![[2602.20593] Is the Trigger Essential? A Feature-Based Triggerless Backdoor Attack in Vertical Federated Learning](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.20593] Is the Trigger Essential? A Feature-Based Triggerless Backdoor Attack in Vertical Federated Learning
Summary
This paper presents a novel feature-based triggerless backdoor attack in vertical federated learning, demonstrating that triggers are not essential for executing such attacks.
Why It Matters
As vertical federated learning (VFL) gains traction for its privacy-preserving capabilities, understanding new vulnerabilities like triggerless backdoor attacks is crucial. This research highlights significant security threats and encourages the development of more robust defense mechanisms in VFL systems.
Key Takeaways
- Triggers are not necessary for backdoor attacks in vertical federated learning.
- The proposed attack outperforms existing methods by 2 to 50 times with minimal impact on main tasks.
- The attack remains robust against various defense strategies, highlighting vulnerabilities in VFL.
Computer Science > Machine Learning arXiv:2602.20593 (cs) [Submitted on 24 Feb 2026] Title:Is the Trigger Essential? A Feature-Based Triggerless Backdoor Attack in Vertical Federated Learning Authors:Yige Liu, Yiwei Lou, Che Wang, Yongzhi Cao, Hanpin Wang View a PDF of the paper titled Is the Trigger Essential? A Feature-Based Triggerless Backdoor Attack in Vertical Federated Learning, by Yige Liu and 4 other authors View PDF HTML (experimental) Abstract:As a distributed collaborative machine learning paradigm, vertical federated learning (VFL) allows multiple passive parties with distinct features and one active party with labels to collaboratively train a model. Although it is known for the privacy-preserving capabilities, VFL still faces significant privacy and security threats from backdoor attacks. Existing backdoor attacks typically involve an attacker implanting a trigger into the model during the training phase and executing the attack by adding the trigger to the samples during the inference phase. However, in this paper, we find that triggers are not essential for backdoor attacks in VFL. In light of this, we disclose a new backdoor attack pathway in VFL by introducing a feature-based triggerless backdoor attack. This attack operates under a more stringent security assumption, where the attacker is honest-but-curious rather than malicious during the training phase. It comprises three modules: label inference for the targeted backdoor attack, poison generation wit...
