Layer-wise Characterization of Latent Information Leakage in Federated
Learning
- URL: http://arxiv.org/abs/2010.08762v4
- Date: Sat, 29 May 2021 11:10:58 GMT
- Title: Layer-wise Characterization of Latent Information Leakage in Federated
Learning
- Authors: Fan Mo, Anastasia Borovykh, Mohammad Malekzadeh, Hamed Haddadi,
Soteris Demetriou
- Abstract summary: Training deep neural networks via federated learning allows clients to share, instead of the original data, only the model trained on their data.
Prior work has demonstrated that in practice a client's private information, unrelated to the main learning task, can be discovered from the model's gradients.
There is still no formal approach for quantifying the leakage of private information via the shared updated model or gradients.
- Score: 9.397152006395174
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Training deep neural networks via federated learning allows clients to share,
instead of the original data, only the model trained on their data. Prior work
has demonstrated that in practice a client's private information, unrelated to
the main learning task, can be discovered from the model's gradients, which
compromises the promised privacy protection. However, there is still no formal
approach for quantifying the leakage of private information via the shared
updated model or gradients. In this work, we analyze property inference attacks
and define two metrics based on (i) an adaptation of the empirical
$\mathcal{V}$-information, and (ii) a sensitivity analysis using Jacobian
matrices allowing us to measure changes in the gradients with respect to latent
information. We show the applicability of our proposed metrics in localizing
private latent information in a layer-wise manner and in two settings where (i)
we have or (ii) we do not have knowledge of the attackers' capabilities. We
evaluate the proposed metrics for quantifying information leakage on three
real-world datasets using three benchmark models.
Related papers
- Approximate Gradient Coding for Privacy-Flexible Federated Learning with Non-IID Data [9.984630251008868]
This work focuses on the challenges of non-IID data and stragglers/dropouts in federated learning.
We introduce and explore a privacy-flexible paradigm that models parts of the clients' local data as non-private.
arXiv Detail & Related papers (2024-04-04T15:29:50Z) - Learn to Unlearn for Deep Neural Networks: Minimizing Unlearning
Interference with Gradient Projection [56.292071534857946]
Recent data-privacy laws have sparked interest in machine unlearning.
Challenge is to discard information about the forget'' data without altering knowledge about remaining dataset.
We adopt a projected-gradient based learning method, named as Projected-Gradient Unlearning (PGU)
We provide empirically evidence to demonstrate that our unlearning method can produce models that behave similar to models retrained from scratch across various metrics even when the training dataset is no longer accessible.
arXiv Detail & Related papers (2023-12-07T07:17:24Z) - Independent Distribution Regularization for Private Graph Embedding [55.24441467292359]
Graph embeddings are susceptible to attribute inference attacks, which allow attackers to infer private node attributes from the learned graph embeddings.
To address these concerns, privacy-preserving graph embedding methods have emerged.
We propose a novel approach called Private Variational Graph AutoEncoders (PVGAE) with the aid of independent distribution penalty as a regularization term.
arXiv Detail & Related papers (2023-08-16T13:32:43Z) - Open-Set Semi-Supervised Learning for 3D Point Cloud Understanding [62.17020485045456]
It is commonly assumed in semi-supervised learning (SSL) that the unlabeled data are drawn from the same distribution as that of the labeled ones.
We propose to selectively utilize unlabeled data through sample weighting, so that only conducive unlabeled data would be prioritized.
arXiv Detail & Related papers (2022-05-02T16:09:17Z) - Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
Federated learning (FL) allows the collaborative training of AI models without needing to share raw data.
Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data.
In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
arXiv Detail & Related papers (2022-02-14T18:33:12Z) - Enhanced Membership Inference Attacks against Machine Learning Models [9.26208227402571]
Membership inference attacks are used to quantify the private information that a model leaks about the individual data points in its training set.
We derive new attack algorithms that can achieve a high AUC score while also highlighting the different factors that affect their performance.
Our algorithms capture a very precise approximation of privacy loss in models, and can be used as a tool to perform an accurate and informed estimation of privacy risk in machine learning models.
arXiv Detail & Related papers (2021-11-18T13:31:22Z) - Unified Instance and Knowledge Alignment Pretraining for Aspect-based
Sentiment Analysis [96.53859361560505]
Aspect-based Sentiment Analysis (ABSA) aims to determine the sentiment polarity towards an aspect.
There always exists severe domain shift between the pretraining and downstream ABSA datasets.
We introduce a unified alignment pretraining framework into the vanilla pretrain-finetune pipeline.
arXiv Detail & Related papers (2021-10-26T04:03:45Z) - Quantifying Information Leakage from Gradients [8.175697239083474]
Sharing deep neural networks' gradients instead of training data could facilitate data privacy in collaborative learning.
In practice however, gradients can disclose both private latent attributes and original data.
Mathematical metrics are needed to quantify both original and latent information leakages from gradients computed over the training data.
arXiv Detail & Related papers (2021-05-28T15:47:44Z) - Bounding Information Leakage in Machine Learning [26.64770573405079]
This paper investigates fundamental bounds on information leakage.
We identify and bound the success rate of the worst-case membership inference attack.
We derive bounds on the mutual information between the sensitive attributes and model parameters.
arXiv Detail & Related papers (2021-05-09T08:49:14Z) - A Quantitative Metric for Privacy Leakage in Federated Learning [22.968763654455298]
We propose a quantitative metric based on mutual information for clients to evaluate the potential risk of information leakage in their gradients.
It is proven that, the risk of information leakage is related to the status of the task model, as well as the inherent data distribution.
arXiv Detail & Related papers (2021-02-24T02:48:35Z) - Toward Understanding the Influence of Individual Clients in Federated
Learning [52.07734799278535]
Federated learning allows clients to jointly train a global model without sending their private data to a central server.
We defined a new notion called em-Influence, quantify this influence over parameters, and proposed an effective efficient model to estimate this metric.
arXiv Detail & Related papers (2020-12-20T14:34:36Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.