Related papers: Privacy-Preserving Split Learning with Vision Transformers using Patch-Wise Random and Noisy CutMix

Privacy-Preserving Split Learning with Vision Transformers using Patch-Wise Random and Noisy CutMix

URL: http://arxiv.org/abs/2408.01040v1
Date: Fri, 2 Aug 2024 06:24:39 GMT
Title: Privacy-Preserving Split Learning with Vision Transformers using Patch-Wise Random and Noisy CutMix
Authors: Seungeun Oh, Sihun Baek, Jihong Park, Hyelin Nam, Praneeth Vepakomma, Ramesh Raskar, Mehdi Bennis, Seong-Lyun Kim,
Abstract summary: In computer vision, the vision transformer (ViT) has increasingly superseded the convolutional neural network (CNN) for improved accuracy and robustness. Split learning (SL) emerges as a viable solution, leveraging server-side resources to train ViTs while utilizing private data from distributed devices. We propose a novel privacy-preserving SL framework that injects Gaussian noise into smashed data and mixes randomly chosen patches of smashed data across clients, coined DP-CutMixSL.
Score: 38.370923655357366
License: http://creativecommons.org/licenses/by/4.0/
Abstract: In computer vision, the vision transformer (ViT) has increasingly superseded the convolutional neural network (CNN) for improved accuracy and robustness. However, ViT's large model sizes and high sample complexity make it difficult to train on resource-constrained edge devices. Split learning (SL) emerges as a viable solution, leveraging server-side resources to train ViTs while utilizing private data from distributed devices. However, SL requires additional information exchange for weight updates between the device and the server, which can be exposed to various attacks on private training data. To mitigate the risk of data breaches in classification tasks, inspired from the CutMix regularization, we propose a novel privacy-preserving SL framework that injects Gaussian noise into smashed data and mixes randomly chosen patches of smashed data across clients, coined DP-CutMixSL. Our analysis demonstrates that DP-CutMixSL is a differentially private (DP) mechanism that strengthens privacy protection against membership inference attacks during forward propagation. Through simulations, we show that DP-CutMixSL improves privacy protection against membership inference attacks, reconstruction attacks, and label inference attacks, while also improving accuracy compared to DP-SL and DP-MixSL.

Related papers

DMM: Distributed Matrix Mechanism for Differentially-Private Federated Learning using Packed Secret Sharing [51.336015600778396]
Federated Learning (FL) has gained lots of traction recently, both in industry and academia. In FL, a machine learning model is trained using data from various end-users arranged in committees across several rounds. Since such data can often be sensitive, a primary challenge in FL is providing privacy while still retaining utility of the model.
arXiv Detail & Related papers (2024-10-21T16:25:14Z)
Enhancing Accuracy-Privacy Trade-off in Differentially Private Split Learning [2.2676798389997863]
Split learning (SL) aims to protect user data privacy by distributing deep models between client-server and keeping private data locally. Recently proposed model inversion attacks can recover the original data from the smashed data. A strategy is to adopt differential privacy (DP), which involves safeguarding the smashed data at the expense of some accuracy loss.
arXiv Detail & Related papers (2023-10-22T22:45:13Z)
Split Learning without Local Weight Sharing to Enhance Client-side Data Privacy [11.092451849022268]
Split learning (SL) aims to protect user data privacy by distributing deep models between client-server and keeping private data locally. This paper first reveals data privacy leakage exacerbated from local weight sharing among the clients in SL through model inversion attacks. We propose and analyze privacy-enhanced SL (P-SL) (or SL without local weight sharing) to reduce the data privacy leakage issue.
arXiv Detail & Related papers (2022-12-01T03:35:14Z)
Differentially Private CutMix for Split Learning with Vision Transformer [42.47713044228984]
Vision transformer (ViT) has started to outpace the conventional CNN in computer vision tasks. Considering privacy-preserving distributed learning with ViT, we propose DP-CutMixSL.
arXiv Detail & Related papers (2022-10-28T08:33:29Z)
Joint Privacy Enhancement and Quantization in Federated Learning [23.36363480217293]
Federated learning (FL) is an emerging paradigm for training machine learning models using possibly private data available at edge devices. We propose a method coined joint privacy enhancement and quantization (JoPEQ) We show that JoPEQ simultaneously quantizes data according to a required bit-rate while holding a desired privacy level.
arXiv Detail & Related papers (2022-08-23T11:42:58Z)
Visual Transformer Meets CutMix for Improved Accuracy, Communication Efficiency, and Data Privacy in Split Learning [47.266470238551314]
This article seeks for a distributed learning solution for the visual transformer (ViT) architectures. ViTs often have larger model sizes, and are computationally expensive, making federated learning (FL) ill-suited. We propose a new form of CutSmashed data by randomly punching and compressing the original smashed data. We develop a novel SL framework for ViT, coined CutMixSL, communicating CutSmashed data.
arXiv Detail & Related papers (2022-07-01T07:00:30Z)
AirMixML: Over-the-Air Data Mixup for Inherently Privacy-Preserving Edge Machine Learning [54.52660257575346]
We propose a privacy-preserving machine learning framework at the network edge, coined over-the-air mixup ML (AirMixML) In AirMixML, multiple workers transmit analog-modulated signals of their private data samples to an edge server who trains an ML model using the received noisy-and superpositioned samples. By simulations, we provide DirMix(alpha)-PC design guidelines to improve accuracy, privacy, and energy-efficiency.
arXiv Detail & Related papers (2021-05-02T05:45:43Z)
Differentially Private Federated Learning with Laplacian Smoothing [72.85272874099644]
Federated learning aims to protect data privacy by collaboratively learning a model without sharing private data among users. An adversary may still be able to infer the private training data by attacking the released model. Differential privacy provides a statistical protection against such attacks at the price of significantly degrading the accuracy or utility of the trained models.
arXiv Detail & Related papers (2020-05-01T04:28:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.