PRIVEE: Privacy-Preserving Vertical Federated Learning Against Feature Inference Attacks

TL;DR

PRIVEE is a novel privacy-preserving method for vertical federated learning that obfuscates confidence scores to prevent feature inference attacks while maintaining model accuracy.

Contribution

It introduces PRIVEE, a new defense mechanism that transforms confidence scores to enhance privacy without sacrificing predictive performance.

Findings

Achieves threefold improvement in privacy protection over existing methods.

Maintains full predictive accuracy despite obfuscating confidence scores.

Effectively defends against advanced feature inference attacks.

Abstract

Vertical Federated Learning (VFL) enables collaborative model training across organizations that share common user samples but hold disjoint feature spaces. Despite its potential, VFL is susceptible to feature inference attacks, in which adversarial parties exploit shared confidence scores (i.e., prediction probabilities) during inference to reconstruct private input features of other participants. To counter this threat, we propose PRIVEE (PRIvacy-preserving Vertical fEderated lEarning), a novel defense mechanism named after the French word priv\'ee, meaning "private." PRIVEE obfuscates confidence scores while preserving critical properties such as relative ranking and inter-score distances. Rather than exposing raw scores, PRIVEE shares only the transformed representations, mitigating the risk of reconstruction attacks without degrading model prediction accuracy. Extensive experiments show that PRIVEE achieves a threefold improvement in privacy protection compared to state-of-the-art defenses, while preserving full predictive performance against advanced feature inference attacks.