Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz
{"title":"A Study on Quantized Parameters for Protection of a Model and Its Inference Input","authors":"Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz","doi":"10.2197/ipsjjip.31.667","DOIUrl":null,"url":null,"abstract":"Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2197/ipsjjip.31.667","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}
引用次数: 0
Abstract
Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
