Personalized Label Inference Attack in Federated Transfer Learning via Contrastive Meta Learning

Authors

  • Hanyu Zhao Beijing Institute of Technology
  • Zijie Pan City University of Macau
  • Yajie Wang Beijing Institute of Technology
  • Zuobin Ying City University of Macau
  • Lei Xu Beijing Institute of Technology
  • Yu-an Tan Beijing Institute of Technology

DOI:

https://doi.org/10.1609/aaai.v39i21.34438

Abstract

Federated Transfer Learning (FTL) is a popular approach to solve the problem of heterogeneous feature space and label distribution. Among the mainstream strategies for FTL, parameter decoupling, which balance the impact of a single global model and multiple personalized models under data heterogeneity, has attracted the attention of many researchers. However, few attacks have been proposed to evaluate the privacy risk of FTL. We find that the fine-tuned structures and the gradient update mechanisms of parameter decoupling would be more likely to leak personalized information for the server to infer private labels. Based on our findings, we propose the label inference attack that combines meta classifier with contrastive learning in FTL. Our experiments show that the proposed attack has ability to extract local personalized information from the differences before and after fine-tuning to improve the accuracy of the attack in the absence of a downstream model. Our research can reveal potential privacy risks in FTL and motivate more research on private and secure FTL.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Zhao, H., Pan, Z., Wang, Y., Ying, Z., Xu, L., & Tan, Y.- an. (2025). Personalized Label Inference Attack in Federated Transfer Learning via Contrastive Meta Learning. Proceedings of the AAAI Conference on Artificial Intelligence, 39(21), 22777–22785. https://doi.org/10.1609/aaai.v39i21.34438

Issue

Vol. 39 No. 21: AAAI-25 Technical Tracks 21

Section

AAAI Technical Track on Machine Learning VII