Data Reconstruction Attack Exploiting Word Embedding by Metaheuristic in Federated Learning of Language Models
Abstract: With the rapid advancements in computational linguistics, machine learning-driven natural language processing (NLP) systems have become essential tools across various industries. These systems significantly enhance data processing efficiency, particularly in text classification tasks. Federated training frameworks present a promising solution for improving data protection. However, the exchange of information during parameter updates still carries the risk of sensitive data leakage. In this context, we identify potential information security threats to text classifiers operating within federated training frameworks and systematically analyze the relationship between model parameters and training data. Based on our analysis, we propose a novel gradient-based data reconstruction attack technique, which leverages knowledge from the embedding layer, referred to as the Embedding Data Reconstruction (EDR) attack. Our approach begins by identifying a set of tokens derived from the gradients. We then process these tokens and employ a metaheuristic integrated framework that combines Simulated Annealing (SA) and Tabu Search (TS). This framework assists us in finding the optimal sentence ordering while avoiding local optima. Finally, we fine-tune the model using the gradients obtained from the embedding layer. Our experimental results demonstrate substantial improvements across multiple datasets, with the most significant enhancement observed in bigrams, showing an average increase of approximately 45%.
Paper Type: Long
Research Area: Language Modeling
Research Area Keywords: Language Model, Language Model, Data Reconstruction Attack, Deep Leakage, Word Embedding, Metaheuristic
Contribution Types: Model analysis & interpretability, Data analysis, Theory
Languages Studied: English
Submission Number: 6572
Loading