Vertical federated learning aims to privately train collaborative machine learning models across data silos which contain different features for the same set of entities. It delicately designs secure protocols among participants to prevent data leakage from intermediate results in the federated process. These protocols have proven to be secure when all participants are semi-honest. However, we reveal that that when some internal roles or components of these participants are comprised, the VFL systems is easy to be attacked. In this paper, we take the initiative to solve this problem by proposing Aegis, a practical, trustful and efficient verification framework. Aegis is a gateway plus endhost solution to be trustful when the endhost components are compromised. By combining both online a...[ Read more ]

Vertical federated learning aims to privately train collaborative machine learning models across data silos which contain different features for the same set of entities. It delicately designs secure protocols among participants to prevent data leakage from intermediate results in the federated process. These protocols have proven to be secure when all participants are semi-honest. However, we reveal that that when some internal roles or components of these participants are comprised, the VFL systems is easy to be attacked. In this paper, we take the initiative to solve this problem by proposing Aegis, a practical, trustful and efficient verification framework. Aegis is a gateway plus endhost solution to be trustful when the endhost components are compromised. By combining both online and offline verification, Aegis is highly efficient and can verify if the VFL system is under attacks as early as possible. Furthermore, Aegis is fully compatible with existing VFL systems without modifying any existing VFL protocols. We implement Aegis with FATE and evaluate Aegis with real-world VFL algorithms and datasets. Evaluation results show that Aegis can detect 88.9%% attacks with 1) online verification by adding < 0.1% total time and 2) offline verification by reducing up to 63.27% task running time.