Label Inference Attack Based on Soft Label Towards Two-Party Split Learning.

In Vertical Federated Learning, Split Learning has gained popularity as a technique where a neural network is split into two parts held by two parties. One party holds the input data, and another party holds the corresponding labels. The two parties exchange intermediate features and gradients of features to update the network parameters to preserve the privacy of the private data and network parameters. However, recent studies just utilized a small amount of auxiliary data to infer private labels. In the paper, we propose a label inference attack method based on soft label by leveraging the auxiliary data. To further enhance the performance of the attack method, we design a loss function that combines a gradient-matching loss and a model loss based on soft label. Our experimental evaluation is conducted on classification datasets, and the results demonstrate that our model has superior attack effectiveness and generalization capabilities.