A Defense Framework for Privacy Risks in Remote Machine Learning Service
Algorithm 1
Synthesis of the uploading data.
Input: user’s original data X for remote training; the test dataset for evaluation; α is the perturbation rate;
is the dataset constructed by the adversarial examples which synthesized by the generator;
N is the size of X;
𝜖 is the Euclidean distance threshold between the adversarial example and the original data. m is the maximize number of adversarial perturbation rounds.
Output: h,
init the adversarial model h, the simulator’s model f, the evaluation model ;
;
random choose ;
;
for(i = 0; i < m; i++){//to generate the adversarial examples