Split Learning (SL) is a distributed learning framework renowned for its privacy-preserving features and minimal computational requirements. Previous research consistently highlights the potential privacy breaches in SL systems by server adversaries reconstructing training data. However, these studies often rely on strong assumptions or compromise system utility to enhance attack performance. This paper introduces a new semi-honest Data Reconstruction Attack on SL, named Feature-Oriented Reconstruction Attack (FORA). In contrast to prior works, FORA relies on limited prior knowledge, specifically that the server utilizes auxiliary samples from the public without knowing any client's private information. This allows FORA to conduct the attack stealthily and achieve robust performance. The key vulnerability exploited by FORA is the revelation of the model representation preference in the smashed data output by victim client. FORA constructs a substitute client through feature-level transfer learning, aiming to closely mimic the victim client's representation preference. Leveraging this substitute client, the server trains the attack model to effectively reconstruct private data. Extensive experiments showcase FORA's superior performance compared to state-of-the-art methods. Furthermore, the paper systematically evaluates the proposed method's applicability across diverse settings and advanced defense strategies.

翻译：摘要：分割学习是一种分布式学习框架，以其隐私保护特性和低计算需求而闻名。以往研究普遍指出，分割学习系统中服务器对手存在通过重构训练数据泄露隐私的风险，但这些研究往往依赖于强假设或牺牲系统效用以提升攻击性能。本文提出一种针对分割学习的新型半诚实数据重构攻击方法——面向特征的重构攻击。与现有工作不同，FORA依赖有限的先验知识（即服务器仅利用公开辅助样本，无需知晓任何客户端的私有信息），从而能够隐蔽实施攻击并保持稳健性能。FORA利用的核心漏洞是受害客户端输出的粉碎数据中暴露的模型表征偏好。通过特征级迁移学习构建替代客户端，FORA旨在精确模仿受害客户端的表征偏好，并借助该替代客户端训练攻击模型以高效重构私有数据。大量实验表明，FORA的性能优于现有最先进方法。此外，本文系统评估了所提方法在不同场景及先进防御策略下的适用性。