Paper 2021/1080
SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning
Ege Erdogan, Alptekin Kupcu, and A. Ercument Cicek
Abstract
Distributed deep learning frameworks, such as split learning, have recently been proposed to enable a group of participants to collaboratively train a deep neural network without sharing their raw data. Split learning in particular achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning a task of its choice. With a concrete example already proposed, such training-hijacking attacks present a significant risk for the data privacy of split learning clients. In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate its effectiveness, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries.
Note: under review
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint. MINOR revision.
- Keywords
- machine learningdata privacysplit learning
- Contact author(s)
- eerdogan17 @ ku edu tr
- History
- 2021-08-23: received
- Short URL
- https://ia.cr/2021/1080
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1080,
author = {Ege Erdogan and Alptekin Kupcu and A. Ercument Cicek},
title = {{SplitGuard}: Detecting and Mitigating Training-Hijacking Attacks in Split Learning},
howpublished = {Cryptology {ePrint} Archive, Paper 2021/1080},
year = {2021},
url = {https://eprint.iacr.org/2021/1080}
}
