Saved in:
Bibliographic Details
Main Authors: Guo, Zinan, Wang, Zihan, Yan, Chuan, Wan, Liuhuo, Ma, Ethan, Bai, Guangdong
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.06644
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918484130136064
author Guo, Zinan
Wang, Zihan
Yan, Chuan
Wan, Liuhuo
Ma, Ethan
Bai, Guangdong
author_facet Guo, Zinan
Wang, Zihan
Yan, Chuan
Wan, Liuhuo
Ma, Ethan
Bai, Guangdong
contents As deep learning inference is increasingly deployed in shared and cloud-based settings, a growing concern is input repurposing, in which data submitted for one task is reused by unauthorized models for another. Existing privacy defenses largely focus on restricting data access, but provide limited control over what downstream uses a released representation can still support. We propose a feature extraction framework that suppresses cross-model transfer while preserving accuracy for a designated classifier. The framework employs a variational latent bottleneck, trained with a task-driven cross-entropy objective and KL regularization, but without any pixel-level reconstruction loss, to encode inputs into a compact latent space. A dynamic binary mask, computed from per-dimension KL divergence and gradient-based saliency with respect to the frozen target model, suppresses latent dimensions that are uninformative for the intended task. Because saliency computation requires gradient access, the encoder is trained in a white-box setting, whereas inference requires only a forward pass through the frozen target model. On CIFAR-100, the processed representations retain strong utility for the designated classifier while reducing the accuracy of all unintended classifiers to below 2%, yielding a suppression ratio exceeding 45 times relative to unintended models. Preliminary experiments on CIFAR-10, Tiny ImageNet, and Pascal VOC provide exploratory evidence that the approach extends across task settings, although further evaluation is needed to assess robustness against adaptive adversaries.
format Preprint
id arxiv_https___arxiv_org_abs_2604_06644
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Variational Feature Compression for Model-Specific Representations
Guo, Zinan
Wang, Zihan
Yan, Chuan
Wan, Liuhuo
Ma, Ethan
Bai, Guangdong
Computer Vision and Pattern Recognition
Machine Learning
As deep learning inference is increasingly deployed in shared and cloud-based settings, a growing concern is input repurposing, in which data submitted for one task is reused by unauthorized models for another. Existing privacy defenses largely focus on restricting data access, but provide limited control over what downstream uses a released representation can still support. We propose a feature extraction framework that suppresses cross-model transfer while preserving accuracy for a designated classifier. The framework employs a variational latent bottleneck, trained with a task-driven cross-entropy objective and KL regularization, but without any pixel-level reconstruction loss, to encode inputs into a compact latent space. A dynamic binary mask, computed from per-dimension KL divergence and gradient-based saliency with respect to the frozen target model, suppresses latent dimensions that are uninformative for the intended task. Because saliency computation requires gradient access, the encoder is trained in a white-box setting, whereas inference requires only a forward pass through the frozen target model. On CIFAR-100, the processed representations retain strong utility for the designated classifier while reducing the accuracy of all unintended classifiers to below 2%, yielding a suppression ratio exceeding 45 times relative to unintended models. Preliminary experiments on CIFAR-10, Tiny ImageNet, and Pascal VOC provide exploratory evidence that the approach extends across task settings, although further evaluation is needed to assess robustness against adaptive adversaries.
title Variational Feature Compression for Model-Specific Representations
topic Computer Vision and Pattern Recognition
Machine Learning
url https://arxiv.org/abs/2604.06644