Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning

TL;DR

This paper shows that simple data transformations can effectively protect input data in vertical federated learning against feature reconstruction attacks, especially when combined with certain model architectures.

Contribution

The study reveals that minimal transformations are sufficient for data privacy in VFL and demonstrates the effectiveness of simple methods against advanced attacks.

Findings

Simple transformations hinder feature reconstruction attacks.

MLP-based models resist state-of-the-art attacks.

Data protection can be achieved with minimal modifications.

Abstract

Vertical Federated Learning (VFL) aims to enable collaborative training of deep learning models while maintaining privacy protection. However, the VFL procedure still has components that are vulnerable to attacks by malicious parties. In our work, we consider feature reconstruction attacks, a common risk targeting input data compromise. We theoretically claim that feature reconstruction attacks cannot succeed without knowledge of the prior distribution on data. Consequently, we demonstrate that even simple model architecture transformations can significantly impact the protection of input data during VFL. Confirming these findings with experimental results, we show that MLP-based models are resistant to state-of-the-art feature reconstruction attacks.