A Secure And Verifiable Transfer Learning Framework During Fine-tuning

Transfer learning can allow us to reuse deep neural network models that we have previously trained on a wide range of data for related tasks using the fine-tuning method.It is a promising direction to deal with the model training problem for the areas with data scarcity,insufficiently labeled data,and fast model iteration.However,training neural networks with transfer learning is computationally intensive and needs high resources.Therefore,Machine Learning as a Service(MLaas)allows clients with limited resources to outsource their expensive transfer learning tasks to powerful clouds.Despite the huge benefits,current MLaaS solutions still lack strong assurance on 1)service correctness(i.e.,whether the MLaaS cloud works as expected);2)trustworthiness on computations(i.e.,how can a client be sure that the cloud has appropriately calculated without information leakage?).Without these assurances,unfaithful cloud providers can return improperly executed fine-tuned models or partially train the selected parameters in transfer learning while using the fine-tuning method to lower their computing load or intentionally manipulate the newly trained model.Moreover,it is hard to argue for the broad adoption of outsourced transfer learning and fine-timing tasks to the clients.To address this concern,in this thesis,we design a framework that supports efficient computational correctness of the transfer learning result while using the fine-tuning method.The proposed framework enables clients to verify the fine-tuning result sent by an untrust,ed cloud.Then,the clients can be assured that the transfer learning tasks while using the fine-tuning method are correctly executed on the untrusted cloud.We strategically use non-interactive zero-knowledge proof as a baseline,a verifiable transfer learning framework that can generate corresponding proof of the fine-tuning process on the cloud side.The client can validate the proof to ensure that the cloud server only fine-tunes the parameters that have been selected.In addition,we present the security analysis of the proposed work.Finally,extensive experiments are conducted on well-known datasets and have shown the superior performance of the proposed framework.It only takes 64.411 seconds to generate the proof on the LeNet5 model over the CIFAR-10 dataset,which is≈ 2x faster than existing works.The proof size is 0.31 kilobytes,and the verifier time is only 10.736 milliseconds.