<p>Edge-cloud inference often transmits compressed intermediate embeddings instead of raw sensor data to reduce communication overhead and device-side computation. However, these compressed semantic embeddings can still retain sensitive information and leak user identity. In this paper, we study identity leakage from compressed semantic embeddings in edge-cloud inference, focusing on a practically relevant setting where the main task is human activity recognition and the sensitive attribute is user identity. We propose <i>Neighbor Swapping</i>, a lightweight post-hoc leakage-reduction mechanism that replaces a compressed embedding with a semantically nearby embedding sampled from a local neighborhood in the learned representation space. Unlike unstructured additive perturbations, the method performs semantically coherent replacement directly in embedding space without increasing the transmitted dimensionality.We evaluate the method on UCI HAR and WISDM under a corrected fair non-oracle protocol, where neighborhood construction uses predicted task labels and a training-only reference bank. Under strongest-attacker reporting over an evaluated family of embedding attackers, which we use as a conservative summary because the strongest attacker can vary across mechanisms, Neighbor Swapping consistently reduces identity leakage relative to Compression-Only while preserving main-task accuracy at the reported precision. On UCI HAR with the main backbone CNN-Small, strongest-attack accuracy drops from 0.5818 to 0.4325, while main-task accuracy remains 0.9203 at the reported precision. On WISDM, strongest-attack accuracy drops from 0.8888 to 0.7705, while main-task accuracy remains 0.2594 at the reported precision. The same qualitative privacy–utility pattern also holds for the additional backbone CNN-Large. Further results show that the leakage reduction is statistically robust across random seeds, that the swap probability <InlineEquation ID="IEq1"><EquationSource Format="TEX">\(p_{\mathrm{swap}}\)</EquationSource></InlineEquation> provides an interpretable privacy-control knob, and that deployment overhead remains small in the evaluated environment without increasing transmitted bytes per sample. Overall, the results show that semantically structured local replacement can provide an empirical reduction in identity leakage under fixed communication cost in the evaluated setting, rather than a formal privacy guarantee.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Semantic neighbor swapping for privacy-aware edge-cloud inference

  • Delong Li,
  • Baihe Ma,
  • Yanna Jiang,
  • Chen Li,
  • Xuelei Qi,
  • Xu Wang,
  • Feifan Wang,
  • Bin Liang,
  • Guangsheng Yu

摘要

Edge-cloud inference often transmits compressed intermediate embeddings instead of raw sensor data to reduce communication overhead and device-side computation. However, these compressed semantic embeddings can still retain sensitive information and leak user identity. In this paper, we study identity leakage from compressed semantic embeddings in edge-cloud inference, focusing on a practically relevant setting where the main task is human activity recognition and the sensitive attribute is user identity. We propose Neighbor Swapping, a lightweight post-hoc leakage-reduction mechanism that replaces a compressed embedding with a semantically nearby embedding sampled from a local neighborhood in the learned representation space. Unlike unstructured additive perturbations, the method performs semantically coherent replacement directly in embedding space without increasing the transmitted dimensionality.We evaluate the method on UCI HAR and WISDM under a corrected fair non-oracle protocol, where neighborhood construction uses predicted task labels and a training-only reference bank. Under strongest-attacker reporting over an evaluated family of embedding attackers, which we use as a conservative summary because the strongest attacker can vary across mechanisms, Neighbor Swapping consistently reduces identity leakage relative to Compression-Only while preserving main-task accuracy at the reported precision. On UCI HAR with the main backbone CNN-Small, strongest-attack accuracy drops from 0.5818 to 0.4325, while main-task accuracy remains 0.9203 at the reported precision. On WISDM, strongest-attack accuracy drops from 0.8888 to 0.7705, while main-task accuracy remains 0.2594 at the reported precision. The same qualitative privacy–utility pattern also holds for the additional backbone CNN-Large. Further results show that the leakage reduction is statistically robust across random seeds, that the swap probability \(p_{\mathrm{swap}}\) provides an interpretable privacy-control knob, and that deployment overhead remains small in the evaluated environment without increasing transmitted bytes per sample. Overall, the results show that semantically structured local replacement can provide an empirical reduction in identity leakage under fixed communication cost in the evaluated setting, rather than a formal privacy guarantee.