A GAN-based data poisoning framework against anomaly detection in vertical federated learning
This addresses security vulnerabilities in VFL for commercial entities, but it is incremental as it adapts existing GAN and anomaly detection methods to a specific federated learning scenario.
The paper tackles the problem of data poisoning attacks in vertical federated learning (VFL) by introducing P-GAN, a GAN-based framework that allows a malicious participant to degrade model performance without access to the server-side model, and also proposes a deep auto-encoder-based anomaly detection algorithm for defense, with experimental evaluation showing their efficacy.
In vertical federated learning (VFL), commercial entities collaboratively train a model while preserving data privacy. However, a malicious participant's poisoning attack may degrade the performance of this collaborative model. The main challenge in achieving the poisoning attack is the absence of access to the server-side top model, leaving the malicious participant without a clear target model. To address this challenge, we introduce an innovative end-to-end poisoning framework P-GAN. Specifically, the malicious participant initially employs semi-supervised learning to train a surrogate target model. Subsequently, this participant employs a GAN-based method to produce adversarial perturbations to degrade the surrogate target model's performance. Finally, the generator is obtained and tailored for VFL poisoning. Besides, we develop an anomaly detection algorithm based on a deep auto-encoder (DAE), offering a robust defense mechanism to VFL scenarios. Through extensive experiments, we evaluate the efficacy of P-GAN and DAE, and further analyze the factors that influence their performance.