Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning

• URL: http://arxiv.org/abs/2404.09265v1
• Date: Sun, 14 Apr 2024 14:14:31 GMT
• Title: Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning
• Authors: Tanveer Khan, Mindaugas Budzys, Antonis Michalas,
• Abstract summary: We introduce a hybrid approach combining Split Learning (SL) and Function Secret Sharing (FSS) to ensure client data privacy. Our protocols yield promising results, reducing communication overhead by over 2x and training time by over 7x compared to the same model with FSS, without any SL.
• Score: 1.6822770693792823
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The popularity of Machine Learning (ML) makes the privacy of sensitive data more imperative than ever. Collaborative learning techniques like Split Learning (SL) aim to protect client data while enhancing ML processes. Though promising, SL has been proved to be vulnerable to a plethora of attacks, thus raising concerns about its effectiveness on data privacy. In this work, we introduce a hybrid approach combining SL and Function Secret Sharing (FSS) to ensure client data privacy. The client adds a random mask to the activation map before sending it to the servers. The servers cannot access the original function but instead work with shares generated using FSS. Consequently, during both forward and backward propagation, the servers cannot reconstruct the client's raw data from the activation map. Furthermore, through visual invertibility, we demonstrate that the server is incapable of reconstructing the raw image data from the activation map when using FSS. It enhances privacy by reducing privacy leakage compared to other SL-based approaches where the server can access client input information. Our approach also ensures security against feature space hijacking attack, protecting sensitive information from potential manipulation. Our protocols yield promising results, reducing communication overhead by over 2x and training time by over 7x compared to the same model with FSS, without any SL. Also, we show that our approach achieves >96% accuracy and remains equivalent to the plaintext models.

Related papers

• KnowledgeSG: Privacy-Preserving Synthetic Text Generation with Knowledge Distillation from Server [48.04903443425111]
  Large language models (LLMs) facilitate many parties to fine-tune LLMs on their own private data. Existing solutions, such as utilizing synthetic data for substitution, struggle to simultaneously improve performance and preserve privacy. We propose KnowledgeSG, a novel client-server framework which enhances synthetic data quality and improves model performance while ensuring privacy.
  arXiv  Detail & Related papers  (2024-10-08T06:42:28Z)
• Federated Face Forgery Detection Learning with Personalized Representation [63.90408023506508]
  Deep generator technology can produce high-quality fake videos that are indistinguishable, posing a serious social threat. Traditional forgery detection methods directly centralized training on data. The paper proposes a novel federated face forgery detection learning with personalized representation.
  arXiv  Detail & Related papers  (2024-06-17T02:20:30Z)
• A Stealthy Wrongdoer: Feature-Oriented Reconstruction Attack against Split Learning [14.110303634976272]
  Split Learning (SL) is a distributed learning framework renowned for its privacy-preserving features and minimal computational requirements. Previous research consistently highlights the potential privacy breaches in SL systems by server adversaries reconstructing training data. This paper introduces a new semi-honest Data Reconstruction Attack on SL, named Feature-Oriented Reconstruction Attack (FORA)
  arXiv  Detail & Related papers  (2024-05-07T08:38:35Z)
• Love or Hate? Share or Split? Privacy-Preserving Training Using Split Learning and Homomorphic Encryption [47.86010265348072]
  Split learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data. Previous works demonstrated that reconstructing activation maps could result in privacy leakage of client data. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
  arXiv  Detail & Related papers  (2023-09-19T10:56:08Z)
• A More Secure Split: Enhancing the Security of Privacy-Preserving Split Learning [2.853180143237022]
  Split learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data. Previous works demonstrated that reconstructing Activation Maps (AMs) could result in privacy leakage of client data. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
  arXiv  Detail & Related papers  (2023-09-15T18:39:30Z)
• Split Without a Leak: Reducing Privacy Leakage in Split Learning [3.2066885499201176]
  We propose a hybrid approach using Split Learning (SL) and Homomorphic Encryption (HE) On the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches.
  arXiv  Detail & Related papers  (2023-08-30T06:28:42Z)
• FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
  Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
  arXiv  Detail & Related papers  (2023-07-18T08:00:41Z)
• Subspace based Federated Unlearning [75.90552823500633]
  Federated unlearning (FL) aims to remove a specified target client's contribution in FL to satisfy the user's right to be forgotten. Most existing federated unlearning algorithms require the server to store the history of the parameter updates. We propose a simple-yet-effective subspace based federated unlearning method, dubbed SFU, that lets the global model perform gradient ascent.
  arXiv  Detail & Related papers  (2023-02-24T04:29:44Z)
• Split Ways: Privacy-Preserving Training of Encrypted Data Using Split Learning [6.916134299626706]
  Split Learning (SL) is a new collaborative learning technique that allows participants to train machine learning models without the client sharing raw data. Previous works demonstrated that reconstructing activation maps could result in privacy leakage of client data. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data.
  arXiv  Detail & Related papers  (2023-01-20T19:26:51Z)
• Scalable Collaborative Learning via Representation Sharing [53.047460465980144]
  Federated learning (FL) and Split Learning (SL) are two frameworks that enable collaborative learning while keeping the data private (on device) In FL, each data holder trains a model locally and releases it to a central server for aggregation. In SL, the clients must release individual cut-layer activations (smashed data) to the server and wait for its response (during both inference and back propagation). In this work, we present a novel approach for privacy-preserving machine learning, where the clients collaborate via online knowledge distillation using a contrastive loss.
  arXiv  Detail & Related papers  (2022-11-20T10:49:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.