DOI QR코드

DOI QR Code

A Study of Split Learning Model to Protect Privacy

프라이버시 침해에 대응하는 분할 학습 모델 연구

  • 유지현 (성균관대학교 소프트웨어학과) ;
  • 원동호 (성균관대학교 소프트웨어학과) ;
  • 이영숙 (호원대학교 IT소프트웨어보안학과)
  • Received : 2021.09.01
  • Accepted : 2021.09.30
  • Published : 2021.09.30

Abstract

Recently, artificial intelligence is regarded as an essential technology in our society. In particular, the invasion of privacy in artificial intelligence has become a serious problem in modern society. Split learning, proposed at MIT in 2019 for privacy protection, is a type of federated learning technique that does not share any raw data. In this study, we studied a safe and accurate segmentation learning model using known differential privacy to safely manage data. In addition, we trained SVHN and GTSRB on a split learning model to which 15 different types of differential privacy are applied, and checked whether the learning is stable. By conducting a learning data extraction attack, a differential privacy budget that prevents attacks is quantitatively derived through MSE.

현대의 인공지능은 사회를 구성하는 필수적인 기술로 여겨지고 있다. 특히, 인공지능에서 프라이버시 침해 문제는 현대 사회에서 심각한 문제로 자리 잡고 있다. 개인정보보호를 위해 2019년 MIT에서 제안된 분할 학습은 연합 학습의 기술 중 하나로 개인정보보호 효과를 지닌다. 본 연구에서는 데이터를 안전하게 관리하기 위해 알려진 차분 프라이버시를 이용하여 안전하고 정확한 분할 학습 모델을 연구한다. 또한, SVHN과 GTSRB 데이터 세트를 15가지의 차등적인 차분 프라이버시를 적용한 분할 학습 모델에 학습시키고 학습이 안정적으로 되는지를 확인한다. 최종적으로, 학습 데이터 추출 공격을 진행하여, 공격을 예방하는 차분 프라이버시 예산을 MSE를 통해 정량적으로 도출한다.

Keywords

References

  1. 송상훈(Ed.). 대한민국정책브리핑, "AI 챗봇'이루다' 관련 조사결과발표", Retrieved June 19, 2021, from https://www.korea.kr/news/policyBriefingView.do?newsId=156449232, 2021.
  2. 삼정KPMG 경제연구원, "음성 AI 시장의 동향과 비즈니스 기회", ISSUE MONITOR, 제 126호, 2020.
  3. Eunjung Jun, Hakbeom Kim, and Heungyoul Youm, "미국의 개인정보보호 법. 제도 동향", Review of KIISC 22.1 pp.47-57, 2012.
  4. Herve Chabanne, Amaury de Wargny, Jonathan Milgram, Constance Morel, Emmanuel Prouff, "Privacy-Preserving Classification on Deep Neural Network." IACR Cryptol. ePrint Arch, 2017.
  5. Mauro Barni,, Claudio Orlandi, Alessandro Piva, "A privacy-preserving protocol for neural-network-based computation." Proceedings of the 8th workshop on Multimedia and security, 2006.
  6. Menghan Liu, Haotian Jiang, Jia Chen, Alaa Badokhon, Xuetao Wei, and Mingchun Huang, "A collaborative privacy-preserving deep learning system in distributed mobile environment", IEEE International Conference on Computational Science and Computational Intelligence (CSCI), pp.192-197, 2016.
  7. Rigaki Maria, and Sebastian Garcia, "A survey of privacy attacks in machine learning" arXiv preprint arXiv:2007.07646, 2020.
  8. Jonghwan Ko, Taesik Na, Mohammad Faisal Amir, and Saibal Mukhopadhyay, "Edge-host partitioning of deep neural networks with feature space encoding for resource-constrained internet-of-things platforms", 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS), IEEE, pp.1-6, 2018.
  9. Teerapittayanon Surat, Bradley Mcdanel, and Hsiangtsung Kung, "Distributed deep neural networks over the cloud, the edge and end devices", 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), IEEE, pp.328-339, 2017.
  10. Shokri, Reza, and Vitaly Shmatikov, "Privacy-preserving deep learning", Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp.1310-1321, 2016.
  11. Le Trieu Phong, Yoshinori Aono, Takuya Hayashi, Lihua Wang, Shiho Moriai, "Privacy-preserving deep learning: Revisited and enhanced", International Conference on Applications and Techniques in Information Security. Springer, Singapore, pp.100-110, 2017.
  12. Seyed Ali Osia, Ali Shahin Shamsabadi, Sina Sajadmanesh, Ali Taheri, and Kleomenis Katevas, "A hybrid deep learning architecture for privacy-preserving mobile analytics", IEEE Internet of Things Journal 7(5), pp.4505-4518, 2020. https://doi.org/10.1109/jiot.2020.2967734
  13. Ji Wang, Jianguo Zhang, Weidong Bao, Xiaomin Zhu, Bokai Cao, and Philip S. Yu, "Not just privacy: Improving performance of private deep learning in mobile cloud" Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp.2407-2416, 2018.
  14. Aaron Harlap, Deepak Narayanan, Amar Phanishayee, Vivek Seshadri, Nikhil Devanur, Greg Ganger, and Phil Gibbons, "Pipedream: Fast and efficient pipeline parallel dnn training" arXiv preprint arXiv:1806.03377, 2018.
  15. Jakub Konecny, H. Brendan McMahan, Felix X. Yu, Peter Richtarik, Ananda Theertha Suresh, Dave Bacon, "Federated Learning: Strategies for Improving Communication Efficiency." NIPS Workshop on Private Multi-Party Machine Learning, 2016.
  16. Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, Ramesh Raskar. "Split learning for health: Distributed deep learning without sharing raw patient data." ICLR AI for social good workshop, 2019.
  17. 한국인터넷진흥원, "글로벌 기업의 차등 프라이버시 기술적용 오픈 소스 지원 현황", 2020.
  18. Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith, "Calibrating noise to sensitivity in private data analysis" Theory of cryptography conference. Springer, Berlin, Heidelberg, pp.265-284, 2006.
  19. Jihyeon Ryu, Yifeng Zheng, Yansong Gao, Sharif Abuadbba, Junyaup Kim, Dongho Won, Surya Nepal, Hyoungshick Kim, and Cong Wang, "Can Differential Privacy Practically Protect Collaborative Deep Learning Inference for the Internet of Things?" arXiv preprint arXiv:2104.03813, 2021.
  20. Krizhevsky, Alex, and Geoffrey Hinton, "Learning multiple layers of features from tiny images", 7, 2009.
  21. Yuval Netzer, Tao Wang, Adam Coates, Alessandro Bissacco, Bo Wu, and Andrew Y. Ng, "Reading digits in natural images with unsupervised feature learning", 2011.
  22. Peyman Hosseinzadeh Kassani, Andrew Beng Jin Teoh, "A new sparse model for traffic sign classification using soft histogram of oriented gradients." Applied Soft Computing, pp.231-246, 2017.
  23. Zecheng He, Tianwei Zhang, and Ruby B. Lee, "Model inversion attacks against collaborative inference" Proceedings of the 35th Annual Computer Security Applications Conference, pp.148-162, 2019.