unauthorized training without compromising authorized training. Unfortunately, existing solutions overlook this issue.
In this paper, we propose and achieve a unique privacy-utility goal tailored for cloud-based model training, considering both user demand and legal requirements. Our approach provides task-level control of training data usage, simultaneously ensuring each protected data exhibits noticeable visual changes to address fundamental privacy concerns. We introduce carefully designed noise to each training data for privacy protection. These noises are designed to provide visual protection while minimizing the shifts in the feature domain through adversarial optimization. By adjusting the correlation between noise and class labels, we guide the model to learn the correct features for the target task while preventing unauthorized privacy task training. Additionally, we introduce the overflow matrix for compatibility with existing encoding and transmission frameworks. Real-world experiments demonstrate that it can simultaneously protect visual privacy (SSIM is 0.028) and prevent unauthorized model training (protection success rate achieved 100%), while the accuracy of the target task model is slightly reduced by about 1.8%.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
