For collaborative inference through a cloud computing platform, it is sometimes essential for the client to shield its sensitive information from the cloud provider. In this paper, we introduce Ensembler, an extensible framework designed to substantially increase the difficulty of conducting model inversion attacks by adversarial parties. Ensembler leverages selective model ensemble on the adversarial server to obfuscate the reconstruction of the client's private information. Our experiments demonstrate that Ensembler can effectively shield input images from reconstruction attacks, even when the client only retains one layer of the network locally. Ensembler significantly outperforms baseline methods by up to 43.5% in structural similarity while only incurring 4.8% time overhead during inference.

翻译：在通过云计算平台进行协同推理时，客户端有时必须将其敏感信息与云服务提供商隔离。本文提出Ensembler——一个可扩展框架，旨在显著提高对抗方实施模型逆向攻击的难度。Ensembler通过在对抗性服务器上实施选择性模型集成，混淆客户端隐私信息的重建过程。实验表明，即使客户端仅在本地保留网络的一层，Ensembler仍能有效保护输入图像免受重建攻击。在推理过程中仅产生4.8%时间开销的情况下，Ensembler在结构相似性指标上最高超越基线方法达43.5%。