Share your thoughts, 1 month free Claude Pro on usSee more
WorkDL logo mark

PRIVEE: Privacy-Preserving Vertical Federated Learning Against Feature Inference Attacks

About

Vertical Federated Learning (VFL) enables collaborative model training across organizations that share common user samples but hold disjoint feature spaces. Despite its potential, VFL is susceptible to feature inference attacks, in which adversarial parties exploit shared confidence scores (i.e., prediction probabilities) during inference to reconstruct private input features of other participants. To counter this threat, we propose PRIVEE (PRIvacy-preserving Vertical fEderated lEarning), a novel defense mechanism named after the French word priv\'ee, meaning "private." PRIVEE obfuscates confidence scores while preserving critical properties such as relative ranking and inter-score distances. Rather than exposing raw scores, PRIVEE shares only the transformed representations, mitigating the risk of reconstruction attacks without degrading model prediction accuracy. Extensive experiments show that PRIVEE achieves a threefold improvement in privacy protection compared to state-of-the-art defenses, while preserving full predictive performance against advanced feature inference attacks.

Sindhuja Madabushi, Ahmad Faraz Khan, Haider Ali, Ananthram Swami, Rui Ning, Hongyi Wu, Jin-Hee Cho• 2025

Related benchmarks

TaskDatasetResultRank
Gradient Inversion AttackCIFAR-10--
35
Gradient Inversion AttackMNIST
MSE2.635
24
Gradient Inversion AttackCIFAR-100
MSE0.107
16
GRN AttackCIFAR10
MSE2.064
16
GRN AttackDrive Diagnosis
MSE2.396
16
GRN AttackAdult Income
MSE3.832
16
Feature Inference Attack (GRN)CIFAR100
MSE0.115
8
Gradient Reconstruction AttackCIFAR100 Attack Strength = 25% (test)
MSE0.148
8
Feature Inference Attack (GRN)MNIST
MSE2.498
8
Gradient Inversion AttackMNIST Attack Strength = 75% (test)
MSE (GIA)24.791
8
Showing 10 of 17 rows

Other info

Follow for update