HASSLE: A Self-Supervised Learning Enhanced Hijacking Attack on Vertical Federated Learning

TL;DR

HASSLE introduces a self-supervised learning-based hijacking attack on vertical federated learning, achieving over 99% success rate in identifying private labels and exposing vulnerabilities in existing defenses.

Contribution

The paper presents HASSLE, a novel hijacking attack framework that improves label inference accuracy and attack success in VFL using self-supervised learning techniques.

Findings

Achieves over 99% attack success rate on multiple datasets.

Effectively infers private labels with minimal known information.

Remains effective against several existing defenses.

Abstract

Vertical Federated Learning (VFL) enables an orchestrating active party to perform a machine learning task by cooperating with passive parties that provide additional task-related features for the same training data entities. While prior research has leveraged the privacy vulnerability of VFL to compromise its integrity through a combination of label inference and backdoor attacks, their effectiveness is constrained by the low label inference precision and suboptimal backdoor injection conditions. To facilitate a more rigorous security evaluation on VFL without these limitations, we propose HASSLE, a hijacking attack framework composed of a gradient-direction-based label inference module and an adversarial embedding generation algorithm enhanced by self-supervised learning. HASSLE accurately identifies private samples associated with a targeted label using only a single known instance of that label. In the two-party scenario, it demonstrates strong performance with an attack success rate (ASR) of over 99% across four datasets, including both image and tabular modalities, and achieves 85% ASR on the more complex CIFAR-100 dataset. Evaluation of HASSLE against 8 potential defenses further highlights its significant threat while providing new insights into building a trustworthy VFL system.