VFLIP: A Backdoor Defense for Vertical Federated Learning via Identification and Purification

• URL: http://arxiv.org/abs/2408.15591v2
• Date: Thu, 29 Aug 2024 02:01:56 GMT
• Title: VFLIP: A Backdoor Defense for Vertical Federated Learning via Identification and Purification
• Authors: Yungi Cho, Woorim Han, Miseon Yu, Younghan Lee, Ho Bae, Yunheung Paek,
• Abstract summary: We present the first backdoor defense, called VFLIP, specialized for Vertical Federated Learning (VFL) VFLIP employs the identification and purification techniques that operate at the inference stage, consequently improving the robustness against backdoor attacks to a great extent. We conduct extensive experiments on CIFAR10, CINIC10, Imagenette, NUS-WIDE, and BankMarketing to demonstrate that VFLIP can effectively mitigate backdoor attacks in VFL.
• Score: 2.598981024199416
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Vertical Federated Learning (VFL) focuses on handling vertically partitioned data over FL participants. Recent studies have discovered a significant vulnerability in VFL to backdoor attacks which specifically target the distinct characteristics of VFL. Therefore, these attacks may neutralize existing defense mechanisms designed primarily for Horizontal Federated Learning (HFL) and deep neural networks. In this paper, we present the first backdoor defense, called VFLIP, specialized for VFL. VFLIP employs the identification and purification techniques that operate at the inference stage, consequently improving the robustness against backdoor attacks to a great extent. VFLIP first identifies backdoor-triggered embeddings by adopting a participant-wise anomaly detection approach. Subsequently, VFLIP conducts purification which removes the embeddings identified as malicious and reconstructs all the embeddings based on the remaining embeddings. We conduct extensive experiments on CIFAR10, CINIC10, Imagenette, NUS-WIDE, and BankMarketing to demonstrate that VFLIP can effectively mitigate backdoor attacks in VFL. https://github.com/blingcho/VFLIP-esorics24

Related papers

• Lurking in the shadows: Unveiling Stealthy Backdoor Attacks against Personalized Federated Learning [31.386836775526685]
  We propose textitPFedBA, a stealthy and effective backdoor attack strategy applicable to PFL systems. Our study sheds light on the subtle yet potent backdoor threats to PFL systems, urging the community to bolster defenses against emerging backdoor challenges.
  arXiv  Detail & Related papers  (2024-06-10T12:14:05Z)
• Vertical Federated Learning for Effectiveness, Security, Applicability: A Survey [67.48187503803847]
  Vertical Federated Learning (VFL) is a privacy-preserving distributed learning paradigm. Recent research has shown promising results addressing various challenges in VFL. This survey offers a systematic overview of recent developments.
  arXiv  Detail & Related papers  (2024-05-25T16:05:06Z)
• VFLAIR: A Research Library and Benchmark for Vertical Federated Learning [14.878602173713686]
  Vertical Learning (VFL) has emerged as a collaborative training paradigm that allows participants with different features of the same group of users to accomplish cooperative training without exposing their raw data or model parameters. VFL has gained significant attention for its research potential and real-world applications in recent years, but still faces substantial challenges, such as in defending various kinds of data inference and backdoor attacks. We present an Federated and lightweight VFL framework VFLAIR, which supports VFL training with a variety of models, datasets and protocols, along with standardized modules for comprehensive evaluations of attacks and defense strategies.
  arXiv  Detail & Related papers  (2023-10-15T13:18:31Z)
• Universal Adversarial Backdoor Attacks to Fool Vertical Federated Learning in Cloud-Edge Collaboration [13.067285306737675]
  This paper investigates the vulnerability of vertical federated learning (VFL) in the context of binary classification tasks. We introduce a universal adversarial backdoor (UAB) attack to poison the predictions of VFL. Our approach surpasses existing state-of-the-art methods, achieving up to 100% backdoor task performance.
  arXiv  Detail & Related papers  (2023-04-22T15:31:15Z)
• BadVFL: Backdoor Attacks in Vertical Federated Learning [22.71527711053385]
  Federated learning (FL) enables multiple parties to collaboratively train a machine learning model without sharing their data. In this paper, we focus on robustness in VFL, in particular, on backdoor attacks. We present a first-of-its-kind clean-label backdoor attack in VFL, which consists of two phases: a label inference and a backdoor phase.
  arXiv  Detail & Related papers  (2023-04-18T09:22:32Z)
• Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks [53.81129518924231]
  We conduct the first study of backdoor attacks in the pFL framework. We show that pFL methods with partial model-sharing can significantly boost robustness against backdoor attacks. We propose a lightweight defense method, Simple-Tuning, which empirically improves defense performance against backdoor attacks.
  arXiv  Detail & Related papers  (2023-02-03T11:58:14Z)
• Low-Latency Cooperative Spectrum Sensing via Truncated Vertical Federated Learning [51.51440623636274]
  We propose a vertical federated learning (VFL) framework to exploit the distributed features across multiple secondary users (SUs) without compromising data privacy. To accelerate the training process, we propose a truncated vertical federated learning (T-VFL) algorithm. The convergence performance of T-VFL is provided via mathematical analysis and justified by simulation results.
  arXiv  Detail & Related papers  (2022-08-07T10:39:27Z)
• Desirable Companion for Vertical Federated Learning: New Zeroth-Order Gradient Based Algorithm [140.25480610981504]
  A complete list of metrics to evaluate VFL algorithms should include model applicability, privacy, communication, and computation efficiency. We propose a novel VFL framework with black-box scalability, which is inseparably inseparably scalable.
  arXiv  Detail & Related papers  (2022-03-19T13:55:47Z)
• Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models [58.631918656336005]
  We propose a novel attack that reveals private user text by deploying malicious parameter vectors. Unlike previous attacks on FL, the attack exploits characteristics of both the Transformer architecture and the token embedding.
  arXiv  Detail & Related papers  (2022-01-29T22:38:21Z)
• Meta Federated Learning [57.52103907134841]
  Federated Learning (FL) is vulnerable to training time adversarial attacks. We propose Meta Federated Learning ( Meta-FL) which not only is compatible with secure aggregation protocol but also facilitates defense against backdoor attacks.
  arXiv  Detail & Related papers  (2021-02-10T16:48:32Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.