An attack aligns differently shuffled intermediate activations from secure Transformer inference queries to recover model weights with low error using roughly one dollar of queries.
arXiv preprint arXiv:2102.08504 , year=
2 Pith papers cite this work. Polarity classification is still indexing.
2
Pith papers citing it
fields
cs.CR 2representative citing papers
LADSG is a unified defense framework that reduces success rates of passive, active, and direct label inference attacks in VFL by 30-60% via label anonymization, gradient substitution, and norm-based filtering.
citing papers explorer
-
On the (In-)Security of the Shuffling Defense in the Transformer Secure Inference
An attack aligns differently shuffled intermediate activations from secure Transformer inference queries to recover model weights with low error using roughly one dollar of queries.
-
LADSG: Label-Anonymized Distillation and Similar Gradient Substitution for Label Privacy in Vertical Federated Learning
LADSG is a unified defense framework that reduces success rates of passive, active, and direct label inference attacks in VFL by 30-60% via label anonymization, gradient substitution, and norm-based filtering.