EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning

Authors

  • Jingtao Li Sony AI
  • Xing Chen Arizona State University
  • Li Yang University of North Carolina at Charlotte
  • Adnan Siraj Rakin Binghamton University (SUNY)
  • Deliang Fan Johns Hopkins University
  • Chaitali Chakrabarti Arizona State University

DOI:

https://doi.org/10.1609/aaai.v38i12.29258

Keywords:

ML: Distributed Machine Learning & Federated Learning, CV: Adversarial Attacks & Robustness

Abstract

Split Federated Learning (SFL) is an emerging edge-friendly version of Federated Learning (FL), where clients process a small portion of the entire model. While SFL was considered to be resistant to Model Extraction Attack (MEA) by design, a recent work shows it is not necessarily the case. In general, gradient-based MEAs are not effective on a target model that is changing, as is the case in training-from-scratch applications. In this work, we propose a strong MEA during the SFL training phase. The proposed Early-Mix-GAN (EMGAN) attack effectively exploits gradient queries regardless of data assumptions. EMGAN adopts three key components to address the problem of inconsistent gradients. Specifically, it employs (i) Early-learner approach for better adaptability, (ii) Multi-GAN approach to introduce randomness in generator training to mitigate mode collapse, and (iii) ProperMix to effectively augment the limited amount of synthetic data for a better approximation of the target domain data distribution. EMGAN achieves excellent results in extracting server-side models. With only 50 training samples, EMGAN successfully extracts a 5-layer server-side model of VGG-11 on CIFAR-10, with 7% less accuracy than the target model. With zero training data, the extracted model achieves 81.3% accuracy, which is significantly better than the 45.5% accuracy of the model extracted by the SoTA method. The code is available at "https://github.com/zlijingtao/SFL-MEA".
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Li, J., Chen, X., Yang, L., Rakin, A. S., Fan, D., & Chakrabarti, C. (2024). EMGAN: Early-Mix-GAN on Extracting Server-Side Model in Split Federated Learning. Proceedings of the AAAI Conference on Artificial Intelligence, 38(12), 13545-13553. https://doi.org/10.1609/aaai.v38i12.29258

Issue

Vol. 38 No. 12: AAAI-24 Technical Tracks 12

Section

AAAI Technical Track on Machine Learning III