BadVFL: Backdoor Attacks in Vertical Federated Learning
- URL: http://arxiv.org/abs/2304.08847v2
- Date: Wed, 23 Aug 2023 21:57:10 GMT
- Title: BadVFL: Backdoor Attacks in Vertical Federated Learning
- Authors: Mohammad Naseri, Yufei Han, Emiliano De Cristofaro
- Abstract summary: Federated learning (FL) enables multiple parties to collaboratively train a machine learning model without sharing their data.
In this paper, we focus on robustness in VFL, in particular, on backdoor attacks.
We present a first-of-its-kind clean-label backdoor attack in VFL, which consists of two phases: a label inference and a backdoor phase.
- Score: 22.71527711053385
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Federated learning (FL) enables multiple parties to collaboratively train a
machine learning model without sharing their data; rather, they train their own
model locally and send updates to a central server for aggregation. Depending
on how the data is distributed among the participants, FL can be classified
into Horizontal (HFL) and Vertical (VFL). In VFL, the participants share the
same set of training instances but only host a different and non-overlapping
subset of the whole feature space. Whereas in HFL, each participant shares the
same set of features while the training set is split into locally owned
training data subsets.
VFL is increasingly used in applications like financial fraud detection;
nonetheless, very little work has analyzed its security. In this paper, we
focus on robustness in VFL, in particular, on backdoor attacks, whereby an
adversary attempts to manipulate the aggregate model during the training
process to trigger misclassifications. Performing backdoor attacks in VFL is
more challenging than in HFL, as the adversary i) does not have access to the
labels during training and ii) cannot change the labels as she only has access
to the feature embeddings. We present a first-of-its-kind clean-label backdoor
attack in VFL, which consists of two phases: a label inference and a backdoor
phase. We demonstrate the effectiveness of the attack on three different
datasets, investigate the factors involved in its success, and discuss
countermeasures to mitigate its impact.
Related papers
- Decoupled Vertical Federated Learning for Practical Training on
Vertically Partitioned Data [9.84489449520821]
We propose a blockwise learning approach to Vertical Federated Learning (VFL)
In VFL, a host client owns data labels for each entity and learns a final representation based on intermediate local representations from all guest clients.
We implement DVFL to train split neural networks and show that model performance is comparable to VFL on a variety of classification datasets.
arXiv Detail & Related papers (2024-03-06T17:23:28Z) - Practical and General Backdoor Attacks against Vertical Federated
Learning [3.587415228422117]
Federated learning (FL) aims to facilitate data collaboration across multiple organizations without exposing data privacy.
BadVFL is a novel and practical approach to inject backdoor triggers into victim models without label information.
BadVFL achieves over 93% attack success rate with only 1% poisoning rate.
arXiv Detail & Related papers (2023-06-19T07:30:01Z) - Universal Adversarial Backdoor Attacks to Fool Vertical Federated
Learning in Cloud-Edge Collaboration [13.067285306737675]
This paper investigates the vulnerability of vertical federated learning (VFL) in the context of binary classification tasks.
We introduce a universal adversarial backdoor (UAB) attack to poison the predictions of VFL.
Our approach surpasses existing state-of-the-art methods, achieving up to 100% backdoor task performance.
arXiv Detail & Related papers (2023-04-22T15:31:15Z) - FedABC: Targeting Fair Competition in Personalized Federated Learning [76.9646903596757]
Federated learning aims to collaboratively train models without accessing their client's local private data.
We propose a novel and generic PFL framework termed Federated Averaging via Binary Classification, dubbed FedABC.
In particular, we adopt the one-vs-all'' training strategy in each client to alleviate the unfair competition between classes.
arXiv Detail & Related papers (2023-02-15T03:42:59Z) - Vertical Federated Learning: Taxonomies, Threats, and Prospects [22.487434998185773]
Federated learning (FL) is the most popular distributed machine learning technique.
FL can be divided into horizontal federated learning (HFL) and vertical federated learning (VFL)
VFL is more relevant than HFL as different companies hold different features for the same set of customers.
Although VFL is an emerging area of research, it is not well-established compared to HFL.
arXiv Detail & Related papers (2023-02-03T05:13:40Z) - FairVFL: A Fair Vertical Federated Learning Framework with Contrastive
Adversarial Learning [102.92349569788028]
We propose a fair vertical federated learning framework (FairVFL) to improve the fairness of VFL models.
The core idea of FairVFL is to learn unified and fair representations of samples based on the decentralized feature fields in a privacy-preserving way.
For protecting user privacy, we propose a contrastive adversarial learning method to remove private information from the unified representation in server.
arXiv Detail & Related papers (2022-06-07T11:43:32Z) - Defending Label Inference and Backdoor Attacks in Vertical Federated
Learning [11.319694528089773]
In collaborative learning, curious parities might be honest but are attempting to infer other parties' private data through inference attacks.
In this paper, we show that private labels can be reconstructed from per-sample gradients.
We introduce a novel technique termed confusional autoencoder (CoAE) based on autoencoder and entropy regularization.
arXiv Detail & Related papers (2021-12-10T09:32:09Z) - Mobility-Aware Cluster Federated Learning in Hierarchical Wireless
Networks [81.83990083088345]
We develop a theoretical model to characterize the hierarchical federated learning (HFL) algorithm in wireless networks.
Our analysis proves that the learning performance of HFL deteriorates drastically with highly-mobile users.
To circumvent these issues, we propose a mobility-aware cluster federated learning (MACFL) algorithm.
arXiv Detail & Related papers (2021-08-20T10:46:58Z) - CRFL: Certifiably Robust Federated Learning against Backdoor Attacks [59.61565692464579]
This paper provides the first general framework, Certifiably Robust Federated Learning (CRFL), to train certifiably robust FL models against backdoors.
Our method exploits clipping and smoothing on model parameters to control the global model smoothness, which yields a sample-wise robustness certification on backdoors with limited magnitude.
arXiv Detail & Related papers (2021-06-15T16:50:54Z) - Meta Federated Learning [57.52103907134841]
Federated Learning (FL) is vulnerable to training time adversarial attacks.
We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
arXiv Detail & Related papers (2021-02-10T16:48:32Z) - WAFFLe: Weight Anonymized Factorization for Federated Learning [88.44939168851721]
In domains where data are sensitive or private, there is great value in methods that can learn in a distributed manner without the data ever leaving the local devices.
We propose Weight Anonymized Factorization for Federated Learning (WAFFLe), an approach that combines the Indian Buffet Process with a shared dictionary of weight factors for neural networks.
arXiv Detail & Related papers (2020-08-13T04:26:31Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.