Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hijack Vertical Federated Learning Models As One Party

Pengyu Qiu, Xuhong Zhang, Shouling Ji, Changjiang Li, Yuwen Pu, Xing Yang, Ting Wang

TL;DR

A line of works studying computing efficiency and fast implementation of vertical federated learning frameworks finds that the security of VFL's model remains underexplored.

Abstract

Vertical federated learning (VFL) is an emerging paradigm that enables collaborators to build machine learning models together in a distributed fashion. In general, these parties have a group of users in common but own different features. Existing VFL frameworks use cryptographic techniques to provide data privacy and security guarantees, leading to a line of works studying computing efficiency and fast implementation. However, the security of VFL's model remains underexplored.

Hijack Vertical Federated Learning Models As One Party

TL;DR

A line of works studying computing efficiency and fast implementation of vertical federated learning frameworks finds that the security of VFL's model remains underexplored.

Abstract

Vertical federated learning (VFL) is an emerging paradigm that enables collaborators to build machine learning models together in a distributed fashion. In general, these parties have a group of users in common but own different features. Existing VFL frameworks use cryptographic techniques to provide data privacy and security guarantees, leading to a line of works studying computing efficiency and fast implementation. However, the security of VFL's model remains underexplored.
Paper Structure (45 sections, 12 equations, 11 figures, 7 tables, 3 algorithms)

This paper contains 45 sections, 12 equations, 11 figures, 7 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Motivation
  3. Preliminaries
  4. Byzantine Generals Problem
  5. Deep Neural Networks
  6. Vertical Federated Learning
  7. Threat Model
  8. Methodology
  9. Overview of Attack Pipeline
  10. Adversary's Knowledge: $\mathcal{K}=(\mathcal{P},\times)$
  11. Adversary's Knowledge: $\mathcal{K}=(\mathcal{P},\mathcal{L}_{t})$
  12. Adversary's Knowledge: $\mathcal{K}=(\times,\mathcal{L}_{a})$
  13. Experimental Setup
  14. Datasets
  15. Models and Default Parameters
  16. ...and 30 more sections

Figures (11)

  • Figure 1: An illustration of VFL is presented. In this scenario, Participant A, a financial company, holds features 1 and 2, while Participant B, a bank, possesses features 3 and 4. The two parties collaborate to train a model for predicting loan approval.
  • Figure 2: The overview of the attack pipeline. 1) refers to the poisoning phase if $\mathcal{K}$ contains $\mathcal{L}_{t}$. 2) refers to the preparing phase, where the adversary use $\mathcal{K}$ to conduct the replay attack and the generation attack. This part also includes the case when $\mathcal{P}$ is unavailable and the adversary uses $\mathcal{L}_{a}$ to train a surrogate model instead. 3) refers to the replacing phase, which is after preparing the embedding $\textbf{v}_{adv}$, and the adversary replaces his/her embedding with $\textbf{v}_{adv}$ for the target sample.
  • Figure 3: Attack performance with $\mathcal{K}=(\mathcal{P},\times)$. The x-axis represents the feature ratio of the adversary. The y-axis represents the ASR.
  • Figure 4: Attack performance with $\mathcal{K}=(\mathcal{P},\mathcal{L}_t)$. The x-axis represents the feature ratio of the adversary. The y-axis represents the ASR. The solid line refers to the attack performance with $\mathcal{K}=(\mathcal{P},\mathcal{L}_t)$, while the dashed line represents the corresponding attack performance with $\mathcal{K}=(\mathcal{P},\times)$.
  • Figure 5: Attack performance with $\mathcal{K}=(\times,\mathcal{L}_a)$. The x-axis represents the feature ratio of the adversary. The y-axis represents the ASR.
  • ...and 6 more figures

Theorems & Definitions (1)

  • Definition 1: Byzantine Generals Problem