Search Icon
Submissions

URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning

Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)

Vertical Federated Learning (VFL) is a collaborative
learning paradigm designed for scenarios where multiple clients
share disjoint features of the same set of data samples. Albeit a
wide range of applications, VFL is faced with privacy leakage
from data reconstruction attacks. These attacks generally fall
into two categories: honest-but-curious (HBC), where adversaries
steal data while adhering to the protocol; and malicious attacks,
where adversaries breach the training protocol for significant
data leakage. While most research has focused on HBC scenarios,
the exploration of malicious attacks remains limited.

Launching effective malicious attacks in VFL presents unique
challenges: 1) Firstly, given the distributed nature of clients’ data
features and models, each client rigorously guards its privacy
and prohibits direct querying, complicating any attempts to steal
data; 2) Existing malicious attacks alter the underlying VFL
training task, and are hence easily detected by comparing the
received gradients with the ones received in honest training. To
overcome these challenges, we develop URVFL, a novel attack
strategy that evades current detection mechanisms. The key idea
is to integrate a discriminator with auxiliary classifier that takes a
full advantage of the label information and generates malicious
gradients to the victim clients: on one hand, label information
helps to better characterize embeddings of samples from distinct
classes, yielding an improved reconstruction performance; on the
other hand, computing malicious gradients with label information
better mimics the honest training, making the malicious gradients
indistinguishable from the honest ones, and the attack much
more stealthy. Our comprehensive experiments demonstrate that
URVFL significantly outperforms existing attacks, and successfully
circumvents SOTA detection methods for malicious attacks.
Additional ablation studies and evaluations on defenses further
underscore the robustness and effectiveness of URVFL.

Paper

View More Papers

Secure Transformer Inference Made Non-interactive

Jiawen Zhang (Zhejiang University), Xinpeng Yang (Zhejiang University), Lipeng He (University of Waterloo), Kejia Chen (Zhejiang University), Wen-jie Lu (Zhejiang University), Yinghao Wang (Zhejiang University), Xiaoyang Hou (Zhejiang University), Jian Liu (Zhejiang University), Kui Ren (Zhejiang University), Xiaohu Yang (Zhejiang University)

Read More

LADDER: Multi-Objective Backdoor Attack via Evolutionary Algorithm

Dazhuang Liu (Delft University of Technology), Yanqi Qiao (Delft University of Technology), Rui Wang (Delft University of Technology), Kaitai Liang (Delft University of Technology), Georgios Smaragdakis (Delft University of Technology)

Read More

UI-CTX: Understanding UI Behaviors with Code Contexts for Mobile...

Jiawei Li (Beihang University & National University of Singapore), Jiahao Liu (National University of Singapore), Jian Mao (Beihang University), Jun Zeng (National University of Singapore), Zhenkai Liang (National University of Singapore)

Read More

HADES Attack: Understanding and Evaluating Manipulation Risks of Email...

Ruixuan Li (Tsinghua University), Chaoyi Lu (Tsinghua University), Baojun Liu (Tsinghua University;Zhongguancun Laboratory), Yunyi Zhang (Tsinghua University), Geng Hong (Fudan University), Haixin Duan (Tsinghua University;Zhongguancun Laboratory), Yanzhong Lin (Coremail Technology Co. Ltd), Qingfeng Pan (Coremail Technology Co. Ltd), Min Yang (Fudan University), Jun Shao (Zhejiang Gongshang University)

Read More