https://junfei-z.github.io/tags/privacy/PrivacyHugo Blox Builder (https://hugoblox.com)en-usTue, 20 Jan 2026 00:00:00 +0000https://junfei-z.github.io/media/icon_hu70bcee51a3cd7a7338014254a2e0c844_1401285_512x512_fill_lanczos_center_3.pnghttps://junfei-z.github.io/tags/privacy/https://junfei-z.github.io/samples/2_ic_interview/Tue, 20 Jan 2026 00:00:00 +0000https://junfei-z.github.io/samples/2_ic_interview/<p>PhD interview presentation for Imperial College Computing, covering research interests in cloud-edge collaborative AI inference.<br> Topics include privacy-aware inference routing, distributed LLM deployment on heterogeneous edge devices, and system-level optimization for resource-constrained environments.</p>https://junfei-z.github.io/research/prism/Wed, 30 Jul 2025 00:00:00 +0000https://junfei-z.github.io/research/prism/<a href="https://junfei-z.github.io/prism_full.pdf" target="_blank"> <img src="https://img.shields.io/badge/View%20Full%20Paper-PDF-red?logo=adobeacrobatreader&logoColor=white" alt="PDF"> </a> <p>📄 [Accepted at 2026 AAAI Conference on Artificial Intelligence] — To appear</p> <p>This project introduces <strong>PRISM</strong>, a context-aware cloud–edge inference framework that balances privacy, utility, and efficiency for <strong>Large Language Model (LLM)</strong> services. It addresses the key limitations of uniform privacy mechanisms by adapting protection based on <strong>semantic sensitivity</strong> of user inputs.</p> <h2 id="objectives">Objectives</h2> <p>The primary goal is to enable <strong>privacy-preserving LLM inference</strong> in real-world deployments, where sensitive user prompts are routed intelligently between edge devices and the cloud. PRISM is designed to:</p> <ul> <li>Avoid unnecessary noise for benign inputs</li> <li>Preserve semantic coherence in sensitive prompts</li> <li>Reduce latency and energy consumption without compromising utility</li> </ul> <h2 id="key-contributions">Key Contributions</h2> <h3 id="semantic-sensitive-execution-routing">Semantic-Sensitive Execution Routing</h3> <ul> <li>A <strong>soft gating controller</strong> on the edge scores entity-level risk using contextual features (e.g., named entities, first-person references)</li> <li>Routes prompts to one of three execution paths: <ul> <li><strong>Edge-only</strong> for high-risk prompts</li> <li><strong>Cloud-only</strong> for low-risk prompts</li> <li><strong>Cloud–Edge Collaboration</strong> for mid-sensitivity prompts</li> </ul> </li> </ul> <h3 id="adaptive-two-layer-local-differential-privacy-ldp">Adaptive Two-Layer Local Differential Privacy (LDP)</h3> <ul> <li>Each sensitive entity is obfuscated through: <ul> <li>Category-level perturbation (e.g., masking &ldquo;Diagnosis&rdquo;)</li> <li>Value-level perturbation (e.g., replacing &ldquo;HIV&rdquo; with &ldquo;Flu&rdquo;)</li> </ul> </li> <li>Privacy budget allocation is guided by a sensitivity weight model ensuring <strong>fine-grained protection without semantic collapse</strong></li> </ul> <h3 id="semantic-sketch-collaboration-protocol">Semantic Sketch Collaboration Protocol</h3> <ul> <li>Noisy prompts are processed in the cloud to generate <strong>semantic sketches</strong> (e.g., high-level abstract responses)</li> <li>The edge-side <strong>Small Language Model (SLM)</strong> refines these sketches using the original context</li> <li>Enables <strong>high-utility responses under strong privacy constraints</strong></li> </ul> <h2 id="results--insights">Results &amp; Insights</h2> <ul> <li>PRISM achieves <strong>up to 3× lower latency</strong> and <strong>2.5× lower energy consumption</strong> than baselines like Uniform and Selective LDP</li> <li>Delivers <strong>higher LLM-Judge scores (up to 7.2)</strong> under strong privacy budgets</li> <li>Outperforms state-of-the-art methods (e.g., Split-and-Denoise, DP-Forward) in terms of both utility and efficiency</li> <li>Robust across <strong>8 different model combinations</strong> (e.g., GPT-4o + StableLM)</li> </ul> <table> <thead> <tr> <th>Method</th> <th>Ct.(s)</th> <th>Ec.(J)</th> <th>IQ.</th> </tr> </thead> <tbody> <tr> <td>PRISM</td> <td>7.92</td> <td>687.2</td> <td>6.88</td> </tr> <tr> <td>Uniform LDP</td> <td>20.56</td> <td>1707.6</td> <td>5.72</td> </tr> <tr> <td>Selective LDP</td> <td>21.22</td> <td>1770.8</td> <td>5.94</td> </tr> <tr> <td>Edge-Only</td> <td>17.84</td> <td>1573.9</td> <td>5.09</td> </tr> <tr> <td>Cloud-Only</td> <td><strong>5.13</strong></td> <td><strong>296.3</strong></td> <td><strong>8.14</strong></td> </tr> </tbody> </table> <h2 id="broader-impact">Broader Impact</h2> <p>PRISM enables <strong>selective privacy-preserving inference</strong> for sensitive domains such as <strong>medical, financial, and personal assistants</strong>, paving the way for:</p> <ul> <li>Deploying LLMs responsibly in <strong>privacy-critical environments</strong></li> <li>Reducing energy costs in <strong>cloud-edge infrastructure</strong></li> <li>Bridging the tradeoff between <strong>privacy and inference quality</strong></li> </ul>https://junfei-z.github.io/zh/research/prism/Wed, 30 Jul 2025 00:00:00 +0000https://junfei-z.github.io/zh/research/prism/<a href="https://junfei-z.github.io/prism_full.pdf" target="_blank"> <img src="https://img.shields.io/badge/View%20Full%20Paper-PDF-red?logo=adobeacrobatreader&logoColor=white" alt="PDF"> </a> <p>[已被 2026 AAAI Conference on Artificial Intelligence 录用] — 即将发表</p> <p>本项目提出了 <strong>PRISM</strong>，一个上下文感知的云-边推理框架，为 <strong>Large Language Model (LLM)</strong> 服务在隐私、效用和效率之间取得平衡。它通过根据用户输入的<strong>语义敏感度</strong>自适应调整保护策略，解决了统一隐私机制的关键局限。</p> <h2 id="目标">目标</h2> <p>主要目标是在实际部署中实现<strong>隐私保护的 LLM 推理</strong>，将敏感的用户提示智能地路由到边缘设备和云端之间。PRISM 旨在：</p> <ul> <li>避免对无害输入添加不必要的噪声</li> <li>保持敏感提示的语义连贯性</li> <li>在不损害效用的前提下降低延迟和能耗</li> </ul> <h2 id="主要贡献">主要贡献</h2> <h3 id="语义敏感的执行路由">语义敏感的执行路由</h3> <ul> <li>边缘端的<strong>软门控控制器</strong>利用上下文特征（例如命名实体、第一人称引用）评估实体级风险</li> <li>将提示路由到三条执行路径之一： <ul> <li><strong>仅边缘</strong>：用于高风险提示</li> <li><strong>仅云端</strong>：用于低风险提示</li> <li><strong>云-边协作</strong>：用于中等敏感度提示</li> </ul> </li> </ul> <h3 id="自适应两层-local-differential-privacy-ldp">自适应两层 Local Differential Privacy (LDP)</h3> <ul> <li>每个敏感实体通过以下方式进行混淆： <ul> <li>类别级扰动（例如掩蔽&quot;诊断&quot;）</li> <li>值级扰动（例如将&quot;HIV&quot;替换为&quot;Flu&quot;）</li> </ul> </li> <li>隐私预算分配由敏感度权重模型引导，确保<strong>细粒度保护且不造成语义崩塌</strong></li> </ul> <h3 id="语义草图协作协议">语义草图协作协议</h3> <ul> <li>带噪声的提示在云端处理，生成<strong>语义草图</strong>（例如高层次的抽象回复）</li> <li>边缘端的 <strong>Small Language Model (SLM)</strong> 利用原始上下文精化这些草图</li> <li>在<strong>强隐私约束下实现高效用回复</strong></li> </ul> <h2 id="结果与洞察">结果与洞察</h2> <ul> <li>PRISM 相比 Uniform 和 Selective LDP 等基线方法，实现了<strong>最高 3 倍的延迟降低</strong>和 <strong>2.5 倍的能耗降低</strong></li> <li>在强隐私预算下提供<strong>更高的 LLM-Judge 评分（最高 7.2）</strong></li> <li>在效用和效率方面均优于现有最先进方法（例如 Split-and-Denoise、DP-Forward）</li> <li>在 <strong>8 种不同模型组合</strong>（例如 GPT-4o + StableLM）上表现稳健</li> </ul> <table> <thead> <tr> <th>Method</th> <th>Ct.(s)</th> <th>Ec.(J)</th> <th>IQ.</th> </tr> </thead> <tbody> <tr> <td>PRISM</td> <td>7.92</td> <td>687.2</td> <td>6.88</td> </tr> <tr> <td>Uniform LDP</td> <td>20.56</td> <td>1707.6</td> <td>5.72</td> </tr> <tr> <td>Selective LDP</td> <td>21.22</td> <td>1770.8</td> <td>5.94</td> </tr> <tr> <td>Edge-Only</td> <td>17.84</td> <td>1573.9</td> <td>5.09</td> </tr> <tr> <td>Cloud-Only</td> <td><strong>5.13</strong></td> <td><strong>296.3</strong></td> <td><strong>8.14</strong></td> </tr> </tbody> </table> <h2 id="更广泛的影响">更广泛的影响</h2> <p>PRISM 为<strong>医疗、金融和个人助理</strong>等敏感领域提供了<strong>选择性隐私保护推理</strong>，为以下方向铺平了道路：</p> <ul> <li>在<strong>隐私关键环境</strong>中负责任地部署 LLM</li> <li>降低<strong>云-边基础设施</strong>的能耗成本</li> <li>弥合<strong>隐私与推理质量</strong>之间的权衡</li> </ul>