Split inference partitions a deep neural network (DNN) to run the early part at the edge and the later part in the cloud. This meets two key requirements for on-device machine learning: input privacy and compute efficiency. Still, an open question in split inference is output privacy, given that the output of a DNN is visible to the cloud. While encrypted computing can protect output privacy, it mandates extensive computation and communication resources. In this paper, we introduce "Salted DNNs": a novel method that lets clients control the semantic interpretation of DNN output at inference time while maintaining accuracy and efficiency very close to that of a standard DNN. Experimental evaluations conducted on both image and sensor data show that Salted DNNs achieve classification accuracy very close to standard DNNs, particularly when the salted layer is positioned within the early part to meet the requirements of split inference. Our method is general and can be applied to various DNNs. We open-source our code and results, as a benchmark for future studies.

翻译：分割推理将深度神经网络（DNN）划分为两部分，早期部分在边缘端运行，后期部分在云端运行。这满足了设备端机器学习的两个关键需求：输入隐私性和计算效率。然而，分割推理中依然存在一个开放性问题——输出隐私性，因为DNN的输出对云端可见。虽然加密计算可以保护输出隐私，但需要消耗大量的计算和通信资源。本文提出"盐渍DNN"：一种新颖方法，允许客户端在推理时控制DNN输出的语义解读，同时保持与标准DNN高度接近的准确性和效率。在图像和传感器数据上的实验评估表明，当盐渍层位于满足分割推理需求的早期部分时，盐渍DNN的分类准确率与标准DNN极为接近。该方法具有通用性，可应用于各类DNN。我们开源了代码和实验结果，作为未来研究的基准。