Federated learning (FL) is an emerging paradigm for facilitating multiple organizations' data collaboration without revealing their private data to each other. Recently, vertical FL, where the participating organizations hold the same set of samples but with disjoint features and only one organization owns the labels, has received increased attention. This paper presents several feature inference attack methods to investigate the potential privacy leakages in the model prediction stage of vertical FL. The attack methods consider the most stringent setting that the adversary controls only the trained vertical FL model and the model predictions, relying on no background information. We first propose two specific attacks on the logistic regression (LR) and decision tree (DT) models, according to individual prediction output. We further design a general attack method based on multiple prediction outputs accumulated by the adversary to handle complex models, such as neural networks (NN) and random forest (RF) models. Experimental evaluations demonstrate the effectiveness of the proposed attacks and highlight the need for designing private mechanisms to protect the prediction outputs in vertical FL.

翻译：联邦学习(FL)是促进多个组织的数据合作的新兴范例,而没有相互透露其私人数据。最近,纵向FL(参与组织拥有相同的样本,但具有脱节特征,只有一个组织拥有标签)受到越来越多的关注。本文介绍了调查垂直FL(FL)模型预测阶段潜在隐私渗漏的若干特征推论攻击方法。攻击方法考虑了最严格的设定,即对手仅控制经过训练的垂直FL模型和模型预测,不依靠背景资料。我们首先根据个别预测产出对物流回归模型和决策树模型提出两次具体攻击。我们进一步根据敌人积累的多重预测产出设计一种一般性攻击方法,以处理神经网络和随机森林模型等复杂模型。实验性评估表明拟议攻击的有效性,并强调需要设计私人机制,以保护垂直FL(L)预测产出。