As a privacy-preserving method for implementing Vertical Federated Learning, Split Learning has been extensively researched. However, numerous studies have indicated that the privacy-preserving capability of Split Learning is insufficient. In this paper, we primarily focus on label inference attacks in Split Learning under regression setting, which are mainly implemented through the gradient inversion method. To defend against label inference attacks, we propose Random Label Extension (RLE), where labels are extended to obfuscate the label information contained in the gradients, thereby preventing the attacker from utilizing gradients to train an attack model that can infer the original labels. To further minimize the impact on the original task, we propose Model-based adaptive Label Extension (MLE), where original labels are preserved in the extended labels and dominate the training process. The experimental results show that compared to the basic defense methods, our proposed defense methods can significantly reduce the attack model's performance while preserving the original task's performance.

翻译：作为实现纵向联邦学习的隐私保护方法，分割学习已得到广泛研究。然而，大量研究表明分割学习的隐私保护能力尚不充分。本文主要关注回归设定下分割学习中的标签推断攻击，此类攻击主要通过梯度反演方法实现。为防御标签推断攻击，我们提出随机标签扩展（RLE）方法，通过扩展标签来混淆梯度中包含的标签信息，从而阻止攻击者利用梯度训练能够推断原始标签的攻击模型。为尽可能减小对原始任务的影响，我们进一步提出基于模型的自适应标签扩展（MLE）方法，其中原始标签在扩展标签中得以保留并主导训练过程。实验结果表明，与基础防御方法相比，本文提出的防御方法能够在保持原始任务性能的同时，显著降低攻击模型的性能。