Towards Privacy-Preserving Split Learning: Destabilizing Adversarial Inference and Reconstruction Attacks in the Cloud

Higgins, Griffin; Razavi-Far, Roozbeh; Zhang, Xichen; David, Amir; Ghorbani, Ali; Ge, Tongyu

doi:10.2139/ssrn.5062204

Download This Paper

Open PDF in Browser

Add Paper to My Library

Towards Privacy-Preserving Split Learning: Destabilizing Adversarial Inference and Reconstruction Attacks in the Cloud

18 Pages Posted: 18 Dec 2024

See all articles by Griffin Higgins

Ali Ghorbani

University of New Brunswick - Fredericton

This work aims to provide both privacy and utility within a split learning framework while consideringboth forward attribute inference and backward reconstruction attacks. To address this, a novelapproach has been proposed, which makes use of class activation maps and autoencoders as a plug-instrategy aiming to increase the user’s privacy and destabilize an adversary. The proposed approachis compared with a dimensionality-reduction-based plug-in strategy, which makes use of principalcomponent analysis to transform the feature map onto a lower-dimensional feature space. Our workshows that our proposed autoencoder-based approach is preferred as it can provide protection at anearlier split position over the tested architectures in our setting, and, hence, better utility for resource constraineddevices in edge-cloud collaborative inference (EC) systems.

Keywords: Split Learning, Edge-cloud Collaborative Systems, Privacy-Preserving Learning, Autoencoder, Dimensionality Reduction, Privacy and Utility

Suggested Citation: Suggested Citation

Higgins, Griffin and Razavi-Far, Roozbeh and Zhang, Xichen and David, Amir and Ghorbani, Ali and Ge, Tongyu, Towards Privacy-Preserving Split Learning: Destabilizing Adversarial Inference and Reconstruction Attacks in the Cloud. Available at SSRN: https://ssrn.com/abstract=5062204 or http://dx.doi.org/10.2139/ssrn.5062204