US Patent Application 18213746. PROTECTING DEEP LEARNED MODELS simplified abstract
Contents
PROTECTING DEEP LEARNED MODELS
Organization Name
Microsoft Technology Licensing, LLC
Inventor(s)
Sriram Srinivasan of Sammamish WA (US)
David Yuheng Zhao of Redmond WA (US)
Ming-Chieh Lee of Bellevue WA (US)
PROTECTING DEEP LEARNED MODELS - A simplified explanation of the abstract
- This abstract for appeared for US patent application number 18213746 Titled 'PROTECTING DEEP LEARNED MODELS'
Simplified Explanation
This abstract describes a technology that allows machine learning models to be used in both private and public domains. It involves applying operations to transform input data in a private domain, which is kept secret from third parties. The transformed input is then provided to a machine learning model that was trained using a modified training set. The model generates inferences using the transformed input. The technology suggests using various transforms such as matrix multiplication, converting between different domains (e.g., time to frequency), and partitioning a neural network model to have a private input and hidden layer, while the remaining layers are public.
Original Abstract Submitted
Apparatus and methods are disclosed for using machine learning models with private and public domains. Operations can be applied to transform input to a machine learning model in a private domain that is kept secret or otherwise made unavailable to third parties. In one example of the disclosed technology, a method includes applying a private transform to produce transformed input, providing the transformed input to a machine learning model that was trained using a training set modified by the private transform, and generating inferences with the machine learning model using the transformed input. Examples of suitable transforms that can be employed include matrix multiplication, time or spatial domain to frequency domains, and partitioning a neural network model such that an input and at least one hidden layer form part of the private domain, while the remaining layers form part of the public domain.
