Mutual Information Regularization for Vertical Federated Learning
This addresses privacy and security challenges for VFL systems in real-world applications, representing an incremental improvement over existing defenses.
The paper tackles privacy and security vulnerabilities in Vertical Federated Learning (VFL), where parties can infer sensitive label or feature information, by proposing Mutual Information Regularization Defense (MID) to limit mutual information between private data and intermediate outputs, achieving a better trade-off between model utility and privacy, with theoretical and experimental validation against attacks like label inference, backdoor, and feature reconstruction.
Vertical Federated Learning (VFL) is widely utilized in real-world applications to enable collaborative learning while protecting data privacy and safety. However, previous works show that parties without labels (passive parties) in VFL can infer the sensitive label information owned by the party with labels (active party) or execute backdoor attacks to VFL. Meanwhile, active party can also infer sensitive feature information from passive party. All these pose new privacy and security challenges to VFL systems. We propose a new general defense method which limits the mutual information between private raw data, including both features and labels, and intermediate outputs to achieve a better trade-off between model utility and privacy. We term this defense Mutual Information Regularization Defense (MID). We theoretically and experimentally testify the effectiveness of our MID method in defending existing attacks in VFL, including label inference attacks, backdoor attacks and feature reconstruction attacks.