防禦拆分式學習中的資料重建攻擊

Abstract

拆分式學習是一種很有前景的協作學習架構，用於解決深度學習應用中的隱私問題。它有助於在不損害個人資料隱私的情況下進行協作神經網路訓練。然而，由於潛在的資料重建攻擊，即使參與者只分享中間特徵，也會威脅到參與者的隱私，因此如何在拆分式學習中保護隱私，仍然是一個巨大的挑戰。以往針對資料重建攻擊的防禦策略通常會導致模型效用顯著下降或需要高昂的計算成本。為了解決這些問題，我們提出了一種新的防禦方法--差分隱私隨機降採樣。這種防禦策略將隨機降採樣和雜訊應用到中間特徵中，在不增加大量計算成本的情況下，有效地實現了隱私與效用的平衡。在各種資料集上進行的實證分析表明，所提出的防禦方法優於現有的最先進方法，突出了它在不犧牲效用的情況下維護隱私的功能。

Split learning emerges as a promising collaborative learning framework addressing privacy concerns in deep learning applications. It facilitates collaborative neural network training without compromising individual data privacy. However, preserving privacy in split learning remains a substantial challenge due to potential data reconstruction attacks that threaten participants' privacy even when participants only share intermediate features. Previous defense strategies against data reconstruction attacks usually result in a significant drop in model utility or require high computational costs. To navigate these issues, we propose a novel defense method --- differentially private stochastic downsampling. This defense strategy applies stochastic downsampling and noise addition to intermediate features, effectively creating a privacy-utility balance without imposing substantial computational burdens. Empirical evaluations conducted on diverse datasets demonstrate the superiority of the proposed defense method over existing state-of-the-art methods, highlighting its efficacy in maintaining privacy without sacrificing utility.