JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2026, Vol. 61 ›› Issue (3): 29-43.doi: 10.6040/j.issn.1671-9352.9.2025.004

Previous Articles    

Secure weighted aggregation for VFL with malicious passive parties

ZHANG Zhengyin1,2,3, WANG Lingling1,2*, HUANG Mei1,2, ZHANG Yuxing1,2, SONG Jiaorong1,2   

  1. 1. School of Information Science and Technology, Qingdao 266042, Shandong, China;
    2. Qingdao University of Science and Technology, Qingdao 266042, Shandong, China;
    3. Yantai City College of Science and Technology, Yantai 265500, Shandong, China
  • Published:2026-03-18

PDF (PC)

4

Abstract: Considering the problem that untrustworthy participants in vertical federated learning launch data poisoning attacks to hinder model training, and that semi-honest participants launch inference attacks to steal privacy information of other participants, a securely weighted aggregation scheme for vertical federated learning with malicious passive parties is proposed. First, a utility evaluation algorithm is combined to defend against data poisoning attacks, and the maximum tolerance distance is designed to filter the poisoned embedding vectors; Second, an adaptive weight calculation algorithm is designed to ensure that the model can still effectively resist data poisoning attacks and maintain high convergence rate and accuracy in long-tailed data scenarios. Finally, the masking mechanism and symmetric homomorphic encryption algorithm are utilized to protect the privacy of embedding vectors against privacy inference attacks. Theoretical analysis and simulation results show that the proposed protocols has better computational efficiency and model performance, can effectively resist privacy inference attacks and data poisoning attacks, and improves the model accuracy by about 5%-10% compared with the latest related work.

Key words: vertical federated learning, data poisoning attacks, privacy inference attack, long-tail data

CLC Number: 

  • TP309.2
[1] MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C] //Proceedings of Artificial Intelligence and Statistics. Cambridge: PMLR, 2017:1273-1282.
[2] ROMANINI D, HALL A J, PAPADOPOULOS P, et al. Pyvertical: a vertical federated learning framework for multi-headed splitnn[EB/OL]. arXiv: https://arxiv.org/abs/2104.00489.
[3] LUO X J, WU Y C, XIAO X K, et al. Feature inference attack on model predictions in vertical federated learning[C] //2021 IEEE 37th International Conference on Data Engineering(ICDE). Chania: IEEE, 2021:181-192.
[4] ERDOGAN E, KÜPÇÜA, ÇIÇEK A E. UnSplit: data-oblivious model inversion, model stealing, and label inference attacks against split learning[C] //Proceedings of the 21st Workshop on Privacy in the Electronic Society. Los Angeles: ACM, 2022:115-124.
[5] LIU Z L, CHEN Y Y, YU H, et al. GTG-shapley: efficient and accurate participant contribution evaluation in federated learning[J]. ACM Transactions on Intelligent Systems and Technology, 2022, 13(4):1-21.
[6] 王勇,李国良,李开宇. 联邦学习贡献评估综述[J]. 软件学报,2023,34(3):1168-1192. WANG Yong, LI Guoliang, LI Kaiyu. Survey on contribution evaluation for federated learning [J]. Journal of Software, 2023, 34(3):1168-1192.
[7] BONAWITZ K, IVANOV V, KREUTER B, et al. Practical secure aggregation for privacy-preserving machine learning[C] //Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Dallas: ACM, 2017:1175-1191.
[8] MAHDIKHANI H, LU R X, ZHENG Y D, et al. Achieving O(log3n)communication-efficient privacy-preserving range query in fog-based IoT[J]. IEEE Internet of Things Journal, 2020, 7(6):5220-5232.
[9] SHEN S Q, TOPLE S, SAXENA P. Auror: defending against poisoning attacks in collaborative deep learning systems[C] //Proceedings of the 32nd Annual Conference on Computer Security Applications. Los Angeles California: ACM, 2016:508-519.
[10] FUNG C, YOON C J M, BESCHASTNIKH I. The limitations of federated learning in sybil settings [C] //Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses(RAID 2020). 2020:301-316.
[11] ANDREINA S, MARSON G A, MOLLERING H, et al. BaFFLe: backdoor detection via feedback-based federated learning[C] //2021 IEEE 41st International Conference on Distributed Computing Systems(ICDCS). Washingtom: IEEE, 2021:852-863.
[12] ZHAO L C, WANG Q, ZOU Q, et al. Privacy-preserving collaborative deep learning with unreliable participants[J]. IEEE Transactions on Information Forensics and Security, 2019, 15:1486-1500.
[13] QIU P, ZHANG X, JI S, et al. Hijack vertical federated learning models with adversarial embedding[EB/OL]. arXiv: https://arxiv.org/abs/2212.00322.
[14] HE Y, SHEN Z L, HUA J Y, et al. Backdoor attack against split neural network-based vertical federated learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 19:748-763.
[15] WANG S, GAI K K, YU J, et al. BDVFL: blockchain-based decentralized vertical federated learning[C] //2023 IEEE International Conference on Data Mining(ICDM). Shanghai: IEEE, 2023:628-637.
[16] GAO X, ZHANG L. PCAT: functionality and data stealing from split learning by pseudo-client attack[C] //Proceedings of the 32nd USENIX Security Symposium, 2023:5271-5288.
[17] SATHYA S S, VEPAKOMMA P, RASKAR R, et al. A review of homomorphic encryption libraries for secure computation[EB/OL]. arXiv: https://arxiv.org/abs/1812.02428.
[18] BOYLE E, GILBOA N, ISHAI Y. Function secret sharing: improvements and extensions[C] //Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna: ACM, 2016:1292-1303.
[19] HUANG Y M, WANG W W, ZHAO X Y, et al. EFMVFL: an efficient and flexible multi-party vertical federated learning without a third party[J]. ACM Transactions on Knowledge Discovery from Data, 2024, 18(3):1-20.
[20] CAI S W, CHAI D, YANG L, et al. Secure forward aggregation for vertical federated neural networks[M] //Trustworthy Federated Learning. Cham: Springer, 2023:115-129.
[21] FU F C, XUE H R, CHENG Y, et al. BlindFL: vertical federated machine learning without peeking into your data[C] //Proceedings of the 2022 International Conference on Management of Data. Philadelphia: ACM, 2022:1316-1330.
[22] SUN H, ZHANG Y, LI M X, et al. FLFHNN: an efficient and flexible vertical federated learning framework for heterogeneous neural network[M] //Wireless Algorithms, Systems, and Applications. Cham: Springer Nature, 2022:338-350.
[23] CHEN T Y, JIN X, SUN Y J, et al. Vertical asynchronous federated learning: algorithms and theoretic guarantees[M] //Federated Learning. Amsterdam: Elsevier, 2024:199-217.
[24] THAPA C, MAHAWAGA ARACHCHIGE P C, CAMTEPE S, et al. SplitFed: when federated learning meets split learning[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2022, 36(8):8485-8493.
[25] XU D P, YUAN S H, WU X T. Achieving differential privacy in vertically partitioned multiparty learning[C] //2021 IEEE International Conference on Big Data(Big Data). Orlando: IEEE, 2021:5474-5483.
[26] SHI H R, XU Y H, JIANG Y L, et al. Efficient asynchronous multi-participant vertical federated learning[J]. IEEE Transactions on Big Data, 2024, 10(6):940-952.
[27] LI S, YAO D, LIU J. FedVS: straggler-resilient and privacy-preserving vertical federated learning for split models[C] //Proceedings of the International Conference on Machine Learning. Cambridge: PMLR, 2023:20296-20311.
[28] WANG S, GAI K, YU J, et al. VFedMH: vertical federated learning for training multi-party heterogeneous models[J]. [2024-10-15] https://arxiv.org/abs/2310.13367.
[29] MISHRA P, LEHMKUHL R, SRINIVASAN A, et al. Delphi: a cryptographic inference service for neural networks[C] //Proceedings of the 29th USENIX Security Symposium. Los Alamitos: IEEE, 2020:2505-2522.
[30] XIA W S, LI Y, ZHANG L, et al. Cascade vertical federated learning towards straggler mitigation and label privacy over distributed labels[J]. IEEE Transactions on Big Data, 2024, 10(6):926-939.
[1] Chao ZHANG,Ying LIANG,Hao-shan FANG. Social network information recommendation method of supporting privacy protection [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(3): 9-18.
[2] Xiao-jie XIE,Ying LIANG,Xiang-xiang DONG. Sensitive attribute iterative inference method for social network users [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 10-17, 27.
[3] Tian-tian CHANG,Xing-shu CHEN,Yong-gang LUO,Xiao LAN. Security domain-based data isolation protection framework for Hive [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 1-9.
[4] LIU Zheng, NIU Fang-lin, QIAN Da-xing, CAI Xi-biao, GUO Ying. Design of anti-eavesdropping code based on fountain codes [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(7): 60-64.
[5] LIU Biao, LU Zhe, HUANG Yu-wei, JIAO Meng, LI Quan-qi, XUE Rui. Comparative study on neural network structures in power analysis [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(1): 60-66.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd