A Stealthy Wrongdoer: Feature-Oriented Reconstruction Attack against Split Learning

TL;DR

This paper presents FORA, a novel semi-honest attack on split learning that reconstructs private data using limited prior knowledge and feature-level transfer learning, revealing vulnerabilities even under defense strategies.

Contribution

Introduces a stealthy, semi-honest data reconstruction attack on split learning that requires minimal prior knowledge and exploits model representation preferences.

Findings

FORA outperforms existing attack methods in data reconstruction quality.

The attack remains effective across various settings and defense strategies.

It reveals a new vulnerability in split learning models.

Abstract

Split Learning (SL) is a distributed learning framework renowned for its privacy-preserving features and minimal computational requirements. Previous research consistently highlights the potential privacy breaches in SL systems by server adversaries reconstructing training data. However, these studies often rely on strong assumptions or compromise system utility to enhance attack performance. This paper introduces a new semi-honest Data Reconstruction Attack on SL, named Feature-Oriented Reconstruction Attack (FORA). In contrast to prior works, FORA relies on limited prior knowledge, specifically that the server utilizes auxiliary samples from the public without knowing any client's private information. This allows FORA to conduct the attack stealthily and achieve robust performance. The key vulnerability exploited by FORA is the revelation of the model representation preference in the smashed data output by victim client. FORA constructs a substitute client through feature-level transfer learning, aiming to closely mimic the victim client's representation preference. Leveraging this substitute client, the server trains the attack model to effectively reconstruct private data. Extensive experiments showcase FORA's superior performance compared to state-of-the-art methods. Furthermore, the paper systematically evaluates the proposed method's applicability across diverse settings and advanced defense strategies.