TY - GEN
T1 - A Practical Clean-Label Backdoor Attack with Limited Information in Vertical Federated Learning
AU - Chen, Peng
AU - Yang, Jirui
AU - Lin, Junxiong
AU - Lu, Zhihui
AU - Duan, Qiang
AU - Chai, Hongfeng
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Vertical Federated Learning (VFL) facilitates collaboration on model training among multiple parties, each owning partitioned features of the distributed dataset. Although backdoor attacks have been found as one of the main threats to FL security, research on backdoor attacks in VFL is still in the infant stage. Existing methods for VFL backdoor attacks rely on predicting sample pseudo-labels using approaches such as label inference, which require substantial additional information not readily available in practical FL scenarios. To evaluate the practical vulnerability of VFL to backdoor attacks, we present a target-efficient clean backdoor (TECB) attack for VFL. The TECB approach consists of two phases - i) Clean Backdoor Poisoning (CBP) and Target Gradient Alignment (TGA). In the CBP phase, the adversary trains a backdoor trigger and poisons the model during VFL training. The poisoned model is further fine-tuned in the TGA phase to enhance its efficacy in complex multi-classification tasks. Compared to the existing methods, the proposed TECB achieves a highly effective backdoor attack with very limited information about the target class samples, which is more practical in typical VFL settings. Experimental results verify the superior performance of TECB, achieving above 97% attack success rate (ASR) on three widely used datasets (CIFAR10, CIFAR100, and CINIC-10) with only 0.1% of target labels known, which outperforms the state-of-the-art attack methods. This study uncovers the potential backdoor risks in VFL, enabling the development of secure VFL applications in areas like finance, healthcare, and beyond. Source code is available at: https://github.com/13thDayOLunarMay/TECB-attack
AB - Vertical Federated Learning (VFL) facilitates collaboration on model training among multiple parties, each owning partitioned features of the distributed dataset. Although backdoor attacks have been found as one of the main threats to FL security, research on backdoor attacks in VFL is still in the infant stage. Existing methods for VFL backdoor attacks rely on predicting sample pseudo-labels using approaches such as label inference, which require substantial additional information not readily available in practical FL scenarios. To evaluate the practical vulnerability of VFL to backdoor attacks, we present a target-efficient clean backdoor (TECB) attack for VFL. The TECB approach consists of two phases - i) Clean Backdoor Poisoning (CBP) and Target Gradient Alignment (TGA). In the CBP phase, the adversary trains a backdoor trigger and poisons the model during VFL training. The poisoned model is further fine-tuned in the TGA phase to enhance its efficacy in complex multi-classification tasks. Compared to the existing methods, the proposed TECB achieves a highly effective backdoor attack with very limited information about the target class samples, which is more practical in typical VFL settings. Experimental results verify the superior performance of TECB, achieving above 97% attack success rate (ASR) on three widely used datasets (CIFAR10, CIFAR100, and CINIC-10) with only 0.1% of target labels known, which outperforms the state-of-the-art attack methods. This study uncovers the potential backdoor risks in VFL, enabling the development of secure VFL applications in areas like finance, healthcare, and beyond. Source code is available at: https://github.com/13thDayOLunarMay/TECB-attack
UR - http://www.scopus.com/inward/record.url?scp=85185403559&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85185403559&partnerID=8YFLogxK
U2 - 10.1109/ICDM58522.2023.00013
DO - 10.1109/ICDM58522.2023.00013
M3 - Conference contribution
AN - SCOPUS:85185403559
T3 - Proceedings - IEEE International Conference on Data Mining, ICDM
SP - 41
EP - 50
BT - Proceedings - 23rd IEEE International Conference on Data Mining, ICDM 2023
A2 - Chen, Guihai
A2 - Khan, Latifur
A2 - Gao, Xiaofeng
A2 - Qiu, Meikang
A2 - Pedrycz, Witold
A2 - Wu, Xindong
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 23rd IEEE International Conference on Data Mining, ICDM 2023
Y2 - 1 December 2023 through 4 December 2023
ER -