Paper 2021/1080

SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning

Ege Erdogan, Alptekin Kupcu, and A. Ercument Cicek

Abstract

Distributed deep learning frameworks, such as split learning, have recently been proposed to enable a group of participants to collaboratively train a deep neural network without sharing their raw data. Split learning in particular achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning a task of its choice. With a concrete example already proposed, such training-hijacking attacks present a significant risk for the data privacy of split learning clients. In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate its effectiveness, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries.

Note: under review

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
machine learningdata privacysplit learning
Contact author(s)
eerdogan17 @ ku edu tr
History
2021-08-23: received
Short URL
https://ia.cr/2021/1080
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1080,
      author = {Ege Erdogan and Alptekin Kupcu and A.  Ercument Cicek},
      title = {SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1080},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1080}},
      url = {https://eprint.iacr.org/2021/1080}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.