Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Over-the-Air Collaborative Inference with Feature Differential Privacy

Mohamed Seif, Yuqi Nie, Andrea Goldsmith, Vincent Poor

TL;DR

This work tackles privacy leakage in edge-assisted collaborative inference over wireless networks by introducing an over-the-air transmission scheme that leverages channel superposition, device sampling, and aggregated perturbation to protect locally extracted features. It provides per-device feature differential privacy guarantees with budgets $\epsilon_k$ and $\delta_k$, derives an MSE-based accuracy bound, and offers a margin-driven lower bound on classification performance. A key contribution is the tailored privacy mechanism using per-device weights $w_k$ and clipping thresholds $C_k$, which improves utility under stringent privacy compared to uniform DP baselines. The approach is validated on ModelNet with a Multi-view CNN architecture, showing notable gains when privacy levels are customized, thereby enabling practical, private distributed inference with reduced communication overhead in wireless networks.

Abstract

Collaborative inference in next-generation networks can enhance Artificial Intelligence (AI) applications, including autonomous driving, personal identification, and activity classification. This method involves a three-stage process: a) data acquisition through sensing, b) feature extraction, and c) feature encoding for transmission. Transmission of the extracted features entails the potential risk of exposing sensitive personal data. To address this issue, in this work a new privacy-protecting collaborative inference mechanism is developed. Under this mechanism, each edge device in the network protects the privacy of extracted features before transmitting them to a central server for inference. This mechanism aims to achieve two main objectives while ensuring effective inference performance: 1) reducing communication overhead, and 2) maintaining strict privacy guarantees during features transmission.

Over-the-Air Collaborative Inference with Feature Differential Privacy

TL;DR

This work tackles privacy leakage in edge-assisted collaborative inference over wireless networks by introducing an over-the-air transmission scheme that leverages channel superposition, device sampling, and aggregated perturbation to protect locally extracted features. It provides per-device feature differential privacy guarantees with budgets and , derives an MSE-based accuracy bound, and offers a margin-driven lower bound on classification performance. A key contribution is the tailored privacy mechanism using per-device weights and clipping thresholds , which improves utility under stringent privacy compared to uniform DP baselines. The approach is validated on ModelNet with a Multi-view CNN architecture, showing notable gains when privacy levels are customized, thereby enabling practical, private distributed inference with reduced communication overhead in wireless networks.

Abstract

Collaborative inference in next-generation networks can enhance Artificial Intelligence (AI) applications, including autonomous driving, personal identification, and activity classification. This method involves a three-stage process: a) data acquisition through sensing, b) feature extraction, and c) feature encoding for transmission. Transmission of the extracted features entails the potential risk of exposing sensitive personal data. To address this issue, in this work a new privacy-protecting collaborative inference mechanism is developed. Under this mechanism, each edge device in the network protects the privacy of extracted features before transmitting them to a central server for inference. This mechanism aims to achieve two main objectives while ensuring effective inference performance: 1) reducing communication overhead, and 2) maintaining strict privacy guarantees during features transmission.
Paper Structure (10 sections, 2 theorems, 12 equations, 3 figures, 2 algorithms)

This paper contains 10 sections, 2 theorems, 12 equations, 3 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. System Model & Problem Statement
  3. Communication Channel Model
  4. Distributed Inference Model
  5. Main Reuslts & Discussions
  6. Proposed Transmission Scheme
  7. Feature differential privacy analysis
  8. Classification Accuracy
  9. Experiments and Performance Analysis
  10. Conclusions

Key Result

Theorem 1

(Privacy Guarantee) For each edge device $k$ participates with probability $p_{k} \geq 0$ and utilizes local mechanism with an importance weight $w_{k} \geq 0$. The privacy guarantee for the $k$th feature is given as for any $\delta, \delta' \in (0,1]$ such that $\operatorname{Pr}(|\mu - \bar{\mu}| \geq t) \leq \delta'$ where $\mu \triangleq \sum_{i = 1}^{K} \tau_{i} \sigma_{i}^{2}$, $\tau_{i} \s

Figures (3)

  • Figure 1: Illustration of the private task-inference framework: Each edge device extracts features from the observed input that preserves some relevant information for classification while satisfies rigorous feature DP levels. Then, each device forwards the processed features over a communication channel to be processed by the central inference server.
  • Figure 2: Impact of customizing privacy levels on the classification accuracy for $r = q \times 7 \times 7$, where $q = 16$.
  • Figure 3: Impact of customizing privacy levels on the classification accuracy for $r = q \times 7 \times 7$, where $q = 512$.

Theorems & Definitions (5)

  • Definition 1: $(\epsilon, \delta)$-feature DP
  • Theorem 1
  • Remark 1
  • Remark 2
  • Theorem 2: Classification Accuracy