Go to DBLP homepageFinding the PISTE: Towards Understanding Privacy Leaks in Vertical Federated Learning Systems
Abstract: Vertical Federated Learning (VFL) is a collaborative learning paradigm where participants share the same sample space while splitting the feature space. In VFL, local participants host their bottom models for feature extraction and collaboratively train a classifier by exchanging intermediate results with the server owning the labels. Both local training data and bottom models contain privacy-sensitive information and are considered the intellectual property of each participant, and thus should be protected by the design of VFL. Our study exposes the fundamental susceptibility of VFL systems to privacy leaks, which arise from the collaboration between the server and clients during both training and testing. Based on our findings, we propose PISTE, a model-agnostic framework of privacy stealing attacks against VFL. PISTE delivers three privacy inference attacks, i.e., model stealing, data reconstruction, and property inference attacks on five benchmark datasets and four different model architectures. We further discuss four potential countermeasures. Experimental results show that all of them cannot prevent all three privacy stealing attacks in PISTE. In summary, our study demonstrates the inherent yet rarely uncovered vulnerability of VFL on leaking data and model privacy.
Loading