Security Analysis of SplitFed Learning

TL;DR

This paper empirically analyzes the robustness of SplitFed learning against model poisoning attacks, showing it is more resilient than Federated Learning due to lower model dimensionality and resulting in less accuracy degradation.

Contribution

First empirical study demonstrating SplitFed's enhanced robustness to poisoning attacks compared to Federated Learning, highlighting the impact of model dimensionality on security.

Findings

SplitFed has smaller model update dimensionality than FL.

SplitFed's accuracy reduction under attack is 5 times lower than FL.

Lower dimensionality in SplitFed enhances its robustness to poisoning attacks.

Abstract

Split Learning (SL) and Federated Learning (FL) are two prominent distributed collaborative learning techniques that maintain data privacy by allowing clients to never share their private data with other clients and servers, and fined extensive IoT applications in smart healthcare, smart cities, and smart industry. Prior work has extensively explored the security vulnerabilities of FL in the form of poisoning attacks. To mitigate the effect of these attacks, several defenses have also been proposed. Recently, a hybrid of both learning techniques has emerged (commonly known as SplitFed) that capitalizes on their advantages (fast training) and eliminates their intrinsic disadvantages (centralized model updates). In this paper, we perform the first ever empirical analysis of SplitFed's robustness to strong model poisoning attacks. We observe that the model updates in SplitFed have significantly smaller dimensionality as compared to FL that is known to have the curse of dimensionality. We show that large models that have higher dimensionality are more susceptible to privacy and security attacks, whereas the clients in SplitFed do not have the complete model and have lower dimensionality, making them more robust to existing model poisoning attacks. Our results show that the accuracy reduction due to the model poisoning attack is 5x lower for SplitFed compared to FL.