Search Icon
Register

URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning

Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)

Vertical Federated Learning (VFL) is a collaborative
learning paradigm designed for scenarios where multiple clients
share disjoint features of the same set of data samples. Albeit a
wide range of applications, VFL is faced with privacy leakage
from data reconstruction attacks. These attacks generally fall
into two categories: honest-but-curious (HBC), where adversaries
steal data while adhering to the protocol; and malicious attacks,
where adversaries breach the training protocol for significant
data leakage. While most research has focused on HBC scenarios,
the exploration of malicious attacks remains limited.

Launching effective malicious attacks in VFL presents unique
challenges: 1) Firstly, given the distributed nature of clients’ data
features and models, each client rigorously guards its privacy
and prohibits direct querying, complicating any attempts to steal
data; 2) Existing malicious attacks alter the underlying VFL
training task, and are hence easily detected by comparing the
received gradients with the ones received in honest training. To
overcome these challenges, we develop URVFL, a novel attack
strategy that evades current detection mechanisms. The key idea
is to integrate a discriminator with auxiliary classifier that takes a
full advantage of the label information and generates malicious
gradients to the victim clients: on one hand, label information
helps to better characterize embeddings of samples from distinct
classes, yielding an improved reconstruction performance; on the
other hand, computing malicious gradients with label information
better mimics the honest training, making the malicious gradients
indistinguishable from the honest ones, and the attack much
more stealthy. Our comprehensive experiments demonstrate that
URVFL significantly outperforms existing attacks, and successfully
circumvents SOTA detection methods for malicious attacks.
Additional ablation studies and evaluations on defenses further
underscore the robustness and effectiveness of URVFL.

Paper

View More Papers

HADES Attack: Understanding and Evaluating Manipulation Risks of Email...

Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)

Read More

Securing BGP ASAP: ASPA and other Post-ROV Defenses

Justin Furuness (University of Connecticut), Cameron Morris (University of Connecticut), Reynaldo Morillo (University of Connecticut), Arvind Kasiliya (University of Connecticut), Bing Wang (University of Connecticut), Amir Herzberg (University of Connecticut)

Read More

FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2

Connor Glosner (Purdue University), Aravind Machiry (Purdue University)

Read More

Work-in-Progress: Uncovering Dark Patterns: A Longitudinal Study of Cookie...

Zihan Qu (Johns Hopkins University), Xinyi Qu (University College London), Xin Shen, Zhen Liang, and Jianjia Yu (Johns Hopkins University)

Read More