Core Concepts
The vulnerability of split learning to label inference attacks based on similarity measurements is demonstrated, highlighting the need for robust privacy protection mechanisms.
Abstract
The content discusses a study on the vulnerability of split learning to label inference attacks based on similarity measurements. It introduces the concept of split learning and its significance in privacy-preserving distributed learning. The study analyzes the potential label leakages in split learning and proposes cosine and Euclidean similarity measurements for gradients and smashed data. Three label inference attack approaches are presented: Euclidean-distance-based, clustering, and transfer learning. Experimental evaluations are conducted on six datasets using different models, showcasing the effectiveness of the proposed attacks.
Structure:
Introduction to Split Learning
Analysis of Possible Label Leakages
Proposed Label Inference Attacks
Experiments and Results
Stats
The proposed approaches can achieve close to 100% accuracy in label inference attacks.
The study validates that even without knowledge of the victim's top model, gradients or smashed data at the cut layer can reveal private labels.