Unleashing the Tiger: Inference Attacks on Split Learning

Dario Pasquini; Giuseppe Ateniese; Massimo Bernaschi

doi:10.1145/3460120.3485259

Unleashing the Tiger: Inference Attacks on Split Learning

Dario Pasquini, Giuseppe Ateniese, Massimo Bernaschi

Department of Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

119 Scopus citations

Abstract

We investigate the security of split learning - -a novel collaborative machine learning framework that enables peak performance by requiring minimal resource consumption. In the present paper, we expose vulnerabilities of the protocol and demonstrate its inherent insecurity by introducing general attack strategies targeting the reconstruction of clients' private training sets. More prominently, we show that a malicious server can actively hijack the learning process of the distributed model and bring it into an insecure state that enables inference attacks on clients' data. We implement different adaptations of the attack and test them on various datasets as well as within realistic threat scenarios. We demonstrate that our attack can overcome recently proposed defensive techniques aimed at enhancing the security of the split learning protocol. Finally, we also illustrate the protocol's insecurity against malicious clients by extending previously devised attacks for Federated Learning.

Original language	English
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Pages	2113-2129
Number of pages	17
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3485259
State	Published - 13 Nov 2021
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: 15 Nov 2021 → 19 Nov 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	15/11/21 → 19/11/21

Keywords

ML security
collaborative learning
deep learning

Access to Document

10.1145/3460120.3485259

Cite this

@inproceedings{1a70ce68d7404418a82d4c76409ae725,

title = "Unleashing the Tiger: Inference Attacks on Split Learning",

abstract = "We investigate the security of split learning - -a novel collaborative machine learning framework that enables peak performance by requiring minimal resource consumption. In the present paper, we expose vulnerabilities of the protocol and demonstrate its inherent insecurity by introducing general attack strategies targeting the reconstruction of clients' private training sets. More prominently, we show that a malicious server can actively hijack the learning process of the distributed model and bring it into an insecure state that enables inference attacks on clients' data. We implement different adaptations of the attack and test them on various datasets as well as within realistic threat scenarios. We demonstrate that our attack can overcome recently proposed defensive techniques aimed at enhancing the security of the split learning protocol. Finally, we also illustrate the protocol's insecurity against malicious clients by extending previously devised attacks for Federated Learning.",

keywords = "ML security, collaborative learning, deep learning",

author = "Dario Pasquini and Giuseppe Ateniese and Massimo Bernaschi",

note = "Publisher Copyright: {\textcopyright} 2021 ACM.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "13",

doi = "10.1145/3460120.3485259",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "2113--2129",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

}

Pasquini, D, Ateniese, G & Bernaschi, M 2021, Unleashing the Tiger: Inference Attacks on Split Learning. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 2113-2129, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 15/11/21. https://doi.org/10.1145/3460120.3485259

Unleashing the Tiger: Inference Attacks on Split Learning. / Pasquini, Dario; Ateniese, Giuseppe; Bernaschi, Massimo.
CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021. p. 2113-2129 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Unleashing the Tiger

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

AU - Pasquini, Dario

AU - Ateniese, Giuseppe

AU - Bernaschi, Massimo

PY - 2021/11/13

Y1 - 2021/11/13

N2 - We investigate the security of split learning - -a novel collaborative machine learning framework that enables peak performance by requiring minimal resource consumption. In the present paper, we expose vulnerabilities of the protocol and demonstrate its inherent insecurity by introducing general attack strategies targeting the reconstruction of clients' private training sets. More prominently, we show that a malicious server can actively hijack the learning process of the distributed model and bring it into an insecure state that enables inference attacks on clients' data. We implement different adaptations of the attack and test them on various datasets as well as within realistic threat scenarios. We demonstrate that our attack can overcome recently proposed defensive techniques aimed at enhancing the security of the split learning protocol. Finally, we also illustrate the protocol's insecurity against malicious clients by extending previously devised attacks for Federated Learning.

AB - We investigate the security of split learning - -a novel collaborative machine learning framework that enables peak performance by requiring minimal resource consumption. In the present paper, we expose vulnerabilities of the protocol and demonstrate its inherent insecurity by introducing general attack strategies targeting the reconstruction of clients' private training sets. More prominently, we show that a malicious server can actively hijack the learning process of the distributed model and bring it into an insecure state that enables inference attacks on clients' data. We implement different adaptations of the attack and test them on various datasets as well as within realistic threat scenarios. We demonstrate that our attack can overcome recently proposed defensive techniques aimed at enhancing the security of the split learning protocol. Finally, we also illustrate the protocol's insecurity against malicious clients by extending previously devised attacks for Federated Learning.

KW - ML security

KW - collaborative learning

KW - deep learning

UR - http://www.scopus.com/inward/record.url?scp=85119319144&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85119319144&partnerID=8YFLogxK

U2 - 10.1145/3460120.3485259

DO - 10.1145/3460120.3485259

M3 - Conference contribution

AN - SCOPUS:85119319144

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 2113

EP - 2129

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Y2 - 15 November 2021 through 19 November 2021

ER -

Unleashing the Tiger: Inference Attacks on Split Learning

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this