A Deep Dive into FSHA Privacy Reconstruction Attacks
Tuesday, October 4, 2022
How can we enable privacy preserving deep learning on private data silos? This talk explores the vulnerabilities of a promising solution: split learning enhanced with differential privacy. We focus on FSHA (Feature Space Hijacking Attacks) reconstruction attacks using GAN. We describe the attacker’s neural network architecture. We follow with constructing and running an attack on distributed data silos. Finally, we analyse the successfully reconstructed private inputs and conclude with possible attack risk mitigations.