{"id":"https://openalex.org/W4417201902","doi":"https://doi.org/10.1109/tifs.2025.3641050","title":"chamaeleon: Backdoor Attacks Against Vertical Federated Learning for Tabular Data","display_name":"chamaeleon: Backdoor Attacks Against Vertical Federated Learning for Tabular Data","publication_year":2025,"publication_date":"2025-12-10","ids":{"openalex":"https://openalex.org/W4417201902","doi":"https://doi.org/10.1109/tifs.2025.3641050"},"language":null,"primary_location":{"id":"doi:10.1109/tifs.2025.3641050","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3641050","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Hao Yang","orcid":"https://orcid.org/0009-0002-1274-4325"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hao Yang","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0009-0002-1274-4325","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zhuzhu Wang","orcid":"https://orcid.org/0009-0002-9717-1377"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhuzhu Wang","raw_affiliation_strings":["School of Information Science and Technology, Northwestern University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0009-0002-9717-1377","affiliations":[{"raw_affiliation_string":"School of Information Science and Technology, Northwestern University, Xi&#x2019;an, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041981472","display_name":"Yilong Yang","orcid":"https://orcid.org/0000-0002-2811-2667"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yilong Yang","raw_affiliation_strings":["School of Artificial Intelligence, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0002-2811-2667","affiliations":[{"raw_affiliation_string":"School of Artificial Intelligence, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101932355","display_name":"Yong Zeng","orcid":"https://orcid.org/0000-0003-2551-7009"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yong Zeng","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0003-2551-7009","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Shangze Li","orcid":"https://orcid.org/0009-0001-2577-7698"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shangze Li","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0009-0001-2577-7698","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100355653","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-5917-8653"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015787649","display_name":"Zhuo Ma","orcid":"https://orcid.org/0000-0001-6023-2864"},"institutions":[{"id":"https://openalex.org/I149594827","display_name":"Xidian University","ror":"https://ror.org/05s92vm98","country_code":"CN","type":"education","lineage":["https://openalex.org/I149594827"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhuo Ma","raw_affiliation_strings":["School of Cyber Engineering, Xidian University, Xi&#x2019;an, China"],"raw_orcid":"https://orcid.org/0000-0001-6023-2864","affiliations":[{"raw_affiliation_string":"School of Cyber Engineering, Xidian University, Xi&#x2019;an, China","institution_ids":["https://openalex.org/I149594827"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I149594827"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.20153607,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"21","issue":null,"first_page":"30","last_page":"44"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.4796999990940094,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.4796999990940094,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.31450000405311584,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11307","display_name":"Domain Adaptation and Few-Shot Learning","score":0.041600000113248825,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9894000291824341},{"id":"https://openalex.org/keywords/classifier","display_name":"Classifier (UML)","score":0.5889000296592712},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5534999966621399},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.489300012588501},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.40369999408721924},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.39879998564720154},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.31779998540878296},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.3003000020980835}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9894000291824341},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8845999836921692},{"id":"https://openalex.org/C95623464","wikidata":"https://www.wikidata.org/wiki/Q1096149","display_name":"Classifier (UML)","level":2,"score":0.5889000296592712},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5534999966621399},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.489300012588501},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.46299999952316284},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4113999903202057},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.40369999408721924},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.39879998564720154},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.39160001277923584},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3752000033855438},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.31779998540878296},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3003000020980835},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.28999999165534973},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2879999876022339},{"id":"https://openalex.org/C198531522","wikidata":"https://www.wikidata.org/wiki/Q485146","display_name":"Sample (material)","level":2,"score":0.2775000035762787},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.26899999380111694},{"id":"https://openalex.org/C21080849","wikidata":"https://www.wikidata.org/wiki/Q13611879","display_name":"Data point","level":2,"score":0.2637999951839447},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.2565999925136566},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.25600001215934753},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.25529998540878296}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3641050","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3641050","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1323945101","display_name":null,"funder_award_id":"62261160651","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2215088380","display_name":null,"funder_award_id":"U23A20307","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2509360852","display_name":null,"funder_award_id":"2023M742739","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3848079773","display_name":null,"funder_award_id":"U21A20464","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5420252985","display_name":null,"funder_award_id":"B16037","funder_id":"https://openalex.org/F4320336698","funder_display_name":"Overseas Expertise Introduction Center for Discipline Innovation of Food Nutrition and Human Health (111 Center)"},{"id":"https://openalex.org/G5786452238","display_name":null,"funder_award_id":"U23A20306","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6432932937","display_name":null,"funder_award_id":"QTZX24081","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"},{"id":"https://openalex.org/G7214301996","display_name":null,"funder_award_id":"2023M742739","funder_id":"https://openalex.org/F4320321543","funder_display_name":"China Postdoctoral Science Foundation"},{"id":"https://openalex.org/G746094661","display_name":null,"funder_award_id":"62501444","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7531761133","display_name":null,"funder_award_id":"62406239","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8672951616","display_name":null,"funder_award_id":"2023YFE0111100","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G875455441","display_name":null,"funder_award_id":"U2436206","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321543","display_name":"China Postdoctoral Science Foundation","ror":"https://ror.org/0426zh255"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null},{"id":"https://openalex.org/F4320336698","display_name":"Overseas Expertise Introduction Center for Discipline Innovation of Food Nutrition and Human Health (111 Center)","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W2130486630","https://openalex.org/W2473418344","https://openalex.org/W2807363941","https://openalex.org/W2898085636","https://openalex.org/W2912213068","https://openalex.org/W2934843808","https://openalex.org/W2942091739","https://openalex.org/W2990270730","https://openalex.org/W2996800219","https://openalex.org/W3093945404","https://openalex.org/W4225750584","https://openalex.org/W4312854396","https://openalex.org/W4328053081","https://openalex.org/W4385187226","https://openalex.org/W4385245566","https://openalex.org/W4386804452","https://openalex.org/W4388206624","https://openalex.org/W4388821948","https://openalex.org/W4388867373","https://openalex.org/W4391093146","https://openalex.org/W4391250546","https://openalex.org/W4391529040","https://openalex.org/W4391641509","https://openalex.org/W4393158822","https://openalex.org/W4402210816","https://openalex.org/W4402263874","https://openalex.org/W4402264407","https://openalex.org/W4405785787"],"related_works":[],"abstract_inverted_index":{"Vertical":[0],"federated":[1],"learning":[2],"(VFL)":[3],"has":[4,39],"made":[5],"significant":[6],"strides":[7],"in":[8,54,95],"enhancing":[9],"data":[10,154],"privacy":[11],"and":[12,43,60,209,230],"security":[13,26,49],"for":[14,77],"cross-silo":[15],"applications.":[16],"However,":[17],"despite":[18],"its":[19],"benefits,":[20],"VFL":[21,36,76],"remains":[22],"vulnerable":[23],"to":[24,87,103,138,158,195,236],"emerging":[25],"threats,":[27],"particularly":[28],"backdoor":[29,37,73],"attacks.":[30],"While":[31],"most":[32],"existing":[33],"research":[34],"on":[35,41],"attacks":[38],"focused":[40],"image":[42],"natural":[44],"language":[45,183],"processing":[46],"tasks,":[47],"the":[48,89,122,140,149,197,213,227],"of":[50,91,125,134,142,152,215],"tabular":[51,78,153],"data\u2014commonly":[52],"used":[53],"high-risk":[55],"domains":[56],"such":[57],"as":[58],"finance":[59],"healthcare\u2014has":[61],"been":[62],"largely":[63],"overlooked.":[64],"In":[65],"this":[66,238],"paper,":[67],"we":[68],"introduce":[69],"chamaeleon,":[70],"a":[71,99,110,114,132,162,172,177,189],"novel":[72],"attack":[74,228],"targeting":[75],"data.":[79,203],"Our":[80],"approach":[81],"achieves":[82],"two":[83],"key":[84],"advancements.":[85],"First,":[86],"address":[88],"challenge":[90],"restricted":[92],"label":[93,105,111],"access":[94],"VFL,":[96],"chamaeleon":[97,160],"employs":[98],"two-step":[100],"inference":[101],"method":[102,108],"extract":[104],"information.":[106],"This":[107],"combines":[109],"classifier":[112],"with":[113,131,171,200],"top-<italic":[115],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[116],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">k</i>":[117],"confidence":[118],"filtering":[119],"mechanism,":[120],"enabling":[121],"precise":[123],"identification":[124],"target-label":[126],"samples":[127],"(i.e.,":[128],"backdoored":[129,167],"samples)":[130],"precision":[133],"approximately":[135],"99.85%.":[136],"Second,":[137],"overcome":[139],"limitations":[141],"fixed":[143],"trigger":[144,164],"patterns,":[145],"which":[146],"can":[147],"disrupt":[148],"semantic":[150,186],"integrity":[151],"(e.g.,":[155],"altering":[156],"\u201cmale\u201d":[157],"\u201cpregnant\u201d),":[159],"introduces":[161],"dynamic":[163],"design.":[165],"Each":[166],"sample":[168],"is":[169,193],"injected":[170],"unique":[173],"trigger,":[174],"generated":[175],"by":[176,181],"transformer-based":[178],"model":[179],"inspired":[180],"large":[182],"models,":[184],"ensuring":[185],"consistency.":[187],"Additionally,":[188],"one-on-two":[190],"adversarial":[191],"game":[192],"implemented":[194],"optimize":[196],"generator\u2019s":[198],"performance":[199],"limited":[201],"training":[202],"Extensive":[204],"evaluations":[205],"across":[206],"six":[207,210],"models":[208],"datasets":[211],"demonstrate":[212],"effectiveness":[214],"our":[216],"proposed":[217],"attack.":[218],"We":[219],"also":[220],"examine":[221],"various":[222],"factors":[223],"that":[224],"could":[225],"influence":[226],"success":[229],"systematically":[231],"analyze":[232],"potential":[233],"defense":[234],"mechanisms":[235],"mitigate":[237],"newly":[239],"identified":[240],"threat.":[241]},"counts_by_year":[],"updated_date":"2025-12-30T23:08:21.542490","created_date":"2025-12-10T00:00:00"}