URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning
Duanyi Yao
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Federated Learning 1
This talk introduces **URVFL (Undetectable Data Reconstruction Attack on Vertical Federated Learning)**, a novel and potent data reconstruction attack designed to operate stealthily against Vertical Federated Learning (VFL) systems. Presented by Duanyi Yao, this research, a collaborative effort with Suni Shangongo and Ging Pan, addresses a critical vulnerability in VFL: the ability of a malicious active client to reconstruct private data features from passive clients, even when robust detection mechanisms are in place. The core innovation lies in its capacity to generate malicious gradients that are indistinguishable from benign ones, thereby evading state-of-the-art detection strategies.
AI review
Solid, novel attack research on a real and underexplored threat surface. URVFL's core contribution — using a Discriminator with Auxiliary Classifier to minimize joint embedding-label distribution and generate gradients that evade current detectors — is technically genuine and not something I've seen done cleanly before in the VFL attack literature. The numbers back it up and the threat model is honest about its assumptions.