Abstract

Split learning, a distributed learning framework, has garnered significant attention from academic and industrial communities. In contrast to federated learning, split learning offers a more flexible architecture for participants with limited computing resources. However, the security of split learning has been questioned due to the separation of data and model control rights from usage rights. Currently, most research work focuses on inference attacks in split learning. In this paper, we first reveal the vulnerability of split learning to backdoor attacks and present two backdoor attack frameworks from both the server and client perspectives. Regarding the client-side attacker, we insert backdoor samples into the training data by utilizing the client’s direct control over local data, and propose two methods for labeling backdoor samples that can be adapted to various application scenarios. Due to the server’s lack of control over the client in split learning, it is infeasible for server-side attackers to inject backdoor samples into training data. Our strategy involves leveraging the server’s control over the training process to shape the optimization direction of the client model, thereby enabling it to encode backdoor samples. Moreover, we introduce an auxiliary model into the attack framework to enhance the effectiveness of the backdoor attack. The auxiliary model can increase the distinction between backdoor samples and clean samples in the feature space to improve the sensitivity of the client model to backdoor samples. Extensive evaluations demonstrate the high attack accuracy of both proposed attack frameworks without causing any compromise to the performance of the main task. Our research uncovers the potential security risks and rings the alarm for the application of split learning.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.