Abstract
Vertical Federated Learning (VFL) enables collaborative model training across organizations that share common user samples but hold disjoint feature spaces. Despite its potential, VFL is susceptible to feature inference attacks, in which adversarial parties exploit shared confidence scores (i.e., prediction probabilities) during inference to reconstruct private input features of other participants. To counter this threat, we propose PRIVEE (PRIvacy-preserving Vertical fEderated lEarning), a novel defense mechanism named after the French word privée, meaning "private." PRIVEE obfuscates confidence scores while preserving critical properties such as relative ranking and inter-score distances. Rather than exposing raw scores, PRIVEE shares only the transformed representations, mitigating the risk of reconstruction attacks without degrading model prediction accuracy. Extensive experiments show that PRIVEE achieves a threefold improvement in privacy protection compared to state-of-the-art defenses, while preserving full predictive performance against advanced feature inference attacks.
Abstract (translated)
垂直联合学习(Vertical Federated Learning,VFL)允许拥有共同用户样本但特征空间不相交的组织之间进行协作模型训练。尽管它具有潜力,但是VFL容易遭受特征推理攻击,在这种攻击中,敌对方利用推理过程中共享的信心分数(即预测概率),来重构其他参与者的私人输入特征。为应对这一威胁,我们提出了PRIVEE(PRIvacy-preserving Vertical fEderated LEarning),这是一种新颖的防御机制,名称来源于法语词privée,意为“私人的”。PRIVEE在保持相对排名和分数间距离等关键特性的同时混淆了信心分数,避免了直接暴露原始分数。通过仅分享转换后的表示形式,PRIVEE可以降低重构攻击的风险而不影响模型预测准确性。广泛的实验表明,与最先进的防御方法相比,PRIVEE的隐私保护提高了三倍,并且在面对高级特征推理攻击时仍保持完整的预测性能。
URL
https://arxiv.org/abs/2512.12840
