Vertical Federated Learning (VFL) is a category of Federated Learning in which models are trained collaboratively among parties with vertically partitioned data. Typically, in a VFL scenario, the labels of the samples are kept private from all the parties except for the aggregating server, that is the label owner. Nevertheless, recent works discovered that by exploiting gradient information returned by the server to bottom models, with the knowledge of only a small set of auxiliary labels on a very limited subset of training data points, an adversary can infer the private labels. These attacks are known as label inference attacks in VFL. In our work, we propose a novel framework called KDk, that combines Knowledge Distillation and k-anonymity to provide a defense mechanism against potential label inference attacks in a VFL scenario. Through an exhaustive experimental campaign we demonstrate that by applying our approach, the performance of the analyzed label inference attacks decreases consistently, even by more than 60%, maintaining the accuracy of the whole VFL almost unaltered.

翻译：纵向联邦学习（VFL）是联邦学习的一种类别，其中模型由数据纵向分割的各方协作训练。通常在VFL场景中，样本的标签对除聚合服务器（即标签持有方）外的所有参与方保持私有。然而，近期研究发现，攻击者利用服务器向底部模型返回的梯度信息，仅需掌握极小部分训练数据点上少量辅助标签的知识，即可推断出私有标签。这类攻击被称为VFL中的标签推断攻击。本文提出一种名为KDk的新型框架，该框架结合知识蒸馏与k-匿名性，为VFL场景中潜在的标签推断攻击提供防御机制。通过详尽的实验验证，我们的方法能使所分析的标签推断攻击性能持续下降（甚至超过60%），同时几乎不改变整体VFL的准确率。