Model Extraction Attacks on Split Federated Learning

Li, Jingtao; Rakin, Adnan Siraj; Chen, Xing; Yang, Li; He, Zhezhi; Fan, Dongrui; Chakrabarti, Chaitali

doi:10.48550/arxiv.2303.08581

Cited by 2 publications

(12 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In finetuning case when the model is mostly static, attackers can obtain consistent gradient information through gradient queries. It is the consistent gradients that contribute to the success of MEAs such as Craft-ME and GAN-ME in (Li et al 2023b).…”

Section: Inconsistent Gradient Problemmentioning

confidence: 99%

“…These inconsistent gradients present a challenge for gradient-based MEAs to effectively utilize the gradient information. Prior works (Li et al 2023b) demonstrate that for training-from-scratch case, gradient-based MEAs result in a large accuracy drop of over 40% in the surrogate model.…”

Section: Inconsistent Gradient Problemmentioning

confidence: 99%

“…However, SFL also suffers from model leakage due to (1) availability of client-side models, and (2) access to gradients sent by the server to clients. It is demonstrated in (Li et al 2023b) that the client-side model along with a small amount of training data is enough to get an accurate model using Train-ME, a method that simply trains the server-side model from scratch. (Li et al 2023b) also mentions four other gradient-based attacks, which can succeed when the model parameters are fixed.…”

Section: Introductionmentioning

confidence: 99%

“…It is demonstrated in (Li et al 2023b) that the client-side model along with a small amount of training data is enough to get an accurate model using Train-ME, a method that simply trains the server-side model from scratch. (Li et al 2023b) also mentions four other gradient-based attacks, which can succeed when the model parameters are fixed. However, these attacks perform poorly, when the target model is changing such as in the trainingfrom-scratch case.…”

Section: Introductionmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

See 4 more Smart Citations

EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning

Li,

Chen,

Yang

et al. 2024

AAAI

View full text Add to dashboard Cite

Split Federated Learning (SFL) is an emerging edge-friendly version of Federated Learning (FL), where clients process a small portion of the entire model. While SFL was considered to be resistant to Model Extraction Attack (MEA) by design, a recent work shows it is not necessarily the case. In general, gradient-based MEAs are not effective on a target model that is changing, as is the case in training-from-scratch applications. In this work, we propose a strong MEA during the SFL training phase. The proposed Early-Mix-GAN (EMGAN) attack effectively exploits gradient queries regardless of data assumptions. EMGAN adopts three key components to address the problem of inconsistent gradients. Specifically, it employs (i) Early-learner approach for better adaptability, (ii) Multi-GAN approach to introduce randomness in generator training to mitigate mode collapse, and (iii) ProperMix to effectively augment the limited amount of synthetic data for a better approximation of the target domain data distribution. EMGAN achieves excellent results in extracting server-side models. With only 50 training samples, EMGAN successfully extracts a 5-layer server-side model of VGG-11 on CIFAR-10, with 7% less accuracy than the target model. With zero training data, the extracted model achieves 81.3% accuracy, which is significantly better than the 45.5% accuracy of the model extracted by the SoTA method. The code is available at "https://github.com/zlijingtao/SFL-MEA".

show abstract

Section: Inconsistent Gradient Problemmentioning

confidence: 99%

Section: Inconsistent Gradient Problemmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…

…”

mentioning

confidence: 99%

See 3 more Smart Citations

EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning

Li,

Chen,

Yang

et al. 2024

AAAI

View full text Add to dashboard Cite

show abstract

Split Federated Learning for 6G Enabled-Networks: Requirements, Challenges, and Future Directions

Hafi,

Brik,

Frangoudis

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Sixth-generation (6G) networks anticipate intelligently supporting a wide range of smart services and innovative applications. Such a context urges a heavy usage of Machine Learning (ML) techniques, particularly Deep Learning (DL), to foster innovation and ease the deployment of intelligent network functions/operations, which are able to fulfill the various requirements of the envisioned 6G services. The revolution of 6G networks is driven by massive data availability, moving from centralized and big data towards small and distributed data. This trend has motivated the adoption of distributed and collaborative ML/DL techniques. Specifically, collaborative ML/DL consists of deploying a set of distributed agents that collaboratively train learning models without sharing their data, thus improving data privacy and reducing the time/communication overhead. This work provides a comprehensive study on how collaborative learning can be effectively deployed over 6G wireless networks. In particular, our study focuses on Split Federated Learning (SFL), a technique that recently emerged promising better performance compared with existing collaborative learning approaches. We first provide an overview of three emerging collaborative learning paradigms, including federated learning, split learning, and split federated learning, as well as of 6G networks along with their main vision and timeline of key developments. We then highlight the need for split federated learning towards the upcoming 6G networks in every aspect, including 6G technologies (e.g., intelligent physical layer, intelligent edge computing, zero-touch network management, intelligent resource management) and 6G use cases (e.g., smart grid 2.0, Industry 5.0, connected and autonomous systems). Furthermore, we review existing datasets along with frameworks that can help in implementing SFL for 6G networks. We finally identify key technical challenges, open issues, and future research directions related to SFL-enabled 6G networks.INDEX TERMS 6G networks, wireless communication, federated deep learning, split deep learning, split federated learning.

show abstract

Model Extraction Attacks on Split Federated Learning

Cited by 2 publications

References 23 publications

EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning

EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning

Split Federated Learning for 6G Enabled-Networks: Requirements, Challenges, and Future Directions

Contact Info

Product

Resources

About