• Corpus ID: 237091516

Aegis: A Trusted, Automatic and Accurate Verification Framework for Vertical Federated Learning

@article{Zhang2021AegisAT,
  title={Aegis: A Trusted, Automatic and Accurate Verification Framework for Vertical Federated Learning},
  author={Cengguang Zhang and Junxue Zhang and Di Chai and Kai Chen},
  journal={ArXiv},
  year={2021},
  volume={abs/2108.06958}
}
Vertical federated learning (VFL) leverages various privacy-preserving algorithms, e.g., homomorphic encryption or secret sharing based SecureBoost, to ensure data privacy. However, these algorithms all require a semi-honest secure definition, which raises concerns in real-world applications. In this paper, we present Aegis, a trusted, automatic, and accurate verification framework to verify the security of VFL jobs. Aegis is separated from local parties to ensure the security of the framework… 

Figures and Tables from this paper

References

SHOWING 1-10 OF 14 REFERENCES

SecureBoost: A Lossless Federated Learning Framework

TLDR
The SecureBoost framework is shown to be as accurate as other nonfederated gradient tree-boosting algorithms that require centralized data, and thus, it is highly scalable and practical for industrial applications such as credit risk analysis.

Privacy preserving vertical federated learning for tree-based models

TLDR
This paper proposes Pivot, a novel solution for privacy preserving vertical decision tree training and prediction, ensuring that no intermediate information is disclosed other than those the clients have agreed to release (i.e., the final tree model and the prediction output).

Privacy and Robustness in Federated Learning: Attacks and Defenses

TLDR
This paper conducts the first comprehensive survey on federated learning, and provides a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defense against robustness; 3) inference attacks and defenses against privacy.

DBA: Distributed Backdoor Attacks against Federated Learning

TLDR
The distributed backdoor attack (DBA) is proposed --- a novel threat assessment framework developed by fully exploiting the distributed nature of FL that can evade two state-of-the-art robust FL algorithms against centralized backdoors.

Secure Federated Matrix Factorization

TLDR
A secure matrix factorization framework under the federated learning setting, called FedMF, is proposed where the model can be learned when each user only uploads the gradient information to the server, and it is proved that it could still leak users’ raw data.

Federated Singular Vector Decomposition

TLDR
This paper proposes the first masking-based federated singular vector decomposition method, called FedSVD, which has lossless results, high confidentiality, and excellent scalability, and provides privacy proof showing thatFedSVD has guaranteed data confidentiality.

How To Backdoor Federated Learning

TLDR
This work designs and evaluates a new model-poisoning methodology based on model replacement and demonstrates that any participant in federated learning can introduce hidden backdoor functionality into the joint global model, e.g., to ensure that an image classifier assigns an attacker-chosen label to images with certain features.

FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping

TLDR
This work proposes FLTrust, a new federated learning method in which the service provider itself bootstraps trust and normalization limits the impact of malicious local model updates with large magnitudes.

Federated Machine Learning: Concept and Applications

TLDR
This work proposes building data networks among organizations based on federated mechanisms as an effective solution to allow knowledge to be shared without compromising user privacy.

Local Model Poisoning Attacks to Byzantine-Robust Federated Learning

TLDR
This work performs the first systematic study on local model poisoning attacks to federated learning, assuming an attacker has compromised some client devices, and the attacker manipulates the local model parameters on the compromised client devices during the learning process such that the global model has a large testing error rate.