“…In other words, the modified DL models should be able to be trained using the encrypted data [90], since applications require the traffic data to be encrypted for privacy preservation. In this strand, the modification of DL models usually needs to consider the methods of traditional privacy preservation technologies such as homomorphic encryption [94], secure multi-party computation [95], and differential privacy [96]. A number of modified DL models have been developed, e.g., E2DM [85] and Gazelle [86] for the cases under homomorphic encryption, DeepSecure [87] and ABY3 [88] for secure multiparty computation, and PATE [89] for differential privacy based scenarios.…”