Search Icon
Register

URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning

Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)

Vertical Federated Learning (VFL) is a collaborative
learning paradigm designed for scenarios where multiple clients
share disjoint features of the same set of data samples. Albeit a
wide range of applications, VFL is faced with privacy leakage
from data reconstruction attacks. These attacks generally fall
into two categories: honest-but-curious (HBC), where adversaries
steal data while adhering to the protocol; and malicious attacks,
where adversaries breach the training protocol for significant
data leakage. While most research has focused on HBC scenarios,
the exploration of malicious attacks remains limited.

Launching effective malicious attacks in VFL presents unique
challenges: 1) Firstly, given the distributed nature of clients’ data
features and models, each client rigorously guards its privacy
and prohibits direct querying, complicating any attempts to steal
data; 2) Existing malicious attacks alter the underlying VFL
training task, and are hence easily detected by comparing the
received gradients with the ones received in honest training. To
overcome these challenges, we develop URVFL, a novel attack
strategy that evades current detection mechanisms. The key idea
is to integrate a discriminator with auxiliary classifier that takes a
full advantage of the label information and generates malicious
gradients to the victim clients: on one hand, label information
helps to better characterize embeddings of samples from distinct
classes, yielding an improved reconstruction performance; on the
other hand, computing malicious gradients with label information
better mimics the honest training, making the malicious gradients
indistinguishable from the honest ones, and the attack much
more stealthy. Our comprehensive experiments demonstrate that
URVFL significantly outperforms existing attacks, and successfully
circumvents SOTA detection methods for malicious attacks.
Additional ablation studies and evaluations on defenses further
underscore the robustness and effectiveness of URVFL.

Paper

View More Papers

Poster: Securing IoT Edge Devices: Applying NIST IR 8259A...

Rahul Choutapally, Konika Reddy Saddikuti, Solomon Berhe (University of the Pacific)

Read More

Formally Verifying the Newest Versions of the GNSS-centric TESLA...

Ioana Boureanu, Stephan Wesemeyer (Surrey Centre for Cyber Security, University of Surrey)

Read More

AegisSat: A Satellite Cybersecurity Testbed

Roee Idan, Roy Peled, Aviel Ben Siman Tov, Eli Markus, Boris Zadov, Ofir Chodeda, Yohai Fadida (Ben Gurion University of the Negev), Oliver Holschke, Jan Plachy (T-Labs (Research & Innovation)), Yuval Elovici, Asaf Shabtai (Ben Gurion University of the Negev)

Read More

DLBox: New Model Training Framework for Protecting Training Data

Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University)

Read More