GAN-based Vertical Federated Learning for Label Protection in Binary Classification

TL;DR

This paper introduces GAFM, a GAN-based method for vertical federated learning that enhances label privacy protection by learning label distributions indirectly, while maintaining model utility.

Contribution

The paper proposes GAFM, a novel GAN-integrated splitNN approach that mitigates label leakage in VFL without sacrificing prediction accuracy.

Findings

GAFM outperforms baseline methods in utility-privacy trade-off.

GAFM effectively mitigates label leakage through gradient perturbation.

Experimental results confirm GAFM's robustness across datasets.

Abstract

Split learning (splitNN) has emerged as a popular strategy for addressing the high computational costs and low modeling efficiency in Vertical Federated Learning (VFL). However, despite its popularity, vanilla splitNN lacks encryption protection, leaving it vulnerable to privacy leakage issues, especially Label Leakage from Gradients (LLG). Motivated by the LLG issue resulting from the use of labels during training, we propose the Generative Adversarial Federated Model (GAFM), a novel method designed specifically to enhance label privacy protection by integrating splitNN with Generative Adversarial Networks (GANs). GAFM leverages GANs to indirectly utilize label information by learning the label distribution rather than relying on explicit labels, thereby mitigating LLG. GAFM also employs an additional cross-entropy loss based on the noisy labels to further improve the prediction accuracy. Our ablation experiment demonstrates that the combination of GAN and the cross-entropy loss component is necessary to enable GAFM to mitigate LLG without significantly compromising the model utility. Empirical results on various datasets show that GAFM achieves a better and more robust trade-off between model utility and privacy compared to all baselines across multiple random runs. In addition, we provide experimental justification to substantiate GAFM's superiority over splitNN, demonstrating that it offers enhanced label protection through gradient perturbation relative to splitNN.