Feature Space Hijacking Attacks against Differentially Private Split Learning. (arXiv:2201.04018v1 [cs.CR])

Web: http://arxiv.org/abs/2201.04018

Split learning and differential privacy are technologies with growing
potential to help with privacy-compliant advanced analytics on distributed
datasets. Attacks against split learning are an important evaluation tool and
have been receiving increased research attention recently. This work's
contribution is applying a recent feature space hijacking attack (FSHA) to the
learning process of a split neural network enhanced with differential privacy
(DP), using a client-side off-the-shelf DP optimizer. The FSHA attack obtains
client's private data reconstruction with low error rates …

attacks hijacking learning space