File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/978-3-030-58951-6_27
- Scopus: eid_2-s2.0-85091586015
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: A framework for evaluating client privacy leakages in federated learning
Title | A framework for evaluating client privacy leakages in federated learning |
---|---|
Authors | |
Keywords | Attack evaluation framework Federated learning Privacy leakage attacks |
Issue Date | 2020 |
Citation | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2020, v. 12308 LNCS, p. 545-566 How to Cite? |
Abstract | Federated learning (FL) is an emerging distributed machine learning framework for collaborative model training with a network of clients (edge devices). FL offers default client privacy by allowing clients to keep their sensitive data on local devices and to only share local training parameter updates with the federated server. However, recent studies have shown that even sharing local parameter updates from a client to the federated server may be susceptible to gradient leakage attacks and intrude the client privacy regarding its training data. In this paper, we present a principled framework for evaluating and comparing different forms of client privacy leakage attacks. We first provide formal and experimental analysis to show how adversaries can reconstruct the private local training data by simply analyzing the shared parameter update from local training (e.g., local gradient or weight update vector). We then analyze how different hyperparameter configurations in federated learning and different settings of the attack algorithm may impact on both attack effectiveness and attack cost. Our framework also measures, evaluates, and analyzes the effectiveness of client privacy leakage attacks under different gradient compression ratios when using communication efficient FL protocols. Our experiments additionally include some preliminary mitigation strategies to highlight the importance of providing a systematic attack evaluation framework towards an in-depth understanding of the various forms of client privacy leakage threats in federated learning and developing theoretical foundations for attack mitigation. |
Persistent Identifier | http://hdl.handle.net/10722/343319 |
ISSN | 2023 SCImago Journal Rankings: 0.606 |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Wei, Wenqi | - |
dc.contributor.author | Liu, Ling | - |
dc.contributor.author | Loper, Margaret | - |
dc.contributor.author | Chow, Ka Ho | - |
dc.contributor.author | Gursoy, Mehmet Emre | - |
dc.contributor.author | Truex, Stacey | - |
dc.contributor.author | Wu, Yanzhao | - |
dc.date.accessioned | 2024-05-10T09:07:10Z | - |
dc.date.available | 2024-05-10T09:07:10Z | - |
dc.date.issued | 2020 | - |
dc.identifier.citation | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2020, v. 12308 LNCS, p. 545-566 | - |
dc.identifier.issn | 0302-9743 | - |
dc.identifier.uri | http://hdl.handle.net/10722/343319 | - |
dc.description.abstract | Federated learning (FL) is an emerging distributed machine learning framework for collaborative model training with a network of clients (edge devices). FL offers default client privacy by allowing clients to keep their sensitive data on local devices and to only share local training parameter updates with the federated server. However, recent studies have shown that even sharing local parameter updates from a client to the federated server may be susceptible to gradient leakage attacks and intrude the client privacy regarding its training data. In this paper, we present a principled framework for evaluating and comparing different forms of client privacy leakage attacks. We first provide formal and experimental analysis to show how adversaries can reconstruct the private local training data by simply analyzing the shared parameter update from local training (e.g., local gradient or weight update vector). We then analyze how different hyperparameter configurations in federated learning and different settings of the attack algorithm may impact on both attack effectiveness and attack cost. Our framework also measures, evaluates, and analyzes the effectiveness of client privacy leakage attacks under different gradient compression ratios when using communication efficient FL protocols. Our experiments additionally include some preliminary mitigation strategies to highlight the importance of providing a systematic attack evaluation framework towards an in-depth understanding of the various forms of client privacy leakage threats in federated learning and developing theoretical foundations for attack mitigation. | - |
dc.language | eng | - |
dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | - |
dc.subject | Attack evaluation framework | - |
dc.subject | Federated learning | - |
dc.subject | Privacy leakage attacks | - |
dc.title | A framework for evaluating client privacy leakages in federated learning | - |
dc.type | Conference_Paper | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1007/978-3-030-58951-6_27 | - |
dc.identifier.scopus | eid_2-s2.0-85091586015 | - |
dc.identifier.volume | 12308 LNCS | - |
dc.identifier.spage | 545 | - |
dc.identifier.epage | 566 | - |
dc.identifier.eissn | 1611-3349 | - |