SafetyNets: Verifiable Execution of Deep Neural Networks on an Untrusted Cloud
Authors: Zahra Ghodsi, Tianyu Gu, Siddharth Garg
NeurIPS 2017 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our empirical results on threeand four-layer deep neural networks demonstrate the run-time costs of Safety Nets for both the client and server are low. Safety Nets detects any incorrect computations of the neural network by the untrusted server with high probability, while achieving state-of-the-art accuracy on the MNIST digit recognition (99.4%) and TIMIT speech recognition tasks (75.22%). |
| Researcher Affiliation | Academia | Zahra Ghodsi, Tianyu Gu, Siddharth Garg New York University {zg451, tg1553, sg175}@nyu.edu |
| Pseudocode | No | The paper describes protocols mathematically and conceptually but does not include structured pseudocode or algorithm blocks clearly labeled as such. |
| Open Source Code | No | The paper mentions using 'Thaler’s code for the IP protocol' and 'our own implementation of the IP for quadratic activations,' but it does not provide concrete access (link, explicit release statement) to the source code for their implementation. |
| Open Datasets | Yes | Handwritten digit recognition on the MNIST dataset, using 50,000 training, 10,000 validation and 10,000 test images. (2) A more challenging version of digit recognition, MNIST-Back-Rand, an artificial dataset generated by inserting a random background into MNIST image [1]. The dataset has 10,000 training, 2,000 validation and 50,000 test images. ZCA whitening is applied to the raw dataset before training and testing [4]. (3) Speech recognition on the TIMIT dataset, split into a training set with 462 speakers, a validation set with 144 speakers and a testing set with 24 speakers. |
| Dataset Splits | Yes | Handwritten digit recognition on the MNIST dataset, using 50,000 training, 10,000 validation and 10,000 test images. (2) A more challenging version of digit recognition, MNIST-Back-Rand, an artificial dataset generated by inserting a random background into MNIST image [1]. The dataset has 10,000 training, 2,000 validation and 50,000 test images. ZCA whitening is applied to the raw dataset before training and testing [4]. (3) Speech recognition on the TIMIT dataset, split into a training set with 462 speakers, a validation set with 144 speakers and a testing set with 24 speakers. |
| Hardware Specification | Yes | Our implementation of Safety Nets uses Thaler s code for the IP protocol for matrix multiplication [18] and our own implementation of the IP for quadratic activations. We use an Intel Core i7-4600U CPU running at 2.10 GHz for benchmarking. |
| Software Dependencies | No | The paper mentions using 'Thaler’s code for the IP protocol for matrix multiplication [18] and our own implementation of the IP for quadratic activations,' but it does not specify version numbers for these or other software dependencies. |
| Experiment Setup | Yes | The hyper-parameters for training are selected based on the validation datasets. The Adam Optimizer is used for CNNs with learning rate 0.001, exponential decay and dropout probability 0.75. The Ada Grad optimizer is used for Fc NNs with a learning rate of 0.01 and dropout probability 0.5. We found that norm gradient clipping was required for training the CNN-2-Quad and Fc NN-3-Quad networks, since the gradient values for quadratic activations can become large. |