Security and Communication Networks

Research Article

A Defense Framework for Privacy Risks in Remote Machine Learning Service

Algorithm 1

Synthesis of the uploading data.
Input: user’s original data X for remote training; the test dataset for evaluation; α is the perturbation rate;
is the dataset constructed by the adversarial examples which synthesized by the generator;
N is the size of X;
𝜖 is the Euclidean distance threshold between the adversarial example and the original data. m is the maximize number of adversarial perturbation rounds.
Output: h,
init the adversarial model h, the simulator’s model f, the evaluation model ;
;
random choose ;
;
for(i = 0; i < m; i++){//to generate the adversarial examples
 Train(h);
 for(j = 0; j < S; j++){
  ;
  for(k = 0; k < size(); k++) {
   ;
   //Euclidean distance
   if(dk ≤ 𝜖){
    
    if(lk < Lk){
     Lk = lk
     
    }
   }
  }
  
  if(cross entropy(, ) > cross entropy
  
 }
Return h,