UIFV: Data Reconstruction Attack in Vertical Federated Learning

TL;DR

This paper introduces UIFV, a novel data reconstruction attack in vertical federated learning that exploits exchanged intermediate features to reconstruct private data, revealing significant privacy vulnerabilities.

Contribution

The study proposes the Unified InverNet Framework (UIFV), a flexible and effective method for data reconstruction in VFL that does not depend on model structure or gradients.

Findings

UIFV outperforms existing methods in attack precision

Experiments on four datasets confirm severe privacy vulnerabilities

Highlights the need for enhanced privacy protections in VFL

Abstract

Vertical Federated Learning (VFL) facilitates collaborative machine learning without the need for participants to share raw private data. However, recent studies have revealed privacy risks where adversaries might reconstruct sensitive features through data leakage during the learning process. Although data reconstruction methods based on gradient or model information are somewhat effective, they reveal limitations in VFL application scenarios. This is because these traditional methods heavily rely on specific model structures and/or have strict limitations on application scenarios. To address this, our study introduces the Unified InverNet Framework into VFL, which yields a novel and flexible approach (dubbed UIFV) that leverages intermediate feature data to reconstruct original data, instead of relying on gradients or model details. The intermediate feature data is the feature exchanged by different participants during the inference phase of VFL. Experiments on four datasets demonstrate that our methods significantly outperform state-of-the-art techniques in attack precision. Our work exposes severe privacy vulnerabilities within VFL systems that pose real threats to practical VFL applications and thus confirms the necessity of further enhancing privacy protection in the VFL architecture.