Differentially Private Label Protection in Split Learning

• URL: http://arxiv.org/abs/2203.02073v1
• Date: Fri, 4 Mar 2022 00:35:03 GMT
• Title: Differentially Private Label Protection in Split Learning
• Authors: Xin Yang, Jiankai Sun, Yuanshun Yao, Junyuan Xie, Chong Wang
• Abstract summary: Split learning is a distributed training framework that allows multiple parties to jointly train a machine learning model over partitioned data. Recent works showed that the implementation of split learning suffers from severe privacy risks that a semi-honest adversary can easily reconstruct labels. We propose textsfTPSL (Transcript Private Split Learning), a generic gradient based split learning framework that provides provable differential privacy guarantee.
• Score: 20.691549091238965
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Split learning is a distributed training framework that allows multiple parties to jointly train a machine learning model over vertically partitioned data (partitioned by attributes). The idea is that only intermediate computation results, rather than private features and labels, are shared between parties so that raw training data remains private. Nevertheless, recent works showed that the plaintext implementation of split learning suffers from severe privacy risks that a semi-honest adversary can easily reconstruct labels. In this work, we propose \textsf{TPSL} (Transcript Private Split Learning), a generic gradient perturbation based split learning framework that provides provable differential privacy guarantee. Differential privacy is enforced on not only the model weights, but also the communicated messages in the distributed computation setting. Our experiments on large-scale real-world datasets demonstrate the robustness and effectiveness of \textsf{TPSL} against label leakage attacks. We also find that \textsf{TPSL} have a better utility-privacy trade-off than baselines.

Related papers

• Federated Learning with Only Positive Labels by Exploring Label Correlations [78.59613150221597]
  Federated learning aims to collaboratively learn a model by using the data from multiple users under privacy constraints. In this paper, we study the multi-label classification problem under the federated learning setting. We propose a novel and generic method termed Federated Averaging by exploring Label Correlations (FedALC)
  arXiv  Detail & Related papers  (2024-04-24T02:22:50Z)
• UFPS: A unified framework for partially-annotated federated segmentation in heterogeneous data distribution [27.15020107838467]
  We propose a Unified Partially-labeled (UFPS) framework to segment pixels within all classes for partially-annotated datasets. Our comprehensive experiments on real medical datasets demonstrate better deconflicting and ability of UFPS compared with modified methods.
  arXiv  Detail & Related papers  (2023-11-16T10:30:27Z)
• Label Inference Attack against Split Learning under Regression Setting [24.287752556622312]
  We study the leakage in the scenario of the regression model, where the private labels are continuous numbers. We propose a novel learning-based attack that integrates gradient information and extra learning regularization objectives.
  arXiv  Detail & Related papers  (2023-01-18T03:17:24Z)
• Scalable Collaborative Learning via Representation Sharing [53.047460465980144]
  Federated learning (FL) and Split Learning (SL) are two frameworks that enable collaborative learning while keeping the data private (on device) In FL, each data holder trains a model locally and releases it to a central server for aggregation. In SL, the clients must release individual cut-layer activations (smashed data) to the server and wait for its response (during both inference and back propagation). In this work, we present a novel approach for privacy-preserving machine learning, where the clients collaborate via online knowledge distillation using a contrastive loss.
  arXiv  Detail & Related papers  (2022-11-20T10:49:22Z)
• Federated Zero-Shot Learning for Visual Recognition [55.65879596326147]
  We propose a novel Federated Zero-Shot Learning FedZSL framework. FedZSL learns a central model from the decentralized data residing on edge devices. The effectiveness and robustness of FedZSL are demonstrated by extensive experiments conducted on three zero-shot benchmark datasets.
  arXiv  Detail & Related papers  (2022-09-05T14:49:34Z)
• Mixed Differential Privacy in Computer Vision [133.68363478737058]
  AdaMix is an adaptive differentially private algorithm for training deep neural network classifiers using both private and public image data. A few-shot or even zero-shot learning baseline that ignores private data can outperform fine-tuning on a large private dataset.
  arXiv  Detail & Related papers  (2022-03-22T06:15:43Z)
• Similarity-based Label Inference Attack against Training and Inference of Split Learning [13.104547182351332]
  Split learning is a promising paradigm for privacy-preserving distributed learning. This paper shows that the exchanged intermediate results, including smashed data, can already reveal the private labels. We propose three label inference attacks to efficiently recover the private labels during both the training and inference phases.
  arXiv  Detail & Related papers  (2022-03-10T08:02:03Z)
• Scotch: An Efficient Secure Computation Framework for Secure Aggregation [0.0]
  Federated learning enables multiple data owners to jointly train a machine learning model without revealing their private datasets. A malicious aggregation server might use the model parameters to derive sensitive information about the training dataset used. We propose textscScotch, a decentralized textitm-party secure-computation framework for federated aggregation.
  arXiv  Detail & Related papers  (2022-01-19T17:16:35Z)
• Gradient Inversion Attack: Leaking Private Labels in Two-Party Split Learning [12.335698325757491]
  We propose a label leakage attack that allows an adversarial input owner to learn the label owner's private labels. Our attack can uncover the private label data on several multi-class image classification problems and a binary conversion prediction task with near-perfect accuracy. While this technique is effective for simpler datasets, it significantly degrades utility for datasets with higher input dimensionality.
  arXiv  Detail & Related papers  (2021-11-25T16:09:59Z)
• OpenMatch: Open-set Consistency Regularization for Semi-supervised Learning with Outliers [71.08167292329028]
  We propose a novel Open-set Semi-Supervised Learning (OSSL) approach called OpenMatch. OpenMatch unifies FixMatch with novelty detection based on one-vs-all (OVA) classifiers. It achieves state-of-the-art performance on three datasets, and even outperforms a fully supervised model in detecting outliers unseen in unlabeled data on CIFAR10.
  arXiv  Detail & Related papers  (2021-05-28T23:57:15Z)
• Federated Semi-Supervised Learning with Inter-Client Consistency & Disjoint Learning [78.88007892742438]
  We study two essential scenarios of Federated Semi-Supervised Learning (FSSL) based on the location of the labeled data. We propose a novel method to tackle the problems, which we refer to as Federated Matching (FedMatch)
  arXiv  Detail & Related papers  (2020-06-22T09:43:41Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.