CAFE: Catastrophic Data Leakage in Vertical Federated Learning

Xiao Jin, Pin Yu Chen, Chia Yi Hsu, Chia Mu Yu, Tianyi Chen

研究成果: Conference contribution同行評審

89 引文 斯高帕斯(Scopus)

摘要

Recent studies show that private training data can be leaked through the gradients sharing mechanism deployed in distributed machine learning systems, such as federated learning (FL). Increasing batch size to complicate data recovery is often viewed as a promising defense strategy against data leakage. In this paper, we revisit this defense premise and propose an advanced data leakage attack with theoretical justification to efficiently recover batch data from the shared aggregated gradients. We name our proposed method as catastrophic data leakage in vertical federated learning (CAFE). Comparing to existing data leakage attacks, our extensive experimental results on vertical FL settings demonstrate the effectiveness of CAFE to perform large-batch data leakage attack with improved data recovery quality. We also propose a practical countermeasure to mitigate CAFE. Our results suggest that private data participated in standard FL, especially the vertical case, have a high risk of being leaked from the training gradients. Our analysis implies unprecedented and practical data leakage risks in those learning settings. The code of our work is available at https://github.com/DeRafael/CAFE.

原文English
主出版物標題Advances in Neural Information Processing Systems 34 - 35th Conference on Neural Information Processing Systems, NeurIPS 2021
編輯Marc'Aurelio Ranzato, Alina Beygelzimer, Yann Dauphin, Percy S. Liang, Jenn Wortman Vaughan
發行者Neural information processing systems foundation
頁面994-1006
頁數13
ISBN(電子)9781713845393
出版狀態Published - 2021
事件35th Conference on Neural Information Processing Systems, NeurIPS 2021 - Virtual, Online
持續時間: 6 12月 202114 12月 2021

出版系列

名字Advances in Neural Information Processing Systems
2
ISSN(列印)1049-5258

Conference

Conference35th Conference on Neural Information Processing Systems, NeurIPS 2021
城市Virtual, Online
期間6/12/2114/12/21

指紋

深入研究「CAFE: Catastrophic Data Leakage in Vertical Federated Learning」主題。共同形成了獨特的指紋。

引用此