EXACT: Extensive Attack for Split Learning

by   Xinchi Qiu, et al.

Privacy-Preserving machine learning (PPML) can help us train and deploy models that utilize private information. In particular, on-device Machine Learning allows us to completely avoid sharing information with a third-party server during inference. However, on-device models are typically less accurate when compared to the server counterparts due to the fact that (1) they typically only rely on a small set of on-device features and (2) they need to be small enough to run efficiently on end-user devices. Split Learning (SL) is a promising approach that can overcome these limitations. In SL, a large machine learning model is divided into two parts, with the bigger part residing on the server-side and a smaller part executing on-device, aiming to incorporate the private features. However, end-to-end training of such models requires exchanging gradients at the cut layer, which might encode private features or labels. In this paper, we provide insights into potential privacy risks associated with SL and introduce a novel attack method, EXACT, to reconstruct private information. Furthermore, we also investigate the effectiveness of various mitigation strategies. Our results indicate that the gradients significantly improve the attacker's effectiveness in all three datasets reaching almost 100 However, a small amount of differential privacy (DP) is quite effective in mitigating this risk without causing significant training degradation.


page 1

page 2

page 3

page 4


Clustering Label Inference Attack against Practical Split Learning

Split learning is deemed as a promising paradigm for privacy-preserving ...

Feature Space Hijacking Attacks against Differentially Private Split Learning

Split learning and differential privacy are technologies with growing po...

Unlocking Accuracy and Fairness in Differentially Private Image Classification

Privacy-preserving machine learning aims to train models on private data...

Generating private data with user customization

Personal devices such as mobile phones can produce and store large amoun...

Differentially Private Label Protection in Split Learning

Split learning is a distributed training framework that allows multiple ...

A Bargaining Game for Personalized, Energy Efficient Split Learning over Wireless Networks

Split learning (SL) is an emergent distributed learning framework which ...

Distributed generation of privacy preserving data with user customization

Distributed devices such as mobile phones can produce and store large am...

Please sign up or login with your details

Forgot password? Click here to reset