RVFR: Robust Vertical Federated Learning via Feature Subspace Recovery
Keywords: Vertical Federated Learning, Adversarial Attacks, Backdoor Attacks, Feature Recovery, Robustness
Abstract: Vertical Federated Learning (VFL) is a distributed learning paradigm that allows multiple agents to jointly train a global model when each agent holds a different subset of features for the same sample(s). VFL is known to be vulnerable to backdoor attacks, where data from malicious agents are manipulated during training, and vulnerable to test-time attacks, where malicious agents manipulate the test data. However, unlike the standard horizontal federated learning, improving the robustness of robust VFL remains challenging. To this end, we propose RVFR, a novel robust VFL training and inference framework. The key to our approach is to ensure that with a low-rank feature subspace, a small number of attacked samples, and other mild assumptions, RVFR recovers the underlying uncorrupted features with guarantees, thus sanitizes the model against a vast range of backdoor attacks. Further, RVFR also defends against test-time adversarial and missing feature attacks. We conduct extensive experiments on several datasets and show that the robustness of RVFR outperforms different baselines against diverse types of attacks.
One-sentence Summary: We proposed a novel robust feature subspace recovery based VFL framework to defend against backdoor attacks during training, and a variety of attacks during inference, both with theoretical guarantees.
Supplementary Material: zip
17 Replies
Loading