POST: Pruning Oriented Security for Inversion Attack in Edge-based Internet of Things

With the recent emergence of artificial intelligence (AI), edge users in industries and manufacturing have been extensively using AI-based services, which pose privacy and security risks to data. Distributed learning approaches deployed in the manufacturing industries help reduce data risks. However, traditional approaches cannot handle deep models as well as the scalability of edge-based internet of things (E-IoT) devices, especially in the manufacturing sector. Studies have proposed SplitFed learning (SFL) by combining split learning and the federated learning paradigm, but they fail to achieve an optimal trade-off between communication and computational limitations and are vulnerable to inversion attacks. We present a pruning-oriented security (POST) method that is designed around the SFL paradigm that not only helps in achieving a balance between communication and computation load for E-IoT devices, but also preserves the data and model privacy against inversion attacks. The POST leverages the concept of using a higher number of layers in the E-IoT devices, which restrains the attacker from reconstructing the outputs. Furthermore, the POST adds communication and computation constraints in the optimization function to reduce the overall cost of the method. The novel pruning method adopts the regularization and adversarial training approach to further improve the preservation of the privacy of intermediate features in the SFL paradigm. We conduct our experiments on publicly available datasets in real-world settings to illustrate the efficacy of the POST method in terms of preserving privacy while ensuring the best trade-off for communication and computation load.