Mutual Information Regularization for Vertical Federated Learning

TL;DR

This paper introduces a mutual information regularization method to enhance privacy and security in vertical federated learning by limiting information leakage from raw data and intermediate outputs.

Contribution

The paper proposes a novel defense approach, MID, that effectively reduces information leakage in VFL, balancing privacy protection with model utility.

Findings

MID defends against label inference attacks

MID mitigates backdoor attack risks

MID reduces feature reconstruction success

Abstract

Vertical Federated Learning (VFL) is widely utilized in real-world applications to enable collaborative learning while protecting data privacy and safety. However, previous works show that parties without labels (passive parties) in VFL can infer the sensitive label information owned by the party with labels (active party) or execute backdoor attacks to VFL. Meanwhile, active party can also infer sensitive feature information from passive party. All these pose new privacy and security challenges to VFL systems. We propose a new general defense method which limits the mutual information between private raw data, including both features and labels, and intermediate outputs to achieve a better trade-off between model utility and privacy. We term this defense Mutual Information Regularization Defense (MID). We theoretically and experimentally testify the effectiveness of our MID method in defending existing attacks in VFL, including label inference attacks, backdoor attacks and feature reconstruction attacks.