Secure vertical fe derate d learning base d on feature disentanglement

Federated learning (FL) faces many security threats. Although multiple robust FL frameworks have been proposed to defend against these malicious attacks in horizontal federated learning (HFL), security issues in vertical federated learning (VFL) have not been adequately studied. Recent studies show that VFL is vulnerable to inference attacks (e.g., label inference attacks), which puts VFL at risk. To solve this prob-lem, we propose a new VFL framework SVFL (Secure Vertical Federated Learning) to defend against privacy breaches inspired by feature disentanglement. Specifically, in SVFL, the bottom models are feature extrac-tors to extract samples' features in the high-dimensional space, and the top model sews samples' features of the same sample ID. Then, disentangling the samples' features into the class-relevant feature and class -irrelevant one via two classifiers: one is to recognize the class-relevant feature by regular training, and another is to recognize the class-irrelevant feature by adversarial training. Our experiments show that SVFL not only defends against label inference attacks, no matter how many samples features a malicious participant occupies, but also improves the global model's accuracy. Therefore, SVFL provides a privacy security guarantee for the vertical federated learning system.(c) 2023 Elsevier B.V. All rights reserved.