Real-world data is usually segmented by attributes and distributed across
different parties. Federated learning empowers collaborative training without
exposing local data or models. As we demonstrate through designed attacks, even
with a small proportion of corrupted data, an adversary can accurately infer
the input attributes. We introduce an adversarial learning based procedure
which tunes a local model to release privacy-preserving intermediate
representations. To alleviate the accuracy decline, we propose a defense method
based on the forward-backward splitting algorithm, which respectively deals
with the accuracy loss and privacy loss in the forward and backward gradient
descent steps, achieving the two objectives simultaneously. Extensive
experiments on a variety of datasets have shown that our defense significantly
mitigates privacy leakage with negligible impact on the federated learning

By admin