Split Happens: Combating Advanced Threats with Split Learning and Function Secret Sharing

TL;DR

This paper introduces SplitHappens, a secure U-shaped split learning framework enhanced with Function Secret Sharing, which improves data privacy, reduces costs, and defends against modern attacks in machine learning models.

Contribution

It extends FSS-enhanced split learning to U-shaped models, providing higher security and privacy, especially for label confidentiality, while maintaining efficiency and accuracy.

Findings

Reduces communication and computational costs compared to standard FSS.

Maintains model accuracy comparable to traditional methods.

Enhances security against modern model inversion and label inference attacks.

Abstract

Split Learning (SL) -- splits a model into two distinct parts to help protect client data while enhancing Machine Learning (ML) processes. Though promising, SL has proven vulnerable to different attacks, thus raising concerns about how effective it may be in terms of data privacy. Recent works have shown promising results for securing SL through the use of a novel paradigm, named Function Secret Sharing (FSS), in which servers obtain shares of a function they compute and operate on a public input hidden with a random mask. However, these works fall short in addressing the rising number of attacks which exist on SL. In SplitHappens, we expand the combination of FSS and SL to U-shaped SL. Similarly to other works, we are able to make use of the benefits of SL by reducing the communication and computational costs of FSS. However, a U-shaped SL provides a higher security guarantee than previous works, allowing a client to keep the labels of the training data secret, without having to share them with the server. Through this, we are able to generalize the security analysis of previous works and expand it to different attack vectors, such as modern model inversion attacks as well as label inference attacks. We tested our approach for two different convolutional neural networks on different datasets. These experiments show the effectiveness of our approach in reducing the training time as well as the communication costs when compared to simply using FSS while matching prior accuracy.