Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning

Tutkimustuotos: KonferenssiartikkeliScientificvertaisarvioitu

7 Lataukset (Pure)

Abstrakti

The popularity of Machine Learning (ML) makes the privacy of sensitive data more imperative than ever. Collaborative learning techniques like Split Learning (SL) aim to protect client data while enhancing ML processes. Though promising, SL has been proved to be vulnerable to a plethora of attacks, thus raising concerns about its effectiveness on data privacy. In this work, we introduce a hybrid approach combining SL and Function Secret Sharing (FSS) to ensure client data privacy. The client adds a random mask to the activation map before sending it to the servers. The servers cannot access the original function but instead work with shares generated using FSS. Consequently, during both forward and backward propagation, the servers cannot reconstruct the client's raw data from the activation map. Furthermore, through visual invertibility, we demonstrate that the server is incapable of reconstructing the raw image data from the activation map when using FSS. It enhances privacy by reducing privacy leakage compared to other SL-based approaches where the server can access client input information. Our approach also ensures security against feature space hijacking attack, protecting sensitive information from potential manipulation. Our protocols yield promising results, reducing communication overhead by over 2× and training time by over 7× compared to the same model with FSS, without any SL. Also, we show that our approach achieves > 96% accuracy and remains equivalent to the plaintext models.

AlkuperäiskieliEnglanti
OtsikkoProceedings of the 29th ACM Symposium on Access Control Models and Technologies (SACMAT 2024)
KustantajaACM
Sivut19-30
Sivumäärä12
ISBN (elektroninen)979-8-4007-0491-8
DOI - pysyväislinkit
TilaJulkaistu - 24 kesäk. 2024
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaACM Symposium on Access Control Models and Technologies - San Antonio, Yhdysvallat
Kesto: 15 toukok. 202417 toukok. 2024

Conference

ConferenceACM Symposium on Access Control Models and Technologies
Maa/AlueYhdysvallat
KaupunkiSan Antonio
Ajanjakso15/05/2417/05/24

Julkaisufoorumi-taso

  • Jufo-taso 1

!!ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Sormenjälki

Sukella tutkimusaiheisiin 'Make Split, not Hijack: Preventing Feature-Space Hijacking Attacks in Split Learning'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä