Federated learning (FL) has emerged as a practical solution to tackle data silo issues without compromising user privacy. One of its variants, vertical federated learning (VFL), has recently gained increasing attention as the VFL matches the enterprises' demands of leveraging more valuable features to build better machine learning models while preserving user privacy. Current works in VFL concentrate on developing a specific protection or attack mechanism for a particular VFL algorithm. In this work, we propose an evaluation framework that formulates the privacy-utility evaluation problem. We then use this framework as a guide to comprehensively evaluate a broad range of protection mechanisms against most of the state-of-the-art privacy attacks for three widely deployed VFL algorithms. These evaluations may help FL practitioners select appropriate protection mechanisms given specific requirements. Our evaluation results demonstrate that: the model inversion and most of the label inference attacks can be thwarted by existing protection mechanisms; the model completion (MC) attack is difficult to be prevented, which calls for more advanced MC-targeted protection mechanisms. Based on our evaluation results, we offer concrete advice on improving the privacy-preserving capability of VFL systems. The code is available at https://github.com/yankang18/VFL-Attack-Defense

翻译：联邦学习已成为解决数据孤岛问题且不损害用户隐私的实用方案。其变体垂直联邦学习近年来日益受到关注，因为它契合企业利用更多高价值特征构建更优机器学习模型并同时保护用户隐私的需求。当前VFL研究主要集中于为特定VFL算法开发专用保护或攻击机制。本研究提出一种将隐私-效用评估问题形式化的评估框架，并以此为指导，针对三种广泛部署的VFL算法，全面评估各类保护机制抵御多数前沿隐私攻击的效果。这些评估可帮助联邦学习实践者根据特定需求选择合适的保护机制。评估结果表明：现有保护机制可有效抵御模型反演及多数标签推断攻击；模型补全攻击则难以防范，亟需开发更先进的针对性保护机制。基于评估发现，我们为提升VFL系统隐私保护能力提供了具体建议。代码发布于https://github.com/yankang18/VFL-Attack-Defense