Deep learning classifiers are crucial in the age of artificial intelligence. The device-edge-based collaborative inference has been widely adopted as an efficient framework for promoting its applications in IoT and 5G/6G networks. However, it suffers from accuracy degradation under non-i.i.d. data distribution and privacy disclosure. For accuracy degradation, direct use of transfer learning and split learning is high cost and privacy issues remain. For privacy disclosure, cryptography-based approaches lead to a huge overhead. Other lightweight methods assume that the ground truth is non-sensitive and can be exposed. But for many applications, the ground truth is the user's crucial privacy-sensitive information. In this paper, we propose a framework of Roulette, which is a task-oriented semantic privacy-preserving collaborative inference framework for deep learning classifiers. More than input data, we treat the ground truth of the data as private information. We develop a novel paradigm of split learning where the back-end DNN is frozen and the front-end DNN is retrained to be both a feature extractor and an encryptor. Moreover, we provide a differential privacy guarantee and analyze the hardness of ground truth inference attacks. To validate the proposed Roulette, we conduct extensive performance evaluations using realistic datasets, which demonstrate that Roulette can effectively defend against various attacks and meanwhile achieve good model accuracy. In a situation where the non-i.i.d. is very severe, Roulette improves the inference accuracy by 21\% averaged over benchmarks, while making the accuracy of discrimination attacks almost equivalent to random guessing.

翻译：摘要：深度学习分类器在人工智能时代至关重要。基于设备-边缘的协同推理已被广泛采纳为促进其在物联网和5G/6G网络中应用的高效框架。然而，该方法在非独立同分布数据分布和隐私泄露问题下面临精度下降的挑战。针对精度下降问题，直接使用迁移学习和分割学习成本高昂且隐私问题未解。针对隐私泄露问题，基于密码学的方法会带来巨大开销，而其他轻量化方法假设真实标签为非敏感信息并允许公开。但对于许多应用而言，真实标签恰恰是用户关键的隐私敏感信息。本文提出轮盘赌框架，这是一种面向深度学习分类器的任务导向型语义隐私保护协同推理框架。与仅关注输入数据不同，我们将数据的真实标签视为隐私信息。我们开发了一种新颖的分割学习范式，其中后端深度神经网络被冻结，前端深度神经网络被重新训练以同时充当特征提取器和加密器。此外，我们提供了差分隐私保证，并分析了真实标签推断攻击的难度。为验证所提轮盘赌框架，我们使用真实数据集进行了大量性能评估，结果表明轮盘赌能有效抵御多种攻击，同时保持良好的模型精度。在非独立同分布分布极为严重的情况下，轮盘赌将推理精度相较基准平均提升21%，同时使判别攻击的精度几乎等同于随机猜测。