Abstract
A private learning scheme TextHide was recently proposed to protect the private text data during the training phase via so-called instance encoding. We propose a novel reconstruction attack to break TextHide by recovering the private training data, and thus unveil the privacy risks of instance encoding. We have experimentally validated the effectiveness of the reconstruction attack with two commonly-used datasets for sentence classification. Our attack would advance the development of privacy preserving machine learning in the context of natural language processing.- Anthology ID:
- 2021.emnlp-main.154
- Volume:
- Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing
- Month:
- November
- Year:
- 2021
- Address:
- Online and Punta Cana, Dominican Republic
- Editors:
- Marie-Francine Moens, Xuanjing Huang, Lucia Specia, Scott Wen-tau Yih
- Venue:
- EMNLP
- SIG:
- Publisher:
- Association for Computational Linguistics
- Note:
- Pages:
- 2038–2044
- Language:
- URL:
- https://aclanthology.org/2021.emnlp-main.154
- DOI:
- 10.18653/v1/2021.emnlp-main.154
- Cite (ACL):
- Shangyu Xie and Yuan Hong. 2021. Reconstruction Attack on Instance Encoding for Language Understanding. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pages 2038–2044, Online and Punta Cana, Dominican Republic. Association for Computational Linguistics.
- Cite (Informal):
- Reconstruction Attack on Instance Encoding for Language Understanding (Xie & Hong, EMNLP 2021)
- PDF:
- https://preview.aclanthology.org/naacl24-info/2021.emnlp-main.154.pdf
- Data
- CoLA, MultiNLI, SST, SST-2