{"id":19072290,"url":"https://github.com/andron00e/jast","last_synced_at":"2026-05-18T11:30:21.603Z","repository":{"id":268534534,"uuid":"844508012","full_name":"Andron00e/JAST","owner":"Andron00e","description":"''Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning''","archived":false,"fork":false,"pushed_at":"2024-12-19T18:00:59.000Z","size":3978,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-02T16:45:13.708Z","etag":null,"topics":["feature-reconstruction","privacy","split-learning","vertical-federated-learning"],"latest_commit_sha":null,"homepage":"https://arxiv.org/abs/2412.11689","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Andron00e.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-19T12:04:30.000Z","updated_at":"2024-12-19T18:01:03.000Z","dependencies_parsed_at":"2024-12-17T11:41:33.476Z","dependency_job_id":null,"html_url":"https://github.com/Andron00e/JAST","commit_stats":null,"previous_names":["andron00e/jast"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andron00e%2FJAST","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andron00e%2FJAST/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andron00e%2FJAST/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Andron00e%2FJAST/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Andron00e","download_url":"https://codeload.github.com/Andron00e/JAST/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240122616,"owners_count":19751145,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["feature-reconstruction","privacy","split-learning","vertical-federated-learning"],"created_at":"2024-11-09T01:36:34.742Z","updated_at":"2026-05-18T11:30:18.925Z","avatar_url":"https://github.com/Andron00e.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Supplementary code for \"Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning\"\n[![arXiv](https://img.shields.io/badge/arXiv-2401.06766-b31b1b.svg)](https://arxiv.org/abs/2412.11689)\n\nThis code comes jointly with reference:\n\n\u003e Andrei Semenov, Philip Zmushko, Alexander Pichugin, Aleksandr Beznosikov. \"Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning\".\n\nDate:    August 2024\n\n## How to install\n\n```bash\ngit clone https://github.com/Andron00e/JAST\ncd JAST\npip install -r requirements.txt\n```\n\n## Repository structure\n\n* \u003cins\u003eunsplit\u003c/ins\u003e contains examples of defense against the Model Inversion attack on MLPs, and differentially private protection for both CNN and MLP architectures.\n* In \u003cins\u003efsha\u003c/ins\u003e , you may find the code for Hijacking attack on models with and without the dense layer and make sure of the data protection.\n* In the \u003cins\u003eresults\u003c/ins\u003e folder, we store the necessary figures from the experiments.\n* Please, run  ```FSHA.ipynb```, ```model_inversion_stealing.ipynb```, ```dp_defense.ipynb``` and ```mlp_mixer_model_inversion.ipynb``` to observe the defense results at your convenience.\n\n## Implementation details\n\nIn our code, we consider the defense against the Model Inversion attack from [\"UnSplit\" (Erdogan et al., 2022)](https://arxiv.org/abs/2108.09033) ([code](https://github.com/ege-erdogan/unsplit)) and Feature-Space-Hijacking attack (FSHA) from [\"Unleashing the Tiger\" (Pasquini et al., 2021)](https://arxiv.org/abs/2012.02670) ([code](https://github.com/pasquini-dario/SplitNN_FSHA)).\n\nIn both cases, the necessary hyperparameters are required, we list them below:\n\n- Common arguments for Split Learning protocol are: ```batch_size```, ```split_layer```, ```dataset_name```, ```device```, ```n_epochs```, ```architecture```.\n- We conduct all experiments on ```mnist```, ```f_mnist``` and ```cifar10``` datasets, for this purposes assign the proper name to ```dataset_name```. And the main hyperparameter for validating our results is ```split_layer```, feel free to set its number from ```1``` to ```6```. \n- Set the ```architecture``` to either ```mlp```, ```cnn``` or ```mlp-mixer```. In case of ```cnn``` you will see the original performance of *UnSplit* and *FSHA* (except of the DP setup).\nBelow, we describe the changes for the two mentioned settings.\n\n- \u003cins\u003efsha\u003c/ins\u003e folder:\n    - For *FSHA* we use some special hyperparameters: ```WGAN```, ```gradient_penalty```, ```style_loss```, ```lr_f```, ```lr_tilde```, ```lr_D```. These hyperparameters refer to the training of the encoder, decoder, and discriminator networks; we took them from the original implementation (see [code](https://github.com/pasquini-dario/SplitNN_FSHA/blob/main/FSHA.ipynb)) and did not change them in our work.\n    - The changes occur in ```architectures.py```, where we introduce ```pilot_mlp```, ```discriminator_mlp``` and left the same ```pilot_cnn```  with ```discriminator_cnn```.  Set the ```architecture``` value to ```mlp``` to observe the *FSHA* on mlp-based model, while the core architecture in ```cnn``` case is ```resnet```.\n\n- \u003cins\u003eunsplit\u003c/ins\u003e folder:\n    - For *UnSplit* we mention other special hyperparameters: ```lr```, ```main_iters```,```input_iters```, ```model_iters```, ```lambda_l2```, ```lambda_tv```. We suggest configuring them as laid out in our work (```0.001```, ```200```, ```20```, ```20```, ```0.1```, ```1.```) for efficient reproduction of the results. We also stress that ```lambda_l2``` regularizer was not mentioned in the original *UnSplit* paper's model inversion attack algorithm. We also validate the performance of the UnSplit attack on CIFAR10. Int his setup, we decided to use the MLP-Mixer [Tolstikhin et al., 2021](https://arxiv.org/abs/2105.01601) architecture, following the PyTorch [implementation](https://github.com/omihub777/MLP-Mixer-CIFAR). In this case, the hypermarameters values are increased, instead of the ```n_epochs=50``` for CNN-based models, we trained MLPMixer from scratch for ```n_epochs=50```. In addition, we use a ```GradualWarmupScheduler```.\n    - When it comes to the DP setting, we use the same training hyperparameters as those used in defense with MLPs against *UnSplit*. The difference lies in the code for adding noise to the dataloader. The key hyperparameters, in this case, are: ```epsilon``` and ```delta``` for the global $\\ell_2$ sensitivity. We use ```calibrateAnalyticGaussianMechanism``` from [Borja Balle et al., 2018](https://arxiv.org/abs/1805.06530) [code](https://github.com/BorjaBalle/analytic-gaussian-mechanism/blob/master/agm-example.py) to calculate ```sigma``` for each of the mentioned datasets. For achieving a proper utility-privacy trade-off, we suggest picking ```epsilon=6```, ```delta=0.5```, ```n_epochs=20``` for ```mnist``` and ```f_mnist``` (so the value of $\\sigma$ equals to ```1.6``` and ```2.6```, respectively).\n    - We also conducted an experiments on the DP defense for the CIFAR10 dataset, which we report in Table 3.  For these experiments, please refer to the ```additional_dp_experiments.ipynb```. We used ```n_epochs=50``` and ```epsilon```, ```delta``` that result in ```sigma=0.25``` for CIFAR10.\n\n**We believe the details provided are clear enough to reproduce the main findings of our paper.**\n\n\n```bib\n@misc{semenov2024justsimpletransformationdata,\n      title={Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning}, \n      author={Andrei Semenov and Philip Zmushko and Alexander Pichugin and Aleksandr Beznosikov},\n      year={2024},\n      eprint={2412.11689},\n      archivePrefix={arXiv},\n      primaryClass={cs.LG},\n      url={https://arxiv.org/abs/2412.11689}, \n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandron00e%2Fjast","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandron00e%2Fjast","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandron00e%2Fjast/lists"}