Maoqiang Wu,Guoliang Cheng,Dongdong Ye,Jiawen Kang,Rong Yu,Yuan Wu,Miao Pan

DOI: https://doi.org/10.1109/tvt.2023.3304176

IF: 6.8

2023-01-01

IEEE Transactions on Vehicular Technology

Abstract:Federated learning (FL) is an emerging distributed learning paradigm widely used in vehicular networks, where vehicles are enabled to train the deep model for the server while keeping private data locally. However, the annotation of private data by vehicular users is very difficult since the high costs and professional needs, and one solution is that roadside infrastructures could provide label mapping to the data according to the geographical coordinates. In this scenario where vehicles and roadside infrastructures hold the data and labels, respectively, traditional FL is not applicable since it needs each participant to have both data and labels. In this paper, we propose a federated split learning (FSL) paradigm that split the deep model into two submodels which are trained separately in the vehicles and the roadside infrastructures. The vehicles and the roadside infrastructures exchange the intermediate data (i.e., smashed data and cut layer gradients) in training local submodels and upload the local gradients to the global server for aggregation into the global model. Specifically, we first adopt three types of privacy attacks to demonstrate that attackers could recover the private data and labels according to the shared intermediate data and uploaded local gradients. We then propose a differential privacy (DP)-based defense mechanism to defend the privacy attacks by perturbing the intermediate data. Furthermore, we design a contract-based incentive mechanism that encourages vehicles and roadside infrastructures to enhance training performance by adjusting their privacy strategies. The simulation results illustrated that the proposed defense mechanism can remarkably emasculate the performance of attacks and the proposed incentive mechanism is efficient in the FSL paradigm for vehicular networks.

telecommunications,engineering, electrical & electronic,transportation science & technology

Kangkang Sun,Hansong Xu,Kun Hua,Xi Lin,Gaolei Li,Tigang Jiang,Jianhua Li

DOI: https://doi.org/10.1109/jiot.2024.3370991

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Vehicles (IoV) connects a massive amount of smart vehicles for inter/intra-vehicle information sharing. Data privacy issues, such as privacy leakage and privacy cost are the key challenges that hinder vehicle operators from sharing their data safely. Traditional privacy-preserving techniques, including Federated Learning (FL) and Differential Privacy (DP) techniques, can protect data privacy and security, but the high privacy cost severely limits learning performance. In addition, the IoV services place high demands on low communication latency, which can be obtained by reducing the communication bits, but it also limits the learning performance. Thus, how to solve the communication-privacy-accuracy tradeoffs to achieve low latency, high privacy preservation and model performance has been a complicated issue in IoV. In this paper, a privacy-enhancement differentially private federated learning framework (FedSDP) is proposed based on the shuffle model to ensure secure and efficient data sharing under the constraint of low latency in IoV. In our proposed framework, four privacy enhancement methods are proposed, including data subsampling, vehicle sampling, shuffle model and dummy points, to amplify the privacy and obtain higher learning performance. Then, a Top-K sparsification mechanism of the vehicle training process is proposed to reduce communication bits. Finally, the experimental results indicate that our approach can reduce the communication latency by 31.66%, enhance the privacy ϵc by 30.77% and improve the test accuracy by 48.56%, compared with the traditional SDP mechanism.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yijing Li,Xiaofeng Tao,Xuefei Zhang,Junjie Liu,Jin Xu

DOI: https://doi.org/10.1109/tits.2021.3081560

IF: 8.5

2021-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:In recent years, the privacy issue in Vehicular Edge Computing (VEC) has gained a lot of concern. The privacy problem is even more severe in autonomous driving business than the other businesses in VEC such as ordinary navigation. Federated learning (FL), which is a privacy-preserved strategy proposed by Google, has become a hot trend to solve the privacy problem in many fields including VEC. Therefore, we introduce FL into autonomous driving to preserve vehicular privacy by keeping original data in a local vehicle and sharing the training model parameter only with the help of MEC server. Moreover, different from the common assumption of honest MEC server and honest vehicle in former studies, we take the malicious MEC servers and malicious vehicles into account. First, we consider honest-but-curious MEC server and malicious vehicles and propose a traceable identity-based privacy preserving scheme to protect the vehicular message privacy where improved Dijk-Gentry-Halevi-Vaikutanathan (DGHV) algorithm is proposed and a blockchain-based Reputation-based Incentive Autonomous Driving Mechanism (RIADM) is adopted. Further, when the case comes to the non-credibility of both parties where semi-honest MEC server and malicious vehicles are considered, we propose an anonymous identity-based privacy preserving scheme to protect the identity privacy of vehicles with Zero-Knowledge Proof (ZKP). Based on the simulation of virtual autonomous driving based on real-world road images, it is verified that our proposes scheme can reduce 73.7 % training loss of autonomous driving, increase the accuracy to around 5.55 % while keeps effective privacy of message and identity under the threat of dishonest MEC server and vehicles.

engineering, electrical & electronic,transportation science & technology, civil

Yunbo Yang,Xiang Chen,Yuhao Pan,Jiachen Shen,Zhenfu Cao,Xiaolei Dong,Xiaoguo Li,Jianfei Sun,Guomin Yang,Robert Deng

DOI: https://doi.org/10.1109/tifs.2024.3477924

IF: 7.231

2024-10-26

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) allows multiple parties, each holding a dataset, to jointly train a model without leaking any information about their own datasets. In this paper, we focus on vertical FL (VFL). In VFL, each party holds a dataset with the same sample space and different feature spaces. All parties should first agree on the training dataset in the ID alignment phase. However, existing works may leak some information about the training dataset and cause privacy leakage. To address this issue, this paper proposes OpenVFL, a vertical federated learning framework with stronger privacy-preserving. We first propose NCLPSI, a new variant of labeled PSI, in which both parties can invoke this protocol to get the encrypted training dataset without leaking any additional information. After that, both parties train the model over the encrypted training dataset. We also formally analyze the security of OpenVFL. In addition, the experimental results show that OpenVFL achieves the best trade-offs between accuracy, performance, and privacy among the most state-of-the-art works.

computer science, theory & methods,engineering, electrical & electronic

Xue Jiang,Xuebing Zhou,Jens Grossklags

DOI: https://doi.org/10.2478/popets-2022-0045

2022-03-03

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Vertical federated learning (VFL), a variant of federated learning, has recently attracted increasing attention. An active party having the true labels jointly trains a model with other parties (referred to as passive parties ) in order to use more features to achieve higher model accuracy. During the prediction phase, all the parties collaboratively compute the predicted confidence scores of each target record and the results will be finally returned to the active party. However, a recent study by Luo et al . [28] pointed out that the active party can use these confidence scores to reconstruct passive-party features and cause severe privacy leakage. In this paper, we conduct a comprehensive analysis of privacy leakage in VFL frameworks during the prediction phase. Our study improves on previous work [28] regarding two aspects. We first design a general gradient-based reconstruction attack framework that can be flexibly applied to simple logistic regression models as well as multi-layer neural networks. Moreover, besides performing the attack under the white-box setting, we give the first attempt to conduct the attack under the black-box setting. Extensive experiments on a number of real-world datasets show that our proposed attack is effective under different settings and can achieve at best twice or thrice of a reduction of attack error compared to previous work [28]. We further analyze a list of potential mitigation approaches and compare their privacy-utility performances. Experimental results demonstrate that privacy leakage from the confidence scores is a substantial privacy risk in VFL frameworks during the prediction phase, which cannot be simply solved by crypto-based confidentiality approaches. On the other hand, processing the confidence scores with information compression and randomization approaches can provide strengthened privacy protection.

Jirui Yang,Peng Chen,Zhihui Lu,Qiang Duan,Yubing Bao

2024-06-18

Abstract:Vertical Federated Learning (VFL) facilitates collaborative machine learning without the need for participants to share raw private data. However, recent studies have revealed privacy risks where adversaries might reconstruct sensitive features through data leakage during the learning process. Although data reconstruction methods based on gradient or model information are somewhat effective, they reveal limitations in VFL application scenarios. This is because these traditional methods heavily rely on specific model structures and/or have strict limitations on application scenarios. To address this, our study introduces the Unified InverNet Framework into VFL, which yields a novel and flexible approach (dubbed UIFV) that leverages intermediate feature data to reconstruct original data, instead of relying on gradients or model details. The intermediate feature data is the feature exchanged by different participants during the inference phase of VFL. Experiments on four datasets demonstrate that our methods significantly outperform state-of-the-art techniques in attack precision. Our work exposes severe privacy vulnerabilities within VFL systems that pose real threats to practical VFL applications and thus confirms the necessity of further enhancing privacy protection in the VFL architecture.

Machine Learning,Artificial Intelligence,Cryptography and Security

Abla Smahi,Hui Li,Wang Han,Ahmed Ameen Fateh,Ching Chuen Chan

DOI: https://doi.org/10.1016/j.future.2024.02.012

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Federated Learning (FL) has gained significant traction as a promising approach to enable collaborative machine learning (ML) while safeguarding data privacy across diverse applications, with the Vehicle-to-Everything (V2X) environment being a notable use case. However, conventional FL systems remain susceptible to model poisoning attacks, wherein malicious participants can introduce inaccurate or deliberately misleading local model updates to the central aggregator. In the context of V2X, such attacks could spawn catastrophic outcomes and jeopardize safety-critical applications. To tackle this pressing concern, we introduce a privacy-preserving and verifiable FL framework, dubbed VFL-Chain, designed to facilitate secure and efficient collaboration among intelligent connected vehicles (ICVs). VFL-Chain aspires to deliver a privacy-centric, verifiable FL experience complemented by a robust incentive mechanism tailored for ICVs. Our proposed solution leverages Bulletproofs to enable efficient verification of model update integrity, which are assimilated within smart contracts on an underlying permissioned blockchain. Furthermore, VFL-Chain presents a fair incentive mechanism that rewards honest participation, fostering a resilient and efficient FL implementation. We conduct an exhaustive security analysis and performance assessment of our proposed system, which underscores its efficacy in countering data poisoning attacks and augmenting the accuracy of FL.

Zhiguo Qu,Yang Tang,Ghulam Muhammad,Prayag Tiwari

DOI: https://doi.org/10.1016/j.inffus.2023.101824

IF: 18.6

2023-05-01

Information Fusion

Abstract:Federated learning is an effective technique to solve the problem of information fusion and information sharing in intelligent vehicle networking. However, most of the existing federated learning algorithms generally have the risk of privacy leakage. To address this security risk, this paper proposes a novel personalized federated learning with privacy preservation (PDP-PFL) algorithm based on information fusion. In the first stage of its execution, the new algorithm achieves personalized privacy protection by grading users' privacy based on their privacy preferences and adding noise that satisfies their privacy preferences. In the second stage of its execution, PDP-PFL performs collaborative training of deep models among different in-vehicle terminals for personalized learning, using a lightweight dynamic convolutional network architecture without sharing the local data of each terminal. Instead of sharing all parameters of the model as that in standard federated learning, PDP-PFL keeps the last layer locally, thus adding another layer of data confidentiality and making it difficult for the adversary to infer the image of the target vehicle terminal, and train a personalized model for each vehicle terminal by "local fine-tuning." The model is "locally fine-tuned" to train a personalized model for each vehicle terminal. Based on experiments, it is shown that the accuracy of the proposed new algorithm for PDP-PFL calculation can be comparable to or better than that of the FedAvg algorithm and the FedBN algorithm, while further enhancing the protection of data privacy.

computer science, artificial intelligence, theory & methods

Yan Kang,Jiahuan Luo,Yuanqin He,Xiaojin Zhang,Lixin Fan,Qiang Yang

2024-08-05

Abstract:Federated learning (FL) has emerged as a practical solution to tackle data silo issues without compromising user privacy. One of its variants, vertical federated learning (VFL), has recently gained increasing attention as the VFL matches the enterprises' demands of leveraging more valuable features to build better machine learning models while preserving user privacy. Current works in VFL concentrate on developing a specific protection or attack mechanism for a particular VFL algorithm. In this work, we propose an evaluation framework that formulates the privacy-utility evaluation problem. We then use this framework as a guide to comprehensively evaluate a broad range of protection mechanisms against most of the state-of-the-art privacy attacks for three widely deployed VFL algorithms. These evaluations may help FL practitioners select appropriate protection mechanisms given specific requirements. Our evaluation results demonstrate that: the model inversion and most of the label inference attacks can be thwarted by existing protection mechanisms; the model completion (MC) attack is difficult to be prevented, which calls for more advanced MC-targeted protection mechanisms. Based on our evaluation results, we offer concrete advice on improving the privacy-preserving capability of VFL systems. The code is available at <a class="link-external link-https" href="https://github.com/yankang18/Attack-Defense-VFL" rel="external noopener nofollow">this https URL</a>

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Li Zhixin,Liu Yicun,Li Jiale,Ye Guangnan,Chai Hongfeng,Lu Zhihui,Wu Jie

DOI: https://doi.org/10.1051/sands/2024005

2024-01-01

Security and Safety

Abstract:Federated Learning (FL) heralds a paradigm shift in the training of artificial intelligence (AI) models by fostering collaborative model training while safeguarding client data privacy. In sectors where data sensitivity and AI model security are of paramount importance, such as fintech and biomedicine, maintaining the utility of models without compromising privacy is crucial with the growing application of artificial intelligence technologies. Therefore, the adoption of FL is attracting significant attention. However, traditional Federated Learning methods are vulnerable to Deep Leakage from Gradients (DLG) attacks, and typical defensive strategies often result in excessive computational costs or substantial decreases in model accuracy. To navigate these challenges, this research introduces VAEFL, an innovative FL framework that incorporates Variational Autoencoders (VAEs) to bolster privacy protection without undermining the predictive prowess of the models. VAEFL strategically partitions the model into a private encoder and a public decoder. The private encoder, remaining local, transmutes sensitive data into a latent space fortified for privacy, while the public decoder and classifier, through collaborative training across clients, learn to derive precise predictions from the encoded data. This bifurcation ensures that sensitive data attributes are not disclosed, circumventing gradient leakage attacks and simultaneously allowing the global model to benefit from the diverse knowledge of client datasets. Comprehensive experiments demonstrate that VAEFL not only surpasses standard FL benchmarks in privacy preservation but also maintains competitive performance in predictive tasks. VAEFL thus establishes a novel equilibrium between data privacy and model utility, offering a secure and efficient federated learning approach for the sensitive application of FL in the financial domain.

Abla Smahi,Hui Li,Yong Yang,Xin Yang,Ping Lu,Yong Zhong,Caifu Liu

DOI: https://doi.org/10.1016/j.jksuci.2023.03.020

IF: 9.006

2023-01-01

Journal of King Saud University - Computer and Information Sciences

Abstract:As part of vehicle to everything (V2X) environments, intelligent connected vehicles (ICVs) generate a large amount of data, which can be exploited securely and effectively through decentralized techniques such as federated learning (FL). Existing FL systems, however, are vulnerable to attacks and barely meet the security requirements for real-world applications. If malicious or compromised ICVs upload inaccurate or low-quality local model updates to the central aggregator, they may reduce the accuracy of the global model, thereby reducing drivers safety and efficiency. This paper aims to alleviate these concerns by presenting BV-ICVs, a blockchain-enabled and privacy-preserving FL framework for ICVs in an edge-envisioned V2X environment. This system uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zkSNARKs) verification that is compiled as smart contracts to prevent malicious, compromised or even rational ICVs from uploading unreliable, erroneous or low-quality model updates. The verification process is embedded within the consensus of the underlying permissioned blockchain, which maximizes both the efficiency of the process and the utilization of computer resources. As demonstrated by discussions, security analysis, and numerical results, BV-ICVs reduced data poisoning attacks and increased the privacy protection and accuracy of FL.

Derui Zhu,Jinfu Chen,Xuebing Zhou,Weiyi Shang,Ahmed E. Hassan,Jens Grossklags

DOI: https://doi.org/10.1109/tifs.2024.3361813

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Vertical federated learning (VFL) is an increasingly popular, yet understudied, collaborative learning technique. In VFL, features and labels are distributed among different participants allowing for various innovative applications in business domains, e.g., online marketing. When deploying VFL, training data (labels and features) from each participant ought to be protected; however, very few studies have investigated the vulnerability of data protection in the VFL training stage. In this paper, we propose a posterior-difference-based data attack, VFLRecon, reconstructing labels and features to examine this problem. Our experiments show that standard VFL is highly vulnerable to serious privacy threats, with reconstruction achieving up to 92% label accuracy and 0.05 feature MSE, compared to our baseline with 55% label accuracy and 0.19 feature MSE. Even worse, this privacy risk remains during standard operations (e.g., encrypted aggregation) that appear to be safe. We also systematically analyze data leakage risks in the VFL training stage across diverse data modalities (i.e., tabular data and images), different training frameworks (i.e., with or without encryption techniques), and a wide range of training hyperparameters. To mitigate this risk, we design a novel defense mechanism, VFLDefender, dedicated to obfuscating the correlation between bottom model changes and labels (features) during training. The experimental results demonstrate that VFLDefender prevents reconstruction attacks during standard encryption operations (around 17% more effective than standard encryption operations).

computer science, theory & methods,engineering, electrical & electronic

Shengwei Xu,Runsheng Liu

DOI: https://doi.org/10.3390/e26070590

2024-07-10

Abstract:With the rapid development of artificial intelligence and Internet of Things (IoT) technologies, automotive companies are integrating federated learning into connected vehicles to provide users with smarter services. Federated learning enables vehicles to collaboratively train a global model without sharing sensitive local data, thereby mitigating privacy risks. However, the dynamic and open nature of the Internet of Vehicles (IoV) makes it vulnerable to potential attacks, where attackers may intercept or tamper with transmitted local model parameters, compromising their integrity and exposing user privacy. Although existing solutions like differential privacy and encryption can address these issues, they may reduce data usability or increase computational complexity. To tackle these challenges, we propose a conditional privacy-preserving identity-authentication scheme, CPPA-SM2, to provide privacy protection for federated learning. Unlike existing methods, CPPA-SM2 allows vehicles to participate in training anonymously, thereby achieving efficient privacy protection. Performance evaluations and experimental results demonstrate that, compared to state-of-the-art schemes, CPPA-SM2 significantly reduces the overhead of signing, verification and communication while achieving more security features.

Lei Yu,Meng Han,Yiming Li,Changting Lin,Yao Zhang,Mingyang Zhang,Yan Liu,Haiqin Weng,Yuseok Jeon,Ka-Ho Chow,Stacy Patterson

2024-02-06

Abstract:Vertical Federated Learning (VFL) is a federated learning paradigm where multiple participants, who share the same set of samples but hold different features, jointly train machine learning models. Although VFL enables collaborative machine learning without sharing raw data, it is still susceptible to various privacy threats. In this paper, we conduct the first comprehensive survey of the state-of-the-art in privacy attacks and defenses in VFL. We provide taxonomies for both attacks and defenses, based on their characterizations, and discuss open challenges and future research directions. Specifically, our discussion is structured around the model's life cycle, by delving into the privacy threats encountered during different stages of machine learning and their corresponding countermeasures. This survey not only serves as a resource for the research community but also offers clear guidance and actionable insights for practitioners to safeguard data privacy throughout the model's life cycle.

Cryptography and Security,Artificial Intelligence,Machine Learning

Fangcheng Fu,Huanran Xue,Yong Cheng,Yangyu Tao,Bin Cui

DOI: https://doi.org/10.1145/3514221.3526127

2022-01-01

Abstract:Due to the rising concerns on privacy protection, how to build machine learning (ML) models over different data sources with security guarantees is gaining more popularity. Vertical federated learning (VFL) describes such a case where ML models are built upon the private data of different participated parties that own disjoint features for the same set of instances, which fits many real-world collaborative tasks. Nevertheless, we find that existing solutions for VFL either support limited kinds of input features or suffer from potential data leakage during the federated execution. To this end, this paper aims to investigate both the functionality and security of ML modes in the VFL scenario. To be specific, we introduce BlindFL, a novel framework for VFL training and inference. First, to address the functionality of VFL models, we propose the federated source layers to unite the data from different parties. Various kinds of features can be supported efficiently by the federated source layers, including dense, sparse, numerical, and categorical features. Second, we carefully analyze the security during the federated execution and formalize the privacy requirements. Based on the analysis, we devise secure and accurate algorithm protocols, and further prove the security guarantees under the ideal-real simulation paradigm. Extensive experiments show that BlindFL supports diverse datasets and models efficiently whilst achieves robust privacy guarantees.

Abla Smahi,Hui Li,Yong Yang,Xin Yang,Ping Lu,Yong Zhong,Caifu Liu

DOI: https://doi.org/10.1016/j.jksuci.2023.03.020

IF: 9.006

2023-04-13

Journal of King Saud University - Computer and Information Sciences

Abstract:As part of vehicle to everything (V2X) environments, intelligent connected vehicles (ICVs) generate a large amount of data, which can be exploited securely and effectively through decentralized techniques such as federated learning (FL). Existing FL systems, however, are vulnerable to attacks and barely meet the security requirements for real-world applications. If malicious or compromised ICVs upload inaccurate or low-quality local model updates to the central aggregator, they may reduce the accuracy of the global model, thereby reducing drivers safety and efficiency. This paper aims to alleviate these concerns by presenting BV-ICVs, a blockchain-enabled and privacy-preserving FL framework for ICVs in an edge-envisioned V2X environment. This system uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zkSNARKs) verification that is compiled as smart contracts to prevent malicious, compromised or even rational ICVs from uploading unreliable, erroneous or low-quality model updates. The verification process is embedded within the consensus of the underlying permissioned blockchain, which maximizes both the efficiency of the process and the utilization of computer resources. As demonstrated by discussions, security analysis, and numerical results, BV-ICVs reduced data poisoning attacks and increased the privacy protection and accuracy of FL.

computer science, information systems

Yuhan Chen,Zhibo Liu,Xiaozhen Lu,Liang Xiao

DOI: https://doi.org/10.1109/wcnc57260.2024.10571032

IF: 6.075

2024-01-01

IEEE Transactions on Mobile Computing

Abstract:Federated learning helps protect data privacy for Internet of vehicles (Io V) by selecting a number of participated nodes but suffers from performance degradation such as low model training accuracy in the highly dynamic and large-scale Io V systems under selfish attacks. In this paper, we propose a risk-aware reinforcement learning based federated learning framework against selfish attacks for Io V,which jointly optimizes the training policy (i.e., the selection of participated vehicles and the corresponding local training data size) based on the state including the global model training accuracy, local model quality, training latency, data rate, and participation rate. By designing a punishment function to evaluate the immediate risk of each choosing training policy, this scheme avoids risky policies that result in extremely low training accuracy and high training latency to satisfy the requirements of local tasks such as the quality of service requirements. An evaluated neural network involved fully connected layers is designed to fast extract the global and local training features and thus accelerate the convergence speed. Experimental results based on both the MNIST and CIFAR-10 datasets verify that our scheme outperforms the benchmarks with higher training accuracy and less training latency.

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wensheng Xia,Ying Li,Lan Zhang,Zhonghai Wu,Xiaoyong Yuan

DOI: https://doi.org/10.1109/TBDATA.2022.3231277

2023-01-01

IEEE Transactions on Big Data

Abstract:Vertical federated learning (VFL) enables collaborative machine learning on vertically partitioned data with privacy-preservation. Most VFL methods face three daunting challenges in real-world applications. First, most existing VFL methods assume that at least one party holds the complete set of labels of all data samples. However, this assumption often violates the nature of many practical scenarios, where the parties only have partial labels. Second, the heterogeneity and dynamic of computational and communication resources in participated parties may cause the straggler problem and slow down training convergence. Third, the confidential label information could be exposed through malicious parties during VFL. To address these challenges, we propose a novel VFL algorithm named Cascade Vertical Federated Learning (CVFL), in which partitioned labels can be fully utilized to train neural networks with privacy-preservation. To mitigate the straggler problem, we design a novel optimization objective to increase straggler's contribution to the trained models. To mitigate the label privacy risks, we design a novel defense approach to protect the label privacy of CVFL. We conduct comprehensive experiments and the results demonstrate the effectiveness and efficiency of CVFL. Further, the proposed defense approach can achieve a better tradeoff between label privacy and model utility than two widely-used defense approaches.

Chulin Xie,Pin-Yu Chen,Qinbin Li,Arash Nourian,Ce Zhang,Bo Li

2024-04-07

Abstract:Federated learning (FL) enables distributed resource-constrained devices to jointly train shared models while keeping the training data local for privacy purposes. Vertical FL (VFL), which allows each client to collect partial features, has attracted intensive research efforts recently. We identified the main challenges that existing VFL frameworks are facing: the server needs to communicate gradients with the clients for each training step, incurring high communication cost that leads to rapid consumption of privacy budgets. To address these challenges, in this paper, we introduce a VFL framework with multiple heads (VIM), which takes the separate contribution of each client into account, and enables an efficient decomposition of the VFL optimization objective to sub-objectives that can be iteratively tackled by the server and the clients on their own. In particular, we propose an Alternating Direction Method of Multipliers (ADMM)-based method to solve our optimization problem, which allows clients to conduct multiple local updates before communication, and thus reduces the communication cost and leads to better performance under differential privacy (DP). We provide the user-level DP mechanism for our framework to protect user privacy. Moreover, we show that a byproduct of VIM is that the weights of learned heads reflect the importance of local clients. We conduct extensive evaluations and show that on four vertical FL datasets, VIM achieves significantly higher performance and faster convergence compared with the state-of-the-art. We also explicitly evaluate the importance of local clients and show that VIM enables functionalities such as client-level explanation and client denoising. We hope this work will shed light on a new way of effective VFL training and understanding.

Machine Learning,Cryptography and Security