Vertical Federated Learning (VFL) facilitates collaborative machine learning without the need for participants to share raw private data. However, recent studies have revealed privacy risks where adversaries might reconstruct sensitive features through data leakage during the learning process. Although data reconstruction methods based on gradient or model information are somewhat effective, they reveal limitations in VFL application scenarios. This is because these traditional methods heavily rely on specific model structures and/or have strict limitations on application scenarios. To address this, our study introduces the Unified InverNet Framework into VFL, which yields a novel and flexible approach (dubbed UIFV) that leverages intermediate feature data to reconstruct original data, instead of relying on gradients or model details. The intermediate feature data is the feature exchanged by different participants during the inference phase of VFL. Experiments on four datasets demonstrate that our methods significantly outperform state-of-the-art techniques in attack precision. Our work exposes severe privacy vulnerabilities within VFL systems that pose real threats to practical VFL applications and thus confirms the necessity of further enhancing privacy protection in the VFL architecture.
翻译:纵向联邦学习(Vertical Federated Learning, VFL)使得参与者无需共享原始私有数据即可进行协作机器学习。然而,近期研究揭示了隐私风险,即攻击者可能在学习过程中的数据泄露环节重构敏感特征。尽管基于梯度或模型信息的数据重构方法具有一定效果,但它们在实际VFL应用场景中暴露出局限性。这是因为这些传统方法严重依赖特定的模型结构,和/或对应用场景有严格的限制。为解决这一问题,本研究将统一反演网络框架引入VFL,提出了一种新颖且灵活的方法(称为UIFV),该方法利用中间特征数据而非梯度或模型细节来重构原始数据。中间特征数据是VFL推理阶段不同参与者之间交换的特征。在四个数据集上的实验表明,我们的方法在攻击精度上显著优于现有技术。我们的工作揭示了VFL系统中存在的严重隐私漏洞,这些漏洞对实际VFL应用构成了真实威胁,从而证实了在VFL架构中进一步加强隐私保护的必要性。