Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning
This addresses privacy risks in collaborative AI training for domains like healthcare or finance, but is incremental as it builds on existing VFL security concerns.
The paper tackles the vulnerability of Vertical Federated Learning (VFL) to feature reconstruction attacks by showing that such attacks fail without prior data distribution knowledge, and demonstrates experimentally that MLP-based models resist state-of-the-art attacks.
Vertical Federated Learning (VFL) aims to enable collaborative training of deep learning models while maintaining privacy protection. However, the VFL procedure still has components that are vulnerable to attacks by malicious parties. In our work, we consider feature reconstruction attacks, a common risk targeting input data compromise. We theoretically claim that feature reconstruction attacks cannot succeed without knowledge of the prior distribution on data. Consequently, we demonstrate that even simple model architecture transformations can significantly impact the protection of input data during VFL. Confirming these findings with experimental results, we show that MLP-based models are resistant to state-of-the-art feature reconstruction attacks.