Publication:
SplitGuard: detecting and mitigating training-hijacking attacks in split learning

Placeholder

Departments

School / College / Institute

Program

KU Authors

Co-Authors

Cicek, A. Ercument

Publication Date

Language

Embargo Status

Journal Title

Journal ISSN

Volume Title

Alternative Title

Abstract

Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning any task of its choice, e.g. towards outputting easily invertible values. With a concrete example already proposed (Pasquini et al., CCS '21), such training-hijacking attacks present a significant risk for the data privacy of split learning clients. In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate our method's effectiveness, compare it with potential alternatives, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries.

Source

Publisher

Association for Computing Machinery

Subject

Computer science, information systems, Computer science, theory and methods, Telecommunications, Nanoscience and nanotechnology

Citation

Has Part

Source

Proceedings of the 21st Workshop on Privacy in the Electronic Society, WPES 2022

Book Series Title

Edition

DOI

10.1145/3559613.3563198

item.page.datauri

Link

Rights

Copyrights Note

Endorsement

Review

Supplemented By

Referenced By

1

Views

0

Downloads

View PlumX Details