Scalable Vertical Federated Learning for Financial Systems with Prototype Consistency Based Malware and Backdoor Defense Strategy

Authors

  • Sven J. Crawford School of Electrical Engineering and Computer Science, Oregon State University, Corvallis, OR, USA.

Keywords:

vertical federated learning, backdoor defense, prototype consistency, financial systems, scalability, adversarial machine learning, distributed infrastructure, governance

Abstract

Vertical federated learning (VFL) enables multiple financial institutions to collaboratively train machine learning models without sharing raw data, thereby addressing privacy regulations and competitive barriers. However, the distributed nature of VFL introduces new attack surfaces, particularly backdoor poisoning where malicious participants embed hidden triggers that cause targeted misclassification during inference. Existing defenses often impose significant communication overhead or degrade model accuracy, hindering scalability in large-scale financial ecosystems. This paper proposes a scalable VFL framework augmented by a prototype consistency based backdoor defense strategy that leverages feature-space regularization to detect and mitigate poisoned updates without requiring access to raw client data. The architecture employs a split neural network with a central server maintaining a prototype bank derived from benign training examples; each client’s intermediate representation is compared against these prototypes during aggregation, and updates that deviate beyond adaptive thresholds are filtered or corrected. We discuss the structural trade-offs between defense strength and model utility, the deployment challenges in heterogeneous financial infrastructures, and the governance implications for regulatory compliance. Through a system-level analysis spanning scalability, robustness, fairness, and policy considerations, we demonstrate that prototype consistency offers a lightweight yet effective defense compatible with real-world constraints such as bandwidth limits, asynchronous communication, and non-IID data distributions. The proposed strategy is evaluated against state-of-the-art backdoor attacks and compared with alternative defenses, showing favorable performance in preserving model integrity while maintaining training efficiency. This work contributes to the intersection of secure federated learning, adversarial machine learning, and financial system design, providing a path toward trustworthy AI in regulated industries.

References

1. Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 308–318. https://doi.org/10.1145/2976749.2978318

2. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to backdoor federated learning. Proceedings of the 23rd International Conference on Artificial Intelligence and Statistics, 108, 2938–2948.

3. Bendale, A., & Boult, T. E. (2016). Towards open set deep networks. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, 1563–1572. https://doi.org/10.1109/CVPR.2016.173

4. Blanchard, P., Mhamdi, E. M. E., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems, 30, 119–129.

5. Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H. B., Patel, S., Ramage, D., Segal, A., & Seth, K. (2017). Practical secure aggregation for privacy-preserving machine learning. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 1175–1191. https://doi.org/10.1145/3133956.3133982

6. Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. 2017 IEEE Symposium on Security and Privacy, 39–57. https://doi.org/10.1109/SP.2017.49

7. Chen, X., Liu, C., Li, B., Lu, K., & Song, D. (2017). Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526.

8. European Central Bank. (2020). Guide to internal models credit risk. ECB Banking Supervision.

9. Geyer, R. C., Klein, T., & Nabi, M. (2017). Differentially private federated learning: A client level perspective. arXiv preprint arXiv:1712.07557.

10. Hardy, S., Henecka, W., Ivey-Law, H., Nock, R., Patrini, G., Smith, G., & Thorne, B. (2017). Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption. arXiv preprint arXiv:1711.10677.

11. Kairouz, P., McMahan, H. B., Avent, B., Bellet, A., Bennis, M., Bhagoji, A. N., Bonawitz, K., Charles, Z., Cormode, G., Cummings, R., D’Oliveira, R. G. L., Eichner, H., El Sayed, M., Evans, R., Garg, S., Gaur, R., Ghanem, A., Gilad-Bachrach, R., … Zhao, S. (2021). Advances and open problems in federated learning. Foundations and Trends in Machine Learning, 14(1–2), 1–210. https://doi.org/10.1561/2200000083

12. Liu, Y., Chen, T., & Yang, Q. (2020). Secure federated transfer learning. arXiv preprint arXiv:1812.03337.

13. McMahan, B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, 54, 1273–1282.

14. Office of the Comptroller of the Currency. (2021). Model risk management guidance (OCC Bulletin 2021-43). U.S. Department of the Treasury.

15. Papernot, N., McDaniel, P., Wu, X., Jha, S., & Swami, A. (2016). Distillation as a defense to adversarial perturbations against deep neural networks. 2016 IEEE Symposium on Security and Privacy, 582–597. https://doi.org/10.1109/SP.2016.41

16. Sattler, F., Wiedemann, S., Müller, K.-R., & Samek, W. (2019). Robust and communication-efficient federated learning from non-i.i.d. data. IEEE Transactions on Neural Networks and Learning Systems, 31(9), 3400–3413. https://doi.org/10.1109/TNNLS.2019.2944481

17. Shui, Y., Jin, R., Dou, Z., & Gao, Z. (2026). ProtoGuard-SL: Prototype Consistency Based Backdoor Defense for Vertical Split Learning. arXiv preprint arXiv:2604.03595.

18. Snell, J., Swersky, K., & Zemel, R. (2017). Prototypical networks for few-shot learning. Advances in Neural Information Processing Systems, 30, 4077–4087.

19. Vepakomma, P., Swedish, T., Raskar, R., Gupta, O., & Dubey, A. (2018). No peek: A survey of private distributed deep learning. arXiv preprint arXiv:1812.03288.

20. Xie, C., Koyejo, S., & Gupta, I. (2019). Asynchronous federated optimization. arXiv preprint arXiv:1903.03934.

21. Yang, Q., Liu, Y., Chen, T., & Tong, Y. (2019). Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology, 10(2), Article 12. https://doi.org/10.1145/3298981

22. Yin, D., Chen, Y., Kannan, R., & Bartlett, P. (2018). Byzantine-robust distributed learning: Towards optimal statistical rates. Proceedings of the 35th International Conference on Machine Learning, 80, 5650–5659.

Downloads

Published

2026-05-17

How to Cite

Sven J. Crawford. (2026). Scalable Vertical Federated Learning for Financial Systems with Prototype Consistency Based Malware and Backdoor Defense Strategy. Computer Science and Engineering Transactions, 4(1). Retrieved from https://csetx.org/index.php/cset/article/view/139

Issue

Vol. 4 No. 1 (2026): Computer Science and Engineering Transactions

Section

Articles

License

Copyright (c) 2026 Computer Science and Engineering Transactions

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.