Love or Hate? Share or Split? Privacy-Preserving Training Using Split
Learning and Homomorphic Encryption
- URL: http://arxiv.org/abs/2309.10517v1
- Date: Tue, 19 Sep 2023 10:56:08 GMT
- Title: Love or Hate? Share or Split? Privacy-Preserving Training Using Split
Learning and Homomorphic Encryption
- Authors: Tanveer Khan, Khoa Nguyen, Antonis Michalas, Alexandros Bakas
- Abstract summary: Split learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data.
Previous works demonstrated that reconstructing activation maps could result in privacy leakage of client data.
In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
- Score: 47.86010265348072
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Split learning (SL) is a new collaborative learning technique that allows
participants, e.g. a client and a server, to train machine learning models
without the client sharing raw data. In this setting, the client initially
applies its part of the machine learning model on the raw data to generate
activation maps and then sends them to the server to continue the training
process. Previous works in the field demonstrated that reconstructing
activation maps could result in privacy leakage of client data. In addition to
that, existing mitigation techniques that overcome the privacy leakage of SL
prove to be significantly worse in terms of accuracy. In this paper, we improve
upon previous works by constructing a protocol based on U-shaped SL that can
operate on homomorphically encrypted data. More precisely, in our approach, the
client applies homomorphic encryption on the activation maps before sending
them to the server, thus protecting user privacy. This is an important
improvement that reduces privacy leakage in comparison to other SL-based works.
Finally, our results show that, with the optimum set of parameters, training
with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared
to training on plaintext. In addition, raw training data privacy is preserved.
Related papers
- KnowledgeSG: Privacy-Preserving Synthetic Text Generation with Knowledge Distillation from Server [48.04903443425111]
Large language models (LLMs) facilitate many parties to fine-tune LLMs on their own private data.
Existing solutions, such as utilizing synthetic data for substitution, struggle to simultaneously improve performance and preserve privacy.
We propose KnowledgeSG, a novel client-server framework which enhances synthetic data quality and improves model performance while ensuring privacy.
arXiv Detail & Related papers (2024-10-08T06:42:28Z) - Federated Face Forgery Detection Learning with Personalized Representation [63.90408023506508]
Deep generator technology can produce high-quality fake videos that are indistinguishable, posing a serious social threat.
Traditional forgery detection methods directly centralized training on data.
The paper proposes a novel federated face forgery detection learning with personalized representation.
arXiv Detail & Related papers (2024-06-17T02:20:30Z) - Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning [1.6822770693792823]
We introduce a hybrid approach combining Split Learning (SL) and Function Secret Sharing (FSS) to ensure client data privacy.
Our protocols yield promising results, reducing communication overhead by over 2x and training time by over 7x compared to the same model with FSS, without any SL.
arXiv Detail & Related papers (2024-04-14T14:14:31Z) - Blockchain-enabled Trustworthy Federated Unlearning [50.01101423318312]
Federated unlearning is a promising paradigm for protecting the data ownership of distributed clients.
Existing works require central servers to retain the historical model parameters from distributed clients.
This paper proposes a new blockchain-enabled trustworthy federated unlearning framework.
arXiv Detail & Related papers (2024-01-29T07:04:48Z) - A More Secure Split: Enhancing the Security of Privacy-Preserving Split Learning [2.853180143237022]
Split learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data.
Previous works demonstrated that reconstructing Activation Maps (AMs) could result in privacy leakage of client data.
In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
arXiv Detail & Related papers (2023-09-15T18:39:30Z) - Split Without a Leak: Reducing Privacy Leakage in Split Learning [3.2066885499201176]
We propose a hybrid approach using Split Learning (SL) and Homomorphic Encryption (HE)
On the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches.
arXiv Detail & Related papers (2023-08-30T06:28:42Z) - Client-specific Property Inference against Secure Aggregation in
Federated Learning [52.8564467292226]
Federated learning has become a widely used paradigm for collaboratively training a common model among different participants.
Many attacks have shown that it is still possible to infer sensitive information such as membership, property, or outright reconstruction of participant data.
We show that simple linear models can effectively capture client-specific properties only from the aggregated model updates.
arXiv Detail & Related papers (2023-03-07T14:11:01Z) - Split Ways: Privacy-Preserving Training of Encrypted Data Using Split
Learning [6.916134299626706]
Split Learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data.
Previous works demonstrated that reconstructing activation maps could result in privacy leakage of client data.
In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
arXiv Detail & Related papers (2023-01-20T19:26:51Z) - Scalable Collaborative Learning via Representation Sharing [53.047460465980144]
Federated learning (FL) and Split Learning (SL) are two frameworks that enable collaborative learning while keeping the data private (on device)
In FL, each data holder trains a model locally and releases it to a central server for aggregation.
In SL, the clients must release individual cut-layer activations (smashed data) to the server and wait for its response (during both inference and back propagation).
In this work, we present a novel approach for privacy-preserving machine learning, where the clients collaborate via online knowledge distillation using a contrastive loss.
arXiv Detail & Related papers (2022-11-20T10:49:22Z) - Vulnerability Due to Training Order in Split Learning [0.0]
In split learning, an additional privacy-preserving algorithm called no-peek algorithm can be incorporated, which is robust to adversarial attacks.
We show that the model trained using the data of all clients does not perform well on the client's data which was considered earliest in a round for training the model.
We also demonstrate that the SplitFedv3 algorithm mitigates this problem while still leveraging the privacy benefits provided by split learning.
arXiv Detail & Related papers (2021-03-26T06:30:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.