Merge pull request #283 from Hanyuan9766/proposal/203

OSPP-implemention-Proposal-PIPL-Compliant-Cloud-Edge-Collaborative-Privacy-Preserving-Prompt-Processing-Framework-203

Author: kubeedge-bot

examples/PIPL/edge-cloud_collaborative_learning_bench/README.md

@@ -0,0 +1,170 @@
+# PIPL-Compliant Cloud-Edge Collaborative Privacy-Preserving Prompt Processing Framework
+
+This example implements a PIPL-compliant cloud-edge collaborative privacy-preserving LLM inference workflow validated with the ChnSentiCorp-Lite dataset, including:
+
+- Edge-first inference with hard sample mining
+- Adaptive privacy desensitization (regex, NER masking, differential privacy)
+- Privacy and performance metrics visualization
+- Zero raw text cross-border transmission
+- Real-time PIPL compliance verification and audit logging
+
+## Directory Structure
+
+```
+edge-cloud_collaborative_learning_bench/
+├── benchmarkingjob.yaml                    # Benchmarking job configuration
+├── README.md                               # Project documentation
+├── requirements.txt                        # Python dependencies
+├── test_algorithms/                        # Test algorithms directory
+│   ├── algorithm.yaml                      # Algorithm configuration
+│   ├── privacy_preserving_llm/            # Privacy-preserving LLM main module
+│   │   ├── __init__.py
+│   │   └── privacy_preserving_llm.py
+│   ├── privacy_detection/                  # Privacy detection module
+│   │   ├── __init__.py
+│   │   ├── pipl_classifier.py
+│   │   ├── pii_detector.py
+│   │   └── risk_evaluator.py
+│   └── privacy_encryption/                 # Privacy encryption module
+│       ├── __init__.py
+│       ├── differential_privacy.py
+│       ├── saliency_masking.py
+│       ├── dimensionality_reduction.py
+│       └── compliance_monitor.py
+└── testenv/                               # Test environment directory
+    ├── testenv.yaml                       # Test environment configuration
+    ├── privacy_metrics.py                 # Privacy evaluation metrics
+    └── performance_metrics.py             # Performance evaluation metrics
+```
+
+## Project Background
+
+The rapid advancement of large language models (LLMs) has driven the adoption of cloud-edge collaborative inference architectures, where computationally intensive inference tasks are distributed between edge devices and cloud servers to optimize performance and resource utilization. However, this paradigm introduces critical privacy challenges, particularly when processing user prompts containing sensitive personal information. With the enactment of China's Personal Information Protection Law (PIPL), which mandates strict requirements for cross-border data transmission including "minimal necessity" and "security assurance" principles, organizations face an urgent need to develop privacy-preserving solutions that comply with regulatory requirements while maintaining inference quality. Traditional approaches often require transmitting raw text across borders, creating significant privacy risks and regulatory compliance challenges. This project addresses the fundamental tension between privacy protection and inference utility in cloud-edge collaborative LLM systems, particularly in scenarios requiring cross-border data processing.
+
+## Problems Solved
+
+This project addresses three critical problems in cloud-edge collaborative LLM inference systems. First, it eliminates the privacy leakage risks associated with raw text cross-border transmission by implementing a zero raw text transmission architecture that converts sensitive prompts into anonymized feature vectors before any cross-border transfer occurs. Second, it ensures PIPL compliance by implementing strict adherence to Articles 38-40 of PIPL, including minimal necessity checks, privacy budget management, and real-time compliance verification mechanisms. Third, it resolves the privacy-utility trade-off challenge by developing adaptive privacy desensitization techniques—including differential privacy, saliency-guided masking, and dimensionality reduction—that preserve inference quality while providing strong privacy guarantees. The framework prevents unauthorized reconstruction of original user data from transmitted anonymized vectors, ensuring that sensitive personal information such as names, identification numbers, and locations cannot be recovered by cloud-side adversaries or through membership inference attacks.
+
+## Project Results
+
+The project has achieved comprehensive results across multiple dimensions. Technically, it delivers a complete PIPL-compliant cloud-edge collaborative privacy-preserving prompt processing framework integrated into KubeEdge-Ianvs, featuring edge-first inference with hard sample mining, adaptive privacy desensitization (regex patterns, NER masking, and differential privacy), and real-time compliance monitoring with audit logging. The framework achieves zero raw text cross-border transmission while maintaining inference accuracy comparable to non-privacy-preserving baselines. Academically, it introduces ChnSentiCorp-Lite, the first PIPL-compliant cross-border LLM inference benchmark dataset with 3,000 samples, multi-layer privacy annotations, synthetic PII templates, and dedicated attack evaluation subsets for comprehensive privacy assessment. The project provides a complete evaluation methodology covering utility metrics (task accuracy, end-to-end latency), privacy metrics (Neighbourhood MIA, LOSS Attack, LiRA), and compliance metrics (minimal necessity validation, budget compliance checks, audit integrity verification). Practically, the framework demonstrates successful deployment with Llama-3-8B-Instruct on edge devices and GPT-4o-mini on cloud servers, showcasing production-ready capabilities for privacy-preserving LLM inference in regulated environments.
+
+## Core Features
+
+### 1. Edge-side Privacy Protection
+- Perform irreversible privacy transformation on user's sensitive input prompts
+- Convert raw text into anonymized feature vectors
+- Complete PII detection, entity recognition, and privacy classification locally
+
+### 2. Cloud-side Inference Processing
+- Perform inference based solely on anonymized vectors, never accessing raw text
+- Receive minimal necessary tags to execute core inference tasks
+- Ensure "Zero Raw Text Cross-Border" and "Minimal Tags Cross-Border"
+
+### 3. PIPL Compliance Assurance
+- Strictly adhere to "minimal necessity" and "security assurance" principles
+- Real-time privacy budget management and audit logging
+- Compliance verification before cross-border transmission
+
+## Model Configuration
+
+### Edge Model
+- **Model**: Llama-3-8B-Instruct (4-bit quantized)
+- **Function**: Local PIPL entity recognition, semantic classification, and anonymized vector generation
+- **Deployment**: Adapted for edge computing environments (e.g., NVIDIA T4)
+
+### Cloud Model
+- **Model**: GPT-4o-mini (API access)
+- **Function**: Receive anonymized vectors to perform core inference tasks
+- **Deployment**: OpenAI API format, ensuring scalable deployment
+
+## Dataset
+
+**ChnSentiCorp-Lite** - First PIPL-compliant cross-border LLM inference benchmark dataset
+
+- **Total Samples**: 3,000 (2,000 train, 500 validation, 500 test)
+- **Data Source**: Carefully curated subset of ChnSentiCorp Chinese sentiment analysis dataset
+- **Format**: JSONL with comprehensive privacy annotations
+- **Size**: ~15MB (lightweight for rapid evaluation)
+
+### Key Dataset Contributions
+- **Multi-layer Privacy Annotations**: Each sample tagged with privacy sensitivity levels and PII entity types
+- **Synthetic PII Templates**: 50+ built-in templates for dynamic generation of realistic Chinese personal information
+- **PIPL Compliance Mapping**: Granular annotations indicating cross-border transfer permissions under PIPL Articles 38-40
+- **Attack Evaluation Subsets**: Dedicated samples for Neighbourhood MIA, LOSS, and LiRA attack testing
+
+## Quick Start
+
+### Requirements
+- Python 3.8+
+- NVIDIA GPU (recommended T4 or higher)
+- API access keys (OpenAI or compatible services)
+
+### Installation Steps
+
+1. Install dependencies:
+```bash
+pip install -r requirements.txt
+```
+
+2. Configure API keys:
+```bash
+export EDGE_API_KEY="your_edge_model_api_key"
+export CLOUD_API_KEY="your_cloud_model_api_key"
+```
+
+3. Run benchmark:
+```bash
+ianvs -f benchmarkingjob.yaml
+```
+
+## Evaluation Methods
+
+### 1. Utility Evaluation
+- **Task Accuracy**: Compare accuracy changes before and after enabling privacy transformations
+- **End-to-End Latency**: Measure total time from user prompt input to receiving final response
+
+### 2. Privacy Evaluation
+- **Neighbourhood MIA**: Model-agnostic approach using semantically similar neighbor samples
+- **LOSS Attack**: Traditional loss-based membership inference baseline
+- **LiRA**: Advanced likelihood ratio test with theoretical optimality properties
+
+### 3. Compliance Evaluation
+- **Minimal Necessity Check**: Payload structure validation
+- **Budget Compliance Check**: ε accumulation validation
+- **Audit Integrity Check**: Log coverage verification
+
+## Technical Architecture
+
+The system adopts strict separation of duties between cloud and edge to ensure compliance of data processing workflows:
+
+1. **Privacy Detection Module**: Identifies and classifies privacy-sensitive information in user prompts
+2. **Privacy Encryption Module**: Performs irreversible transformation of sensitive prompts into anonymized vectors
+3. **Edge Inference**: Local privacy processing and preliminary inference
+4. **Cloud Collaboration**: Advanced inference based on anonymized data
+5. **Compliance Monitoring**: Real-time monitoring and audit logging
+
+## Privacy Protection Technologies
+
+- **Differential Privacy**: L2-norm clipping, Gaussian noise injection, budget tracking
+- **Saliency-Guided Masking**: Attention-based token importance with configurable suppression
+- **Dimensionality Reduction**: Johnson-Lindenstrauss projection with semantic preservation
+- **Compliance Verification**: Real-time monitoring and audit logging
+
+## Contributing
+
+We welcome contributions, bug reports, and improvement suggestions. Please follow these steps:
+
+1. Fork this repository
+2. Create a feature branch
+3. Commit your changes
+4. Push to the branch
+5. Create a Pull Request
+
+## License
+
+This project uses the same license as KubeEdge-Ianvs.
+
+## Contact
+
+For questions or suggestions, please contact us through GitHub Issues.

examples/PIPL/edge-cloud_collaborative_learning_bench/benchmarkingjob.yaml

@@ -0,0 +1,32 @@
+benchmarkingjob:
+  name: "pipl-compliant-privacy-preserving-llm-bench"
+  workspace: "./workspace-pipl-llm"
+  
+  testenv: "./testenv/testenv.yaml"
+  
+  test_object:
+    type: "algorithms"
+    algorithms:
+      - name: "privacy-preserving-llm-collaboration"
+        url: "./test_algorithms/algorithm.yaml"
+  
+  rank:
+    sort_by: [{"Accuracy": "descend"}, {"Privacy_Score": "descend"}]
+  
+  visualization:
+    mode: "selected_only"
+    method: "print_table"
+    selected_dataitem:
+      paradigms: ["all"]
+      modules: ["privacy_preserving_llm", "privacy_detection", "privacy_encryption"]
+      hyperparameters: [
+        "edge_model-model", "cloud_model-model", 
+        "privacy_detection-ner_model", "privacy_encryption-epsilon"
+      ]
+      metrics: [
+        "Accuracy", "F1_Score", "Privacy_Score", "PIPL_Compliance_Score",
+        "End_to_End_Latency", "Throughput", "Privacy_Budget_Consumption",
+        "MIA_Attack_Success_Rate", "Cross_Border_Payload_Size"
+      ]
+  
+  save_mode: "selected_and_all"

examples/PIPL/edge-cloud_collaborative_learning_bench/requirements.txt

@@ -0,0 +1,53 @@
+# Core Dependencies
+torch>=1.12.0
+transformers>=4.21.0
+numpy>=1.21.0
+pandas>=1.3.0
+scikit-learn>=1.0.0
+
+# Privacy Protection
+opacus>=1.3.0  # Differential Privacy
+scipy>=1.7.0   # Statistical computations
+
+# NLP and Text Processing
+spacy>=3.4.0
+regex>=2022.1.18
+nltk>=3.7
+
+# Model Quantization
+bitsandbytes>=0.37.0
+
+# API and HTTP
+openai>=0.27.0
+requests>=2.25.0
+httpx>=0.23.0
+
+# Configuration and Serialization
+PyYAML>=6.0
+jsonlines>=3.1.0
+
+# Metrics and Evaluation
+seaborn>=0.11.0
+matplotlib>=3.5.0
+plotly>=5.0.0
+
+# Utils
+tqdm>=4.64.0
+rich>=12.0.0
+loguru>=0.6.0
+
+# Privacy Attack Simulation
+membership-inference-attacks>=0.1.0
+
+# Chinese Language Processing
+jieba>=0.42.1
+
+# Cryptographic utilities (for secure hash and audit logging)
+cryptography>=3.4.8
+
+# Memory optimization
+psutil>=5.8.0
+
+# Configuration management
+python-dotenv>=0.19.0
+

examples/PIPL/edge-cloud_collaborative_learning_bench/test_algorithms/algorithm.yaml

@@ -0,0 +1,68 @@
+algorithm:
+  name: "privacy-preserving-llm-collaboration"
+  type: "privacy_preserving_llm"
+  url: "./privacy_preserving_llm/privacy_preserving_llm.py"
+  
+  edge_model:
+    name: "meta-llama/Llama-3-8B-Instruct"
+    quantization: "4bit"
+    api_base: "https://api.openai.com/v1"
+    api_key: "${EDGE_API_KEY}"
+    hidden_layer_index: -2
+    pooling_strategy: "mean"
+    max_length: 2048
+    device: "cuda"
+  
+  cloud_model:
+    name: "gpt-4o-mini"
+    api_base: "https://api.openai.com/v1"
+    api_key: "${CLOUD_API_KEY}"
+    vector_adapter:
+      input_dim: 64
+      hidden_dim: 512
+      output_dim: 4096
+    max_tokens: 1024
+    temperature: 0.7
+  
+  privacy_detection:
+    detection_methods:
+      regex_patterns: ["phone", "id_card", "email", "address", "name"]
+      ner_model: "hfl/chinese-bert-wwm-ext"
+      entity_types: ["PERSON", "ORG", "LOC", "PHONE", "EMAIL", "ID"]
+    risk_weights:
+      structured_pii: 0.8
+      named_entities: 0.6
+      semantic_context: 0.4
+    pipl_compliance:
+      cross_border_threshold: 0.5
+      high_sensitivity_threshold: 0.7
+  
+  privacy_encryption:
+    differential_privacy:
+      general:
+        epsilon: 1.2
+        delta: 0.00001
+        clipping_norm: 1.0
+        noise_multiplier: 1.1
+      high_sensitivity:
+        epsilon: 0.8
+        delta: 0.00001
+        clipping_norm: 0.5
+        noise_multiplier: 1.5
+    anonymization:
+      general_mask_ratio: 0.4
+      high_sensitivity_mask_ratio: 0.6
+      projection_method: "johnson_lindenstrauss"
+      target_dims: 64
+      saliency_threshold: 0.3
+    budget_management:
+      session_limit: 10.0
+      rate_limit: 5
+      audit_logging: true
+  
+  compliance:
+    pipl_version: "2021"
+    audit_level: "detailed"
+    cross_border_policy: "strict"
+    minimal_necessity: true
+