Collaborative machine learning and related techniques such as distributed and federated learning allow multiple participants, each with his own training dataset, to build a joint model. Participants train local models and periodically exchange model parameters or gradient updates computed during the training. We demonstrate that the training data used by participants in collaborative learning is vulnerable to inference attacks. First, we show that an adversarial participant can infer the presence of exact data points in others' training data (i.e., membership inference). Then, we demonstrate that the adversary can infer properties that hold only for a subset of the training data and are independent of the properties that the joint model aims to capture. We evaluate the efficacy of our attacks on a variety of tasks, datasets, and learning configurations, and conclude with a discussion of possible defenses.

合作式机器学习及联邦学习等技术让多个参与者通过本地训练和定期更新模型来建立一个联合模型，但我们展示了这些更新泄露了关于参与者训练数据的信息并开发了被动和主动攻击来利用泄露，我们在各种任务，数据集和学习配置中评估我们的攻击，并分析其局限性和可能的防御。

协作学习中的意外特征泄漏利用