Split Without a Leak: Reducing Privacy Leakage in Split Learning

Khoa Nguyen; Tanveer Khan; Antonis Michalas

doi:10.1007/978-3-031-64954-7_17

Split Without a Leak: Reducing Privacy Leakage in Split Learning

Khoa Nguyen
, Tanveer Khan^*
, Antonis Michalas

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

4 Citations (Scopus)

Abstract

The popularity of Deep Learning (DL) makes the privacy of sensitive data more imperative than ever. As a result, various privacy-preserving techniques have been implemented to preserve user data privacy in DL. Among various privacy-preserving techniques, collaborative learning techniques, such as Split Learning (SL) have been utilized to accelerate the learning and prediction process. Initially, SL was considered a promising approach to data privacy. However, subsequent research has demonstrated that SL is susceptible to many types of attacks and, therefore, it cannot serve as a privacy-preserving technique. Meanwhile, countermeasures using a combination of SL and encryption have also been introduced to achieve privacy-preserving deep learning. In this work, we propose a hybrid approach using SL and Homomorphic Encryption (HE). The idea behind it is that the client encrypts the activation map (the output of the split layer between the client and the server) before sending it to the server. Hence, during both forward and backward propagation, the server cannot reconstruct the client’s input data from the intermediate activation map. This improvement is important as it reduces privacy leakage compared to other SL-based works, where the server can gain valuable information about the client’s input. In addition, on the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches, thereby offering improved privacy protection for sensitive data in DL.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings
Editors	Haixin Duan, Mourad Debbabi, Xavier de Carné de Carnavalet, Xiapu Luo, Man Ho Allen Au, Xiaojiang Du
Publisher	Springer
Pages	321-344
Number of pages	24
ISBN (Electronic)	978-3-031-64954-7
ISBN (Print)	978-3-031-64953-0
DOIs	https://doi.org/10.1007/978-3-031-64954-7_17
Publication status	Published - 2024
Publication type	A4 Article in conference proceedings
Event	EAI International Conference on Security and Privacy in Communication Networks - Hong Kong, China Duration: 19 Oct 2023 → 21 Oct 2023

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume	568 LNICST
ISSN (Print)	1867-8211
ISSN (Electronic)	1867-822X

Conference

Conference	EAI International Conference on Security and Privacy in Communication Networks
Country/Territory	China
City	Hong Kong
Period	19/10/23 → 21/10/23

Keywords

Homomorphic Encryption
Machine Learning
Privacy-preserving Techniques
Split Learning

Publication forum classification

Publication forum level 1

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1007/978-3-031-64954-7_17

Cite this

Nguyen, K., Khan, T., & Michalas, A. (2024). Split Without a Leak: Reducing Privacy Leakage in Split Learning. In H. Duan, M. Debbabi, X. de Carné de Carnavalet, X. Luo, M. H. A. Au, & X. Du (Eds.), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings (pp. 321-344). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 568 LNICST). Springer. https://doi.org/10.1007/978-3-031-64954-7_17

Nguyen, Khoa ; Khan, Tanveer ; Michalas, Antonis. / Split Without a Leak : Reducing Privacy Leakage in Split Learning. Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. editor / Haixin Duan ; Mourad Debbabi ; Xavier de Carné de Carnavalet ; Xiapu Luo ; Man Ho Allen Au ; Xiaojiang Du. Springer, 2024. pp. 321-344 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).

@inproceedings{437e7581771a4e6e856bbd662f8feed9,

title = "Split Without a Leak: Reducing Privacy Leakage in Split Learning",

abstract = "The popularity of Deep Learning (DL) makes the privacy of sensitive data more imperative than ever. As a result, various privacy-preserving techniques have been implemented to preserve user data privacy in DL. Among various privacy-preserving techniques, collaborative learning techniques, such as Split Learning (SL) have been utilized to accelerate the learning and prediction process. Initially, SL was considered a promising approach to data privacy. However, subsequent research has demonstrated that SL is susceptible to many types of attacks and, therefore, it cannot serve as a privacy-preserving technique. Meanwhile, countermeasures using a combination of SL and encryption have also been introduced to achieve privacy-preserving deep learning. In this work, we propose a hybrid approach using SL and Homomorphic Encryption (HE). The idea behind it is that the client encrypts the activation map (the output of the split layer between the client and the server) before sending it to the server. Hence, during both forward and backward propagation, the server cannot reconstruct the client{\textquoteright}s input data from the intermediate activation map. This improvement is important as it reduces privacy leakage compared to other SL-based works, where the server can gain valuable information about the client{\textquoteright}s input. In addition, on the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches, thereby offering improved privacy protection for sensitive data in DL.",

keywords = "Homomorphic Encryption, Machine Learning, Privacy-preserving Techniques, Split Learning",

author = "Khoa Nguyen and Tanveer Khan and Antonis Michalas",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.; EAI International Conference on Security and Privacy in Communication Networks ; Conference date: 19-10-2023 Through 21-10-2023",

year = "2024",

doi = "10.1007/978-3-031-64954-7\_17",

language = "English",

isbn = "978-3-031-64953-0",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering",

publisher = "Springer",

pages = "321--344",

editor = "Haixin Duan and Mourad Debbabi and \{de Carn{\'e} de Carnavalet\}, Xavier and Xiapu Luo and Au, \{Man Ho Allen\} and Xiaojiang Du",

booktitle = "Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings",

}

Nguyen, K, Khan, T & Michalas, A 2024, Split Without a Leak: Reducing Privacy Leakage in Split Learning. in H Duan, M Debbabi, X de Carné de Carnavalet, X Luo, MHA Au & X Du (eds), Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol. 568 LNICST, Springer, pp. 321-344, EAI International Conference on Security and Privacy in Communication Networks, Hong Kong, China, 19/10/23. https://doi.org/10.1007/978-3-031-64954-7_17

Split Without a Leak: Reducing Privacy Leakage in Split Learning. / Nguyen, Khoa; Khan, Tanveer ; Michalas, Antonis.
Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. ed. / Haixin Duan; Mourad Debbabi; Xavier de Carné de Carnavalet; Xiapu Luo; Man Ho Allen Au; Xiaojiang Du. Springer, 2024. p. 321-344 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 568 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Split Without a Leak

T2 - EAI International Conference on Security and Privacy in Communication Networks

AU - Nguyen, Khoa

AU - Khan, Tanveer

AU - Michalas, Antonis

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2025.

PY - 2024

Y1 - 2024

N2 - The popularity of Deep Learning (DL) makes the privacy of sensitive data more imperative than ever. As a result, various privacy-preserving techniques have been implemented to preserve user data privacy in DL. Among various privacy-preserving techniques, collaborative learning techniques, such as Split Learning (SL) have been utilized to accelerate the learning and prediction process. Initially, SL was considered a promising approach to data privacy. However, subsequent research has demonstrated that SL is susceptible to many types of attacks and, therefore, it cannot serve as a privacy-preserving technique. Meanwhile, countermeasures using a combination of SL and encryption have also been introduced to achieve privacy-preserving deep learning. In this work, we propose a hybrid approach using SL and Homomorphic Encryption (HE). The idea behind it is that the client encrypts the activation map (the output of the split layer between the client and the server) before sending it to the server. Hence, during both forward and backward propagation, the server cannot reconstruct the client’s input data from the intermediate activation map. This improvement is important as it reduces privacy leakage compared to other SL-based works, where the server can gain valuable information about the client’s input. In addition, on the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches, thereby offering improved privacy protection for sensitive data in DL.

AB - The popularity of Deep Learning (DL) makes the privacy of sensitive data more imperative than ever. As a result, various privacy-preserving techniques have been implemented to preserve user data privacy in DL. Among various privacy-preserving techniques, collaborative learning techniques, such as Split Learning (SL) have been utilized to accelerate the learning and prediction process. Initially, SL was considered a promising approach to data privacy. However, subsequent research has demonstrated that SL is susceptible to many types of attacks and, therefore, it cannot serve as a privacy-preserving technique. Meanwhile, countermeasures using a combination of SL and encryption have also been introduced to achieve privacy-preserving deep learning. In this work, we propose a hybrid approach using SL and Homomorphic Encryption (HE). The idea behind it is that the client encrypts the activation map (the output of the split layer between the client and the server) before sending it to the server. Hence, during both forward and backward propagation, the server cannot reconstruct the client’s input data from the intermediate activation map. This improvement is important as it reduces privacy leakage compared to other SL-based works, where the server can gain valuable information about the client’s input. In addition, on the MIT-BIH dataset, our proposed hybrid approach using SL and HE yields faster training time (about 6 times) and significantly reduced communication overhead (almost 160 times) compared to other HE-based approaches, thereby offering improved privacy protection for sensitive data in DL.

KW - Homomorphic Encryption

KW - Machine Learning

KW - Privacy-preserving Techniques

KW - Split Learning

U2 - 10.1007/978-3-031-64954-7_17

DO - 10.1007/978-3-031-64954-7_17

M3 - Conference contribution

AN - SCOPUS:85207543395

SN - 978-3-031-64953-0

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

SP - 321

EP - 344

BT - Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings

A2 - Duan, Haixin

A2 - Debbabi, Mourad

A2 - de Carné de Carnavalet, Xavier

A2 - Luo, Xiapu

A2 - Au, Man Ho Allen

A2 - Du, Xiaojiang

PB - Springer

Y2 - 19 October 2023 through 21 October 2023

ER -

Nguyen K, Khan T , Michalas A. Split Without a Leak: Reducing Privacy Leakage in Split Learning. In Duan H, Debbabi M, de Carné de Carnavalet X, Luo X, Au MHA, Du X, editors, Security and Privacy in Communication Networks - 19th EAI International Conference, SecureComm 2023, Proceedings. Springer. 2024. p. 321-344. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering). doi: 10.1007/978-3-031-64954-7_17