Vertical collaborative learning system also known as vertical federated learning (VFL) system has recently become prominent as a concept to process data distributed across many individual sources without the need to centralize it. Multiple participants collaboratively train models based on their local data in a privacy-preserving manner. To date, VFL has become a de facto solution to securely learn a model among organizations, allowing knowledge to be shared without compromising privacy of any individual organizations. Despite the prosperous development of VFL systems, we find that certain inputs of a participant, named adversarial dominating inputs (ADIs), can dominate the joint inference towards the direction of the adversary's will and force other (victim) participants to make negligible contributions, losing rewards that are usually offered regarding the importance of their contributions in collaborative learning scenarios. We conduct a systematic study on ADIs by first proving their existence in typical VFL systems. We then propose gradient-based methods to synthesize ADIs of various formats and exploit common VFL systems. We further launch greybox fuzz testing, guided by the resiliency score of "victim" participants, to perturb adversary-controlled inputs and systematically explore the VFL attack surface in a privacy-preserving manner. We conduct an in-depth study on the influence of critical parameters and settings in synthesizing ADIs. Our study reveals new VFL attack opportunities, promoting the identification of unknown threats before breaches and building more secure VFL systems.
翻译:多个参与者以保密方式合作培训基于其当地数据的模式。迄今为止,VFL已经成为各组织安全学习模式的实际解决办法,允许在不损害任何个别组织的隐私的情况下分享知识。尽管VFL系统的发展十分繁荣,但我们发现,一位参与者的某些投入,即称为对抗性主导性投入(ADIs),可以主导联合推论,走向对手意志的方向,迫使其他(受害者)参与者作出微不足道的贡献,失去通常因其在合作学习情景中所作贡献的重要性而得到的奖励。我们首先通过证明在典型VFL系统中的存在,对ADI进行系统化研究,然后我们提出基于梯度的方法,以综合不同格式的ADI并利用通用VFL系统。我们还在“受害者”参与者的弹性评分的指导下,进一步推出灰箱烟雾测试,以建立敌人意志,并迫使其他(受害者)参与者做出微不足道的贡献,在合作学习情景中通常对其贡献的重要性给予奖励。我们首先在典型VFLL系统系统中的存在,对A的精确度进行系统影响进行系统化研究。我们用不精确度研究,对VFLFL系统进行精确度评估,对攻击的精确度评估。