Yunbo Yang,Xiang Chen,Yuhao Pan,Jiachen Shen,Zhenfu Cao,Xiaolei Dong,Xiaoguo Li,Jianfei Sun,Guomin Yang,Robert Deng

DOI: https://doi.org/10.1109/tifs.2024.3477924

IF: 7.231

2024-10-26

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) allows multiple parties, each holding a dataset, to jointly train a model without leaking any information about their own datasets. In this paper, we focus on vertical FL (VFL). In VFL, each party holds a dataset with the same sample space and different feature spaces. All parties should first agree on the training dataset in the ID alignment phase. However, existing works may leak some information about the training dataset and cause privacy leakage. To address this issue, this paper proposes OpenVFL, a vertical federated learning framework with stronger privacy-preserving. We first propose NCLPSI, a new variant of labeled PSI, in which both parties can invoke this protocol to get the encrypted training dataset without leaking any additional information. After that, both parties train the model over the encrypted training dataset. We also formally analyze the security of OpenVFL. In addition, the experimental results show that OpenVFL achieves the best trade-offs between accuracy, performance, and privacy among the most state-of-the-art works.

computer science, theory & methods,engineering, electrical & electronic

Runhua Xu,Nathalie Baracaldo,Yi Zhou,Ali Anwar,James Joshi,Heiko Ludwig

DOI: https://doi.org/10.48550/arXiv.2103.03918

IF: 5.414

2021-03-05

Machine Learning

Abstract:Federated learning (FL) has been proposed to allow collaborative training of machine learning (ML) models among multiple parties where each party can keep its data private. In this paradigm, only model updates, such as model weights or gradients, are shared. Many existing approaches have focused on horizontal FL, where each party has the entire feature set and labels in the training data set. However, many real scenarios follow a vertically-partitioned FL setup, where a complete feature set is formed only when all the datasets from the parties are combined, and the labels are only available to a single party. Privacy-preserving vertical FL is challenging because complete sets of labels and features are not owned by one entity. Existing approaches for vertical FL require multiple peer-to-peer communications among parties, leading to lengthy training times, and are restricted to (approximated) linear models and just two parties. To close this gap, we propose FedV, a framework for secure gradient computation in vertical settings for several widely used ML models such as linear models, logistic regression, and support vector machines. FedV removes the need for peer-to-peer communication among parties by using functional encryption schemes; this allows FedV to achieve faster training times. It also works for larger and changing sets of parties. We empirically demonstrate the applicability for multiple types of ML models and show a reduction of 10%-70% of training time and 80% to 90% in data transfer with respect to the state-of-the-art approaches.

Xiang Ni,Xiaolong Xu,Lingjuan Lyu,Changhua Meng,Weiqiang Wang

DOI: https://doi.org/10.48550/arXiv.2106.11593

2021-06-22

Abstract:Recently, Graph Neural Network (GNN) has achieved remarkable success in various real-world problems on graph data. However in most industries, data exists in the form of isolated islands and the data privacy and security is also an important issue. In this paper, we propose FedVGCN, a federated GCN learning paradigm for privacy-preserving node classification task under data vertically partitioned setting, which can be generalized to existing GCN models. Specifically, we split the computation graph data into two parts. For each iteration of the training process, the two parties transfer intermediate results to each other under homomorphic encryption. We conduct experiments on benchmark data and the results demonstrate the effectiveness of FedVGCN in the case of GraphSage.

Machine Learning,Artificial Intelligence

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Jiaqi Zhao,Hui Zhu,Fengwei Wang,Rongxing Lu,Ermei Wang,Linfeng Li,Hui Li

DOI: https://doi.org/10.1109/tcc.2023.3247870

IF: 5.697

2023-01-01

IEEE Transactions on Cloud Computing

Abstract:With the explosive growth of data volume and computing capability, federated learning, which involves constructing global models over multiple data islands, has demonstrated its advantages and vast prospects in the field of machine learning. However, due to commonly vertically partitioned data, coupled with privacy concerns about data leakage, there are still some challenging issues in traditional federated learning. To tackle these challenges, in this paper, we propose an efficient and privacy-preserving vertical federated learning framework for logistic regression, named VFLR, where multiple participants can collaboratively perform global model training and query over their vertically partitioned data. Specifically, we first design a data aggregation matrix construction algorithm, with which the vertically partitioned data can be aggregated for high-accuracy global model training. Then, by utilizing a novel symmetric homomorphic encryption, our framework can ensure that the whole training and query processes do not leak any private information. Moreover, based on the data aggregation matrix, multi-round interactions are not required in VFLR, improving training efficiency significantly. Detailed security analysis shows that VFLR can well protect data and model information from inference attacks. In addition, extensive experiments demonstrate that VFLR has high training and query accuracy and low computation and communication overhead.

computer science, information systems, theory & methods

Fangcheng Fu,Huanran Xue,Yong Cheng,Yangyu Tao,Bin Cui

DOI: https://doi.org/10.1145/3514221.3526127

2022-01-01

Abstract:Due to the rising concerns on privacy protection, how to build machine learning (ML) models over different data sources with security guarantees is gaining more popularity. Vertical federated learning (VFL) describes such a case where ML models are built upon the private data of different participated parties that own disjoint features for the same set of instances, which fits many real-world collaborative tasks. Nevertheless, we find that existing solutions for VFL either support limited kinds of input features or suffer from potential data leakage during the federated execution. To this end, this paper aims to investigate both the functionality and security of ML modes in the VFL scenario. To be specific, we introduce BlindFL, a novel framework for VFL training and inference. First, to address the functionality of VFL models, we propose the federated source layers to unite the data from different parties. Various kinds of features can be supported efficiently by the federated source layers, including dense, sparse, numerical, and categorical features. Second, we carefully analyze the security during the federated execution and formalize the privacy requirements. Based on the analysis, we devise secure and accurate algorithm protocols, and further prove the security guarantees under the ideal-real simulation paradigm. Extensive experiments show that BlindFL supports diverse datasets and models efficiently whilst achieves robust privacy guarantees.

Chaochao Chen,Jun Zhou,Longfei Zheng,Huiwen Wu,Lingjuan Lyu,Jia Wu,Bingzhe Wu,Ziqi Liu,Li Wang,Xiaolin Zheng

DOI: https://doi.org/10.24963/ijcai.2022/272

2020-01-01

Abstract:Recently, Graph Neural Network (GNN) has achieved remarkable progresses invarious real-world tasks on graph data, consisting of node features and theadjacent information between different nodes. High-performance GNN modelsalways depend on both rich features and complete edge information in graph.However, such information could possibly be isolated by different data holdersin practice, which is the so-called data isolation problem. To solve thisproblem, in this paper, we propose VFGNN, a federated GNN learning paradigm forprivacy-preserving node classification task under data vertically partitionedsetting, which can be generalized to existing GNN models. Specifically, wesplit the computation graph into two parts. We leave the private data (i.e.,features, edges, and labels) related computations on data holders, and delegatethe rest of computations to a semi-honest server. We also propose to applydifferential privacy to prevent potential information leakage from the server.We conduct experiments on three benchmarks and the results demonstrate theeffectiveness of VFGNN.

Pengyu Qiu,Xuhong Zhang,Shouling Ji,Tianyu Du,Yuwen Pu,Jun Zhou,Ting Wang

DOI: https://doi.org/10.1109/tdsc.2022.3208630

2023-01-01

Abstract:Vertical federated learning (VFL) is an emerging privacy-preserving paradigm that enables collaboration between companies. These companies have the same set of users but different features. One of them is interested in expanding new business or improving its current service with others’ features. For instance, an e-commerce company, who wants to improve its recommendation performance, can incorporate users’ preferences from another corporation such as a social media company through VFL. On the other hand, graph data is a powerful and sensitive type of data widely used in industry. Their leakage, e.g., the node leakage and/or the relation leakage, can cause severe privacy issues and financial loss. Therefore, protecting the security of graph data is important in practice. Though a line of work has studied how to learn with graph data in VFL, the privacy risks remain underexplored. In this paper, we perform the first systematic study on relation inference attacks to reveal VFL's risk of leaking samples’ relations. Specifically, we assume the adversary to be a semi-honest participant. Then, according to the adversary's knowledge level, we formulate three kinds of attacks based on different intermediate representations. Particularly, we design a novel numerical approximation method to handle VFL's encryption mechanism on the participant's representations. Extensive evaluations with four real-world datasets demonstrate the effectiveness of our attacks. For instance, the area under curve of relation inference can reach more than 90%, implying an impressive relation inference capability. Furthermore, we evaluate possible defenses to examine our attacks’ robustness. The results show that their impacts are limited. Our work highlights the need for advanced defenses to protect private relations and calls for more exploration of VFL's privacy and security issues.

Xinchi Qiu,Heng Pan,Wanru Zhao,Chenyang Ma,William F. Shen,Pedro P.B. Gusmao,Nicholas D. Lane

DOI: https://doi.org/10.48550/arXiv.2305.16794

2023-05-26

Cryptography and Security

Abstract:Most work in privacy-preserving federated learning (FL) has focused on horizontally partitioned datasets where clients hold the same features and train complete client-level models independently. However, individual data points are often scattered across different institutions, known as clients, in vertical FL (VFL) settings. Addressing this category of FL necessitates the exchange of intermediate outputs and gradients among participants, resulting in potential privacy leakage risks and slow convergence rates. Additionally, in many real-world scenarios, VFL training also faces the acute issue of client stragglers and drop-outs, a serious challenge that can significantly hinder the training process but has been largely overlooked in existing studies. In this work, we present vFedSec, a first dropout-tolerant VFL protocol, which can support the most generalized vertical framework. It achieves secure and efficient model training by using an innovative Secure Layer alongside an embedding-padding technique. We provide theoretical proof that our design attains enhanced security while maintaining training performance. Empirical results from extensive experiments also demonstrate vFedSec is robust to client dropout and provides secure training with negligible computation and communication overhead. Compared to widely adopted homomorphic encryption (HE) methods, our approach achieves a remarkable > 690x speedup and reduces communication costs significantly by > 9.6x.

Zhicheng Yang,Xiaoliang Fan,Zheng Wang,Zihui Wang,Cheng Wang

DOI: https://doi.org/10.1007/978-981-99-8435-0_8

2024-01-01

Abstract:Graph Neural Network based Vertical Federated Learning (GVFL) facilitates data collaboration while preserving data privacy by learning GNN-based node representations from participants holding different dimensions of node features. Existing works have shown that GVFL is vulnerable to adversarial attacks from malicious participants. However, how to defend against various adversarial attacks has not been investigated under the non-i.i.d. nature of graph data and privacy constraints. In this paper, we propose RDC-GVFL, a novel two-phase robust GVFL framework. In the detection phase, we adapt a Shapley-based method to evaluate the contribution of all participants to identify malicious ones. In the correction phase, we leverage historical embeddings to rectify malicious embeddings, thereby obtaining accurate predictions. We conducted extensive experiments on three well-known graph datasets under four adversarial attack settings. Our experimental results demonstrate that RDC-GVFL can effectively detect malicious participants and ensure a robust GVFL model against diverse attacks. Our code and supplemental material is available at https://github.com/zcyang-cs/RDC-GVFL.

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Xinchi Qiu,Heng Pan,Wanru Zhao,Chenyang Ma,Pedro Porto Buarque de Gusmão,Nicholas D. Lane

2023-05-19

Abstract:The majority of work in privacy-preserving federated learning (FL) has been focusing on horizontally partitioned datasets where clients share the same sets of features and can train complete models independently. However, in many interesting problems, such as financial fraud detection and disease detection, individual data points are scattered across different clients/organizations in vertical federated learning. Solutions for this type of FL require the exchange of gradients between participants and rarely consider privacy and security concerns, posing a potential risk of privacy leakage. In this work, we present a novel design for training vertical FL securely and efficiently using state-of-the-art security modules for secure aggregation. We demonstrate empirically that our method does not impact training performance whilst obtaining 9.1e2 ~3.8e4 speedup compared to homomorphic encryption (HE).

Machine Learning,Artificial Intelligence,Cryptography and Security

Mochan Fan,Zhipeng Zhang,Zonghang Li,Gang Sun,Hongfang Yu,Jiawen Kang,Mohsen Guizani

DOI: https://doi.org/10.1016/j.dcan.2024.07.008

IF: 6.348

2024-01-01

Digital Communications and Networks

Abstract:Vertical Federated Learning (VFL), which draws attention because of its ability to evaluate individuals based on features spread across multiple institutions, encounters numerous privacy and security threats. Existing solutions often suffer from centralized architectures, and exorbitant costs. To mitigate these issues, in this paper, we propose SecureVFL, a decentralized multi-party VFL scheme designed to enhance efficiency and trustworthiness while guaranteeing privacy. SecureVFL uses a permissioned blockchain and introduces a novel consensus algorithm, Proof of Feature Sharing (PoFS), to facilitate decentralized, trustworthy, and high-throughput federated training. SecureVFL introduces a verifiable and lightweight three-party Replicated Secret Sharing (RSS) protocol for feature intersection summation among overlapping users. Furthermore, we propose a (42)-sharing protocol to achieve federated training in a four-party VFL setting. This protocol involves only addition operations and exhibits robustness. SecureVFL not only enables anonymous interactions among participants but also safeguards their real identities, and provides mechanisms to unmask these identities when malicious activities are performed. We illustrate the proposed mechanism through a case study on VFL across four banks. Finally, our theoretical analysis proves the security of SecureVFL. Experiments demonstrated that SecureVFL outperformed existing multi-party VFL privacy-preserving schemes, such as MP-FedXGB, in terms of both overhead and model performance.

Yang Liu,Yan Kang,Tianyuan Zou,Yanhong Pu,Yuanqin He,Xiaozhou Ye,Ye Ouyang,Ya-Qin Zhang,Qiang Yang

DOI: https://doi.org/10.1109/tkde.2024.3352628

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Vertical Federated Learning (VFL) is a federated learning setting where multiple parties with different features about the same set of users jointly train machine learning models without exposing their raw data or model parameters. Motivated by the rapid growth in VFL research and real-world applications, we provide a comprehensive review of the concept and algorithms of VFL, as well as current advances and challenges in various aspects, including effectiveness, efficiency, and privacy. We provide an exhaustive categorization for VFL settings and privacy-preserving protocols and comprehensively analyze the privacy attacks and defense strategies for each protocol. In the end, we propose a unified framework, termed VFLow, which considers the VFL problem under communication, computation, privacy, as well as effectiveness and fairness constraints. Finally, we review the most recent advances in industrial applications, highlighting open challenges and future directions for VFL.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Yang Liu,Yan Kang,Tianyuan Zou,Yanhong Pu,Yuanqin He,Xiaozhou Ye,Ye Ouyang,Ya-Qin Zhang,Qiang Yang

DOI: https://doi.org/10.1109/TKDE.2024.3352628

2023-09-28

Abstract:Vertical Federated Learning (VFL) is a federated learning setting where multiple parties with different features about the same set of users jointly train machine learning models without exposing their raw data or model parameters. Motivated by the rapid growth in VFL research and real-world applications, we provide a comprehensive review of the concept and algorithms of VFL, as well as current advances and challenges in various aspects, including effectiveness, efficiency, and privacy. We provide an exhaustive categorization for VFL settings and privacy-preserving protocols and comprehensively analyze the privacy attacks and defense strategies for each protocol. In the end, we propose a unified framework, termed VFLow, which considers the VFL problem under communication, computation, privacy, as well as effectiveness and fairness constraints. Finally, we review the most recent advances in industrial applications, highlighting open challenges and future directions for VFL.

Machine Learning,Artificial Intelligence,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Kai Fan,Jingtao Hong,Wenjie Li,Xingwen Zhao,Hui Li,Yintang Yang

DOI: https://doi.org/10.1109/jiot.2023.3302792

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:As a new machine learning (ML) paradigm, federated learning (FL) empowers different participants to jointly train a more effective model than traditional ML. Unlike horizontal FL (HFL), which expands the sample space by aggregating local models, vertical FL (VFL) is suitable for scenarios where the sample ID between participants is the same but differs in sample characteristics. For a long time, VFL has been considered safe due to no data exchange and heterogeneity between parties. However, the recently proposed label inference attacks pose a significant security threat to VFL. Specifically, by adding randomly initialized layers to the top of local models, the passive label inference attack can infer tens of thousands of local participants’ private data with only 40 auxiliary labels. Since the attack is entirely local, using privacy protection technologies such as differential privacy cannot effectively defend against these attacks. Therefore, we propose a new privacy protection scheme called FL similar gradients (FLSGs) to defend against this attack. Unlike differential privacy, the FLSG scheme randomly generates gradients of a Gaussian distribution similar in dimension to the original gradients and calculates their cosine distance. If the distance is less than a certain threshold, the gradients are used instead of the original gradients to pass to the local participants. We conducted extensive evaluations on six real-world data sets, and the results show that FLSG provides a better defensive effect at lower computational overhead than other known methods when defending the passive label inference attack.

Anran Li,Jiahui Huang,Ju Jia,Hongyi Peng,Lan Zhang,Luu Anh Tuan,Han Yu,Xiang-Yang Li

DOI: https://doi.org/10.1109/tmc.2023.3333879

IF: 6.075

2023-01-01

IEEE Transactions on Mobile Computing

Abstract:Vertical Federated Learning (VFL) enables multiple data owners, each holding a different subset of features about a largely overlapping set of data samples, to collaboratively train a global model. The quality of data owners' local features affects the performance of the VFL model, which makes feature selection vitally important. However, existing feature selection methods for VFL either assume the availability of prior knowledge on the number of noisy features or prior knowledge on the post-training threshold of useful features to be selected, making them unsuitable for practical applications. To bridge this gap, we propose the Federated Stochastic Dual-Gate based Feature Selection (FedSDG-FS) approach. It consists of a Gaussian stochastic dual-gate to efficiently approximate the probability of a feature being selected. FedSDG-FS further designs a local embedding perturbation approach to achieve differential privacy for local training data. To reduce overhead, we propose a feature importance initialization method based on Gini impurity, which can accomplish its goals with only two parameter transmissions between the server and the clients. The enhanced version, FedSDG-FS++, protects the privacy for both the clients' training data and the server's labels through Partially Homomorphic Encryption (PHE) without relying on a trusted third-party. Theoretically, we analyze the convergence rate, privacy guarantees and security analysis of our methods. Extensive experiments on both synthetic and real-world datasets show that FedSDG-FS and FedSDG-FS++ significantly outperform existing approaches in terms of achieving more accurate selection of high-quality features as well as improving VFL performance in a privacy-preserving manner.

computer science, information systems,telecommunications

Kang Wei,Jun Li,Chuan Ma,Ming Ding,Sha Wei,Fan Wu,Guihai Chen,Thilina Ranbaduge

DOI: https://doi.org/10.48550/arXiv.2202.04309

IF: 5.414

2022-02-09

Machine Learning

Abstract:Recently, federated learning (FL) has emerged as a promising distributed machine learning (ML) technology, owing to the advancing computational and sensing capacities of end-user devices, however with the increasing concerns on users' privacy. As a special architecture in FL, vertical FL (VFL) is capable of constructing a hyper ML model by embracing sub-models from different clients. These sub-models are trained locally by vertically partitioned data with distinct attributes. Therefore, the design of VFL is fundamentally different from that of conventional FL, raising new and unique research issues. In this paper, we aim to discuss key challenges in VFL with effective solutions, and conduct experiments on real-life datasets to shed light on these issues. Specifically, we first propose a general framework on VFL, and highlight the key differences between VFL and conventional FL. Then, we discuss research challenges rooted in VFL systems under four aspects, i.e., security and privacy risks, expensive computation and communication costs, possible structural damage caused by model splitting, and system heterogeneity. Afterwards, we develop solutions to addressing the aforementioned challenges, and conduct extensive experiments to showcase the effectiveness of our proposed solutions.

Huanding Zhang,Tao Shen,Fei Wu,Mingyang Yin,Hongxia Yang,Chao Wu

2021-01-01

Abstract: Graph neural networks (GNN) have been successful in many fields, and derived various researches and applications in real industries. However, in some privacy sensitive scenarios (like finance, healthcare), training a GNN model centrally faces challenges due to the distributed data silos. Federated learning (FL) is a an emerging technique that can collaboratively train a shared model while keeping the data decentralized, which is a rational solution for distributed GNN training. We term it as federated graph learning (FGL). Although FGL has received increasing attention recently, the definition and challenges of FGL is still up in the air. In this position paper, we present a categorization to clarify it. Considering how graph data are distributed among clients, we propose four types of FGL: inter-graph FL, intra-graph FL and graph-structured FL, where intra-graph is further divided into horizontal and vertical FGL. For each type of FGL, we make a detailed discussion about the formulation and applications, and propose some potential challenges.