TY - GEN
T1 - A More Secure Split: Enhancing the Security of Privacy-Preserving Split Learning
AU - Khan, Tanveer
AU - Nguyen, Khoa
AU - Michalas, Antonis
PY - 2024
Y1 - 2024
N2 - Split learning (SL) is a new collaborative learning technique that allows participants, e.g. a client and a server, to train machine learning models without the client sharing raw data. In this setting, the client initially applies its part of the machine learning model on the raw data to generate Activation Maps (AMs) and then sends them to the server to continue the training process. Previous works in the field demonstrated that reconstructing AMs could result in privacy leakage of client data. In addition to that, existing mitigation techniques that overcome the privacy leakage of SL prove to be significantly worse in terms of accuracy. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data. More precisely, in our approach, the client applies homomorphic encryption on the AMs before sending them to the server, thus protecting user privacy. This is an important improvement that reduces privacy leakage in comparison to other SL-based works. Finally, our results show that, with the optimum set of parameters, training with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared to training on plaintext. In addition, raw training data privacy is preserved.
AB - Split learning (SL) is a new collaborative learning technique that allows participants, e.g. a client and a server, to train machine learning models without the client sharing raw data. In this setting, the client initially applies its part of the machine learning model on the raw data to generate Activation Maps (AMs) and then sends them to the server to continue the training process. Previous works in the field demonstrated that reconstructing AMs could result in privacy leakage of client data. In addition to that, existing mitigation techniques that overcome the privacy leakage of SL prove to be significantly worse in terms of accuracy. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data. More precisely, in our approach, the client applies homomorphic encryption on the AMs before sending them to the server, thus protecting user privacy. This is an important improvement that reduces privacy leakage in comparison to other SL-based works. Finally, our results show that, with the optimum set of parameters, training with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared to training on plaintext. In addition, raw training data privacy is preserved.
U2 - 10.1007/978-3-031-47748-5_17
DO - 10.1007/978-3-031-47748-5_17
M3 - Conference contribution
SN - 978-3-031-47748-5
T3 - Lecture Notes in Computer Science
SP - 307
EP - 329
BT - Secure IT Systems
A2 - Fritsch, Lothar
A2 - Hassan, Ismail
A2 - Paintsil, Ebenezer
PB - Springer
CY - Cham
T2 - Nordic Conference on Secure IT Systems - NordSec
Y2 - 16 November 2023 through 17 November 2023
ER -