
The authors propose a novel attack framework called Simulator Decoding with Adversarial Regularization (SDAR) that can effectively infer clients' private features and labels in both vanilla and U-shaped split learning settings, even in challenging scenarios where existing passive attacks struggle.


coremsg

passive-inference-attacks-on-split-learning-via-adversarial-regularization


Passive Inference Attacks on Split Learning via Adversarial Regularization
