Differential Privacy Enabled Deep Skin Image Classification Model Development

Abstract

Abstract In the era of big data, the explosive growth in data volume has significantly accelerated the development of deep learning. Deep learning is the most promising area of AI, yielding significant advancements in medical image classification. However, healthcare data contains important sensitive information and so privacy and security are crucial to preventing unauthorized access. Note that there are several data protection rules from multiple regulations to penalize any kind of data security violation, for example, the data protection principles (Article 5.1-2) and the data protection by design and by default (Article 25) of the General Data Protection Regulation from the European Union. It is mandatory to follow such data regulations in developing and deploying deep models. Traditional deep learning models are vulnerable to several types of attacks, including membership inference attacks, where an adversary determines whether a specific data point was used in training; model extraction attacks, where attackers attempt to replicate the functionality of a trained model and reconstruction attacks, which aim to recover original training data from model outputs. To mitigate data privacy leakage in deep learning models, this dissertation will focus on development of “Differential Privacy enabled deep model” that can deal with the privacy leakage from the trained model. In this research primarily gradient clipping-based deep optimization algorithms (such as DP-SGD, DP-Adam) will experiment with. Automated classification of dermatological images will be the chosen application field for this research. Literature shows that several deep models exist which deal with dermatological image analysis and produce promising performance. However, the performance drop has not yet been explored adequately when such a model was trained with an optimization algorithm that preserves differential privacy. A number of deep neural networks is experimented with to assess performance degradation with the chosen secure training mechanism. Finally, this dissertation aims to develop a novel technique to build differential privacy enabled skin model. This dissertation is utilizing publicly available dermatological image datasets like ISIC 2018.