Split learning (SL) enables data privacy preservation by allowing clients to collaboratively train a deep learning model with the server without sharing raw data. However, SL still has limitations such as potential data privacy leakage and high computation for clients. In this paper, we propose to binarize the SL local layers for faster computation (up to 17.5 times less forward-propagation time in both training and inference phases on mobile devices) and reduced memory usage (up to 32 times less memory and bandwidth requirements). More importantly, the binarized SL (B-SL) model can reduce privacy leakage from SL smashed data with merely a small degradation in model accuracy. To further enhance privacy preservation, we also propose two novel approaches: 1) training with additional local leak loss and 2) applying differential privacy, which could be integrated separately or concurrently into the B-SL model. Experimental results with different datasets have affirmed the benefits of the B-SL models compared with several benchmark models. The effectiveness of B-SL models against feature-space hijacking attack (FSHA) is also illustrated. Our results have demonstrated B-SL models are promising for lightweight IoT/mobile applications with high privacy-preservation requirements such as mobile healthcare applications.

中文翻译：

---

二值化分割学习以增强数据隐私并减少计算量


拆分学习 (SL) 允许客户端与服务器协作训练深度学习模型，而无需共享原始数据，从而实现数据隐私保护。然而，SL仍然存在潜在的数据隐私泄露和客户端计算量大等局限性。在本文中，我们建议对 SL 局部层进行二值化，以实现更快的计算（移动设备上的训练和推理阶段的前向传播时间最多减少 17.5 倍）并减少内存使用（内存和带宽要求最多减少 32 倍） 。更重要的是，二值化 SL (B-SL) 模型可以减少 SL 粉碎数据带来的隐私泄露，而模型精度仅略有下降。为了进一步增强隐私保护，我们还提出了两种新颖的方法：1）使用额外的局部泄漏损失进行训练；2）应用差分隐私，可以单独或同时集成到 B-SL 模型中。不同数据集的实验结果证实了 B-SL 模型与几个基准模型相比的优势。还说明了 B-SL 模型对抗特征空间劫持攻击 (FSHA) 的有效性。我们的结果表明，B-SL 模型对于具有高隐私保护要求的轻量级物联网/移动应用（例如移动医疗应用）很有前景。