Abstract
Binding decentralized data and computing resources together, collaborative learning is currently a booming research area for the application requirements of efficiency and privacy. However, a lot of work has shown that this may still expose record-level or statistical information of private local data. This paper aims to implement subject-level privacy inference during the training phase. The subject is the data source the training data comes from, such as a person or certain environment. Based on auxiliary local data, gradient and intermediate output, we present passive and active property inference attack on the lack of training data of target subject. In the active attack, we choose a very innovative approach - CycleGAN that reconstructs impacts of data with certain properties on the global model. We test our algorithms on 2 public image datasets, and give a comprehensive analysis of the privacy leakage in subject property inference attack.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
