Paper ID: 2412.11689

Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning

Andrei Semenov, Philip Zmushko, Alexander Pichugin, Aleksandr Beznosikov

Vertical Federated Learning (VFL) aims to enable collaborative training of deep learning models while maintaining privacy protection. However, the VFL procedure still has components that are vulnerable to attacks by malicious parties. In our work, we consider feature reconstruction attacks, a common risk targeting input data compromise. We theoretically claim that feature reconstruction attacks cannot succeed without knowledge of the prior distribution on data. Consequently, we demonstrate that even simple model architecture transformations can significantly impact the protection of input data during VFL. Confirming these findings with experimental results, we show that MLP-based models are resistant to state-of-the-art feature reconstruction attacks.

Submitted: Dec 16, 2024