Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning
Andron00e
Abstract
Vertical Federated Learning (VFL) aims to enable collaborative training of deep learning models while maintaining privacy protection. However, the VFL procedure still has components that are vulnerable to attacks by malicious parties. In our work, we consider feature reconstruction attacks, a common risk targeting input data compromise. We theoretically claim that feature reconstruction attacks cannot succeed without knowledge of the prior distribution on data. Consequently, we demonstrate that even simple model architecture transformations can significantly impact the protection of input data during VFL. Confirming these findings with experimental results, we show that MLP-based models are resistant to state-of-the-art feature reconstruction attacks.
Community
The authors prove that without additional information about the prior distribution on the
data, the feature reconstruction attack in Split Learning cannot be performed even on a one-layer
(dense) client-side model. For MLP-based models they state the server’s inability to reconstruct
the activations in the hidden-space. Additionally, they provably guarantee that (semi)orthogonal
transformations in the client data and weights initialization do not change the transmitted activations
during training under the GD-like algorithms, and also do not
affect convergence for Adam-like algorithms.The authors show that Hijacking and Model Inversion attacks fail on MLP-based models
without any additional changes. They show the effectiveness of our approach against the UnSplit and Feature-space Hijacking attacks on popular community datasets and argue
that feature reconstruction attacks can be prevented without resorting to any of the defenses, while
preserving the model accuracy on the main task. In addition, these findings can be combined with any
of the defense frameworks
The authors' findings are also valid for small models:
This is an automated message from the Librarian Bot. I found the following papers similar to this paper.
The following papers were recommended by the Semantic Scholar API
- Tazza: Shuffling Neural Network Parameters for Secure and Private Federated Learning (2024)
- FEDLAD: Federated Evaluation of Deep Leakage Attacks and Defenses (2024)
- Optimal Defenses Against Gradient Reconstruction Attacks (2024)
- Attribute Inference Attacks for Federated Regression Tasks (2024)
- Vertical Federated Unlearning via Backdoor Certification (2024)
- Double Whammy: Stealthy Data Manipulation aided Reconstruction Attack on Graph Federated Learning (2024)
- BadSFL: Backdoor Attack against Scaffold Federated Learning (2024)
Please give a thumbs up to this comment if you found it helpful!
If you want recommendations for any Paper on Hugging Face checkout this Space
You can directly ask Librarian Bot for paper recommendations by tagging it in a comment:
@librarian-bot
recommend
Models citing this paper 0
No model linking this paper
Datasets citing this paper 0
No dataset linking this paper
Spaces citing this paper 0
No Space linking this paper
Collections including this paper 0
No Collection including this paper