Vertical federated learning (VFL) is attracting much attention because it enables cross-silo data cooperation in a privacy-preserving manner. While most research works in VFL focus on linear and tree models, deep models (e.g., neural networks) are not well studied in VFL. In this paper, we focus on SplitNN, a well-known neural network framework in VFL, and identify a trade-off between data security and model performance in SplitNN. Briefly, SplitNN trains the model by exchanging gradients and transformed data. On the one hand, SplitNN suffers from the loss of model performance since multiply parties jointly train the model using transformed data instead of raw data, and a large amount of low-level feature information is discarded. On the other hand, a naive solution of increasing the model performance through aggregating at lower layers in SplitNN (i.e., the data is less transformed and more low-level feature is preserved) makes raw data vulnerable to inference attacks. To mitigate the above trade-off, we propose a new neural network protocol in VFL called Security Forward Aggregation (SFA). It changes the way of aggregating the transformed data and adopts removable masks to protect the raw data. Experiment results show that networks with SFA achieve both data security and high model performance.

翻译：垂直联盟学习(VFL) 吸引了人们的极大关注, 因为它能够以隐私保护的方式进行跨分离的数据合作。 虽然VFL的大多数研究工作都集中在线性和树型模型上, VFL没有很好地研究深层模型(例如神经网络)。 在本文中, 我们侧重于VFL的一个众所周知的神经网络框架SplitNNN, 并找出数据安全与SplitNNN模型性能之间的权衡。 简而言之, SplitNNNN通过交换梯度和变换数据来训练模型。 一方面, SlipNNNN 的模型性能受到模型性能损失, 一方面, SlipNNN 的模型使用变换数据而不是原始数据来联合培训模型, 大量低层次的特性信息被丢弃。 另一方面, 我们通过在SlipNNNN(即数据变换数据)的低层(即数据变换数据, 保存更低的特性) 来使得原始数据容易被推断攻击。 为了减轻上述交易, 我们提议在VLFLFAwar Stable Agregration Agregration (SA) SA) 和原始数据更新数据结果, 的Silviolview Disgreal Dal mastratal lap lap lap lap lap lap lap lap lap lap res