模型及其推理输入保护的量化参数研究

Q4 Computer Science

Journal of Information Processing Pub Date : 2023-01-01 DOI:10.2197/ipsjjip.31.667

Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz

{"title":"模型及其推理输入保护的量化参数研究","authors":"Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz","doi":"10.2197/ipsjjip.31.667","DOIUrl":null,"url":null,"abstract":"Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.","PeriodicalId":16243,"journal":{"name":"Journal of Information Processing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Study on Quantized Parameters for Protection of a Model and Its Inference Input\",\"authors\":\"Hiromasa Kitai, Naoto Yanai, Kazuki Iwahana, Masataka Tatsumi, Jason Paul Cruz\",\"doi\":\"10.2197/ipsjjip.31.667\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.\",\"PeriodicalId\":16243,\"journal\":{\"name\":\"Journal of Information Processing\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Processing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2197/ipsjjip.31.667\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Computer Science\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2197/ipsjjip.31.667","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

摘要

使用安全计算保护机器学习模型及其推理输入对于提供具有有价值模型的服务非常重要。本文讨论了模型的参数量化是如何保护模型及其推理输入的。为此，我们提出了一种名为MOTUS的研究性协议，该协议基于三元神经网络，其参数是三元化的。通过MOTUS的大量实验，我们发现了三个关键的见解。首先，三元神经网络可以避免由于模运算的安全计算而导致的精度下降。其次，模型候选参数的增加比现有的精度改进技术(即批处理归一化)更能显著提高精度。第三，与仅保护推理输入的现有协议相比，同时保护模型和推理输入可将推理吞吐量降低4到7倍，以提供相同级别的准确性。我们已经通过GitHub发布了源代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Study on Quantized Parameters for Protection of a Model and Its Inference Input

Protecting a machine learning model and its inference inputs with secure computation is important for providing services with a valuable model. In this paper, we discuss how a model's parameter quantization works to protect the model and its inference inputs. To this end, we present an investigational protocol called MOTUS, based on ternary neural networks whose parameters are ternarized. Through extensive experiments with MOTUS, we found three key insights. First, ternary neural networks can avoid deterioration in accuracy due to secure computation with modulo operations. Second, the increment of model parameter candidates significantly improves accuracy more than an existing technique for accuracy improvement, i.e., batch normalization. Third, protecting both a model and inference inputs reduces inference throughput by four to seven times to provide the same level of accuracy compared with existing protocols protecting only inference inputs. We have released our source code via GitHub.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Processing Computer Science-Computer Science (all)

CiteScore

1.20

自引率

0.00%

发文量