secretflow
Add split learning sim_lia method (IEEE2024)
Type of change
- [x] Add new papers (Please tell us why you think this paper is awesome!)
- [ ] Fix the category of an existing paper/papers (Please tell us the reasons)
- [ ] Add a new tool/primitive/application with a new markdown page (Thank you! Also, please tell us more about this awesome thing!)
Description Here's the English translation of the PR content:
Added the sim_lia algorithm, based on the 2024 IEEE paper "Similarity-based Label Inference Attack against Training and Inference of Split Learning." https://ieeexplore.ieee.org/document/10411061
The method is based on cosine distance and Euclidean distance of smashed data and gradients. The attack can be distance-based or clustering-based, with the following options:
availabel_data_type = ["feature", "grad"]
availabel_attack_method = ["k-means", "distance"]
availabel_distance_metric = ["euclidean", "cosine"]
all_availabel_options = {
"k-means": ["feature", "grad"],
"distance": {
"cosine": ["feature", "grad"],
"euclidean": ["feature", "grad"],
},
}
Due to its generality, it can be used in a wide range of scenarios. Currently, its attack performance on autoattack is as follows:
| App | Epoch | Acc | Attack Acc |
|---|---|---|---|
| ResNet20 Cifar10 | 2 | 43.336% | 29.636% |
| ResNet18 Cifar10 | 10 | 88.077% | 99.122% |
| CNN Cifar10 | 10 | 86.467% | 77.458% |
| VGG16 Cifar10 | 10 | 82.748% | 50.184% |
| ResNet18 MNIST | 5 | 98.834% | 82.813% |
| VGG16 MNIST | 1 | 79.949% | 55.935% |
In addition, fixed the incorrect import issues in benchmark_examples caused by the previous SecretFlow refactoring.
Stale pull request message. Please comment to remove stale tag. Otherwise this pr will be closed soon.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}