HashVFL: Defending Against Data Reconstruction Attacks in Vertical
Federated Learning
- URL: http://arxiv.org/abs/2212.00325v2
- Date: Mon, 22 Jan 2024 02:56:53 GMT
- Title: HashVFL: Defending Against Data Reconstruction Attacks in Vertical
Federated Learning
- Authors: Pengyu Qiu, Xuhong Zhang, Shouling Ji, Chong Fu, Xing Yang, Ting Wang
- Abstract summary: We propose HashVFL, which integrates hashing and simultaneously achieves learnability, bit balance, and consistency.
Experimental results indicate that HashVFL effectively maintains task performance while defending against data reconstruction attacks.
- Score: 44.950977556078776
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Vertical Federated Learning (VFL) is a trending collaborative machine
learning model training solution. Existing industrial frameworks employ secure
multi-party computation techniques such as homomorphic encryption to ensure
data security and privacy. Despite these efforts, studies have revealed that
data leakage remains a risk in VFL due to the correlations between intermediate
representations and raw data. Neural networks can accurately capture these
correlations, allowing an adversary to reconstruct the data. This emphasizes
the need for continued research into securing VFL systems.
Our work shows that hashing is a promising solution to counter data
reconstruction attacks. The one-way nature of hashing makes it difficult for an
adversary to recover data from hash codes. However, implementing hashing in VFL
presents new challenges, including vanishing gradients and information loss. To
address these issues, we propose HashVFL, which integrates hashing and
simultaneously achieves learnability, bit balance, and consistency.
Experimental results indicate that HashVFL effectively maintains task
performance while defending against data reconstruction attacks. It also brings
additional benefits in reducing the degree of label leakage, mitigating
adversarial attacks, and detecting abnormal inputs. We hope our work will
inspire further research into the potential applications of HashVFL.
Related papers
- Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning [83.90283731845867]
We consider feature reconstruction attacks, a common risk targeting input data compromise.
We show that Federated-based models are resistant to state-of-the-art feature reconstruction attacks.
arXiv Detail & Related papers (2024-12-16T12:02:12Z) - Exploring Federated Learning Dynamics for Black-and-White-Box DNN Traitor Tracing [49.1574468325115]
This paper explores the adaptation of black-and-white traitor tracing watermarking to Federated Learning.
Results show that collusion-resistant traitor tracing, identifying all data-owners involved in a suspected leak, is feasible in an FL framework, even in early stages of training.
arXiv Detail & Related papers (2024-07-02T09:54:35Z) - UIFV: Data Reconstruction Attack in Vertical Federated Learning [5.404398887781436]
Vertical Federated Learning (VFL) facilitates collaborative machine learning without the need for participants to share raw private data.
Recent studies have revealed privacy risks where adversaries might reconstruct sensitive features through data leakage during the learning process.
Our work exposes severe privacy vulnerabilities within VFL systems that pose real threats to practical VFL applications.
arXiv Detail & Related papers (2024-06-18T13:18:52Z) - Universal Adversarial Backdoor Attacks to Fool Vertical Federated
Learning in Cloud-Edge Collaboration [13.067285306737675]
This paper investigates the vulnerability of vertical federated learning (VFL) in the context of binary classification tasks.
We introduce a universal adversarial backdoor (UAB) attack to poison the predictions of VFL.
Our approach surpasses existing state-of-the-art methods, achieving up to 100% backdoor task performance.
arXiv Detail & Related papers (2023-04-22T15:31:15Z) - Secure Forward Aggregation for Vertical Federated Neural Networks [25.059312670812215]
We study SplitNN, a well-known neural network framework in Vertical Federated Learning (VFL)
SplitNN suffers from the loss of model performance since multiply parties jointly train the model using transformed data instead of raw data.
We propose a new neural network protocol in VFL called Security Forward Aggregation (SFA)
Experiment results show that networks with SFA achieve both data security and high model performance.
arXiv Detail & Related papers (2022-06-28T03:13:26Z) - Desirable Companion for Vertical Federated Learning: New Zeroth-Order
Gradient Based Algorithm [140.25480610981504]
A complete list of metrics to evaluate VFL algorithms should include model applicability, privacy, communication, and computation efficiency.
We propose a novel VFL framework with black-box scalability, which is inseparably inseparably scalable.
arXiv Detail & Related papers (2022-03-19T13:55:47Z) - Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
Federated learning (FL) allows the collaborative training of AI models without needing to share raw data.
Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data.
In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
arXiv Detail & Related papers (2022-02-14T18:33:12Z) - CAFE: Catastrophic Data Leakage in Vertical Federated Learning [65.56360219908142]
Recent studies show that private training data can be leaked through the gradients sharing mechanism deployed in distributed machine learning systems.
We propose an advanced data leakage attack with theoretical justification to efficiently recover batch data from the shared aggregated gradients.
arXiv Detail & Related papers (2021-10-26T23:22:58Z) - Vertical federated learning based on DFP and BFGS [0.0]
We propose a novel vertical federated learning framework based on the DFP and the BFGS(denoted as BDFL)
We perform experiments using real datasets to test efficiency of BDFL framework.
arXiv Detail & Related papers (2021-01-23T06:15:04Z) - Learning to Hash with Graph Neural Networks for Recommender Systems [103.82479899868191]
Graph representation learning has attracted much attention in supporting high quality candidate search at scale.
Despite its effectiveness in learning embedding vectors for objects in the user-item interaction network, the computational costs to infer users' preferences in continuous embedding space are tremendous.
We propose a simple yet effective discrete representation learning framework to jointly learn continuous and discrete codes.
arXiv Detail & Related papers (2020-03-04T06:59:56Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.