Abstract
Vertical Federated Learning (VFL) is a category of Federated Learning inwhich models are trained collaboratively among parties with verticallypartitioned data. Typically, in a VFL scenario, the labels of the samples arekept private from all the parties except for the aggregating server, that isthe label owner. Nevertheless, recent works discovered that by exploitinggradient information returned by the server to bottom models, with theknowledge of only a small set of auxiliary labels on a very limited subset oftraining data points, an adversary can infer the private labels. These attacksare known as label inference attacks in VFL. In our work, we propose a novelframework called KDk, that combines Knowledge Distillation and k-anonymity toprovide a defense mechanism against potential label inference attacks in a VFLscenario. Through an exhaustive experimental campaign we demonstrate that byapplying our approach, the performance of the analyzed label inference attacksdecreases consistently, even by more than 60%, maintaining the accuracy of thewhole VFL almost unaltered.