Publication: SplitGuard: detecting and mitigating training-hijacking attacks in split learning
| dc.contributor.coauthor | Cicek, A. Ercument | |
| dc.contributor.department | Department of Computer Engineering | |
| dc.contributor.kuauthor | Erdoğan, Ege | |
| dc.contributor.kuauthor | Küpçü, Alptekin | |
| dc.contributor.schoolcollegeinstitute | College of Engineering | |
| dc.date.accessioned | 2025-03-06T21:00:06Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning any task of its choice, e.g. towards outputting easily invertible values. With a concrete example already proposed (Pasquini et al., CCS '21), such training-hijacking attacks present a significant risk for the data privacy of split learning clients. In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate our method's effectiveness, compare it with potential alternatives, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries. | |
| dc.description.indexedby | WOS | |
| dc.description.indexedby | Scopus | |
| dc.description.publisherscope | International | |
| dc.description.sponsoredbyTubitakEu | TÜBİTAK | |
| dc.description.sponsorship | We acknowledge support from TÜBİTAK, the Scientific and Technological Research Council of Turkey, under project number 119E088. | |
| dc.identifier.doi | 10.1145/3559613.3563198 | |
| dc.identifier.grantno | TÜBİTAK;Scientific and Technological Research Council of Turkey [119E088] | |
| dc.identifier.isbn | 9781450398732 | |
| dc.identifier.quartile | N/A | |
| dc.identifier.scopus | 2-s2.0-85143253952 | |
| dc.identifier.uri | https://doi.org/10.1145/3559613.3563198 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14288/27843 | |
| dc.identifier.wos | 1138986700013 | |
| dc.keywords | Machine learning | |
| dc.keywords | Split learning | |
| dc.keywords | Data privacy | |
| dc.keywords | Model inversion | |
| dc.language.iso | eng | |
| dc.publisher | Association for Computing Machinery | |
| dc.relation.ispartof | Proceedings of the 21st Workshop on Privacy in the Electronic Society, WPES 2022 | |
| dc.subject | Computer science, information systems | |
| dc.subject | Computer science, theory and methods | |
| dc.subject | Telecommunications | |
| dc.subject | Nanoscience and nanotechnology | |
| dc.title | SplitGuard: detecting and mitigating training-hijacking attacks in split learning | |
| dc.type | Conference Proceeding | |
| dspace.entity.type | Publication | |
| local.contributor.kuauthor | Erdoğan, Ege | |
| local.contributor.kuauthor | Küpçü, Alptekin | |
| local.publication.orgunit1 | College of Engineering | |
| local.publication.orgunit2 | Department of Computer Engineering | |
| relation.isOrgUnitOfPublication | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isOrgUnitOfPublication.latestForDiscovery | 89352e43-bf09-4ef4-82f6-6f9d0174ebae | |
| relation.isParentOrgUnitOfPublication | 8e756b23-2d4a-4ce8-b1b3-62c794a8c164 | |
| relation.isParentOrgUnitOfPublication.latestForDiscovery | 8e756b23-2d4a-4ce8-b1b3-62c794a8c164 |