Privacy Attacks in Decentralized Learning

• URL: http://arxiv.org/abs/2402.10001v2
• Date: Tue, 4 Jun 2024 12:34:25 GMT
• Title: Privacy Attacks in Decentralized Learning
• Authors: Abdellah El Mrini, Edwige Cyffers, Aurélien Bellet,
• Abstract summary: Decentralized Gradient Descent (D-GD) allows a set of users to perform collaborative learning without sharing their data. We propose the first attack against D-GD that enables a user to reconstruct the private data of other users outside their immediate neighborhood. We validate the effectiveness of our attack on real graphs and datasets, showing that the number of users compromised by a single or a handful of attackers is often surprisingly large.
• Score: 10.209045867868674
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Decentralized Gradient Descent (D-GD) allows a set of users to perform collaborative learning without sharing their data by iteratively averaging local model updates with their neighbors in a network graph. The absence of direct communication between non-neighbor nodes might lead to the belief that users cannot infer precise information about the data of others. In this work, we demonstrate the opposite, by proposing the first attack against D-GD that enables a user (or set of users) to reconstruct the private data of other users outside their immediate neighborhood. Our approach is based on a reconstruction attack against the gossip averaging protocol, which we then extend to handle the additional challenges raised by D-GD. We validate the effectiveness of our attack on real graphs and datasets, showing that the number of users compromised by a single or a handful of attackers is often surprisingly large. We empirically investigate some of the factors that affect the performance of the attack, namely the graph topology, the number of attackers, and their position in the graph.

Related papers

• Cluster-Aware Attacks on Graph Watermarks [50.19105800063768]
  We introduce a cluster-aware threat model in which adversaries apply community-guided modifications to evade detection. Our results show that cluster-aware attacks can reduce attribution accuracy by up to 80% more than random baselines. We propose a lightweight embedding enhancement that distributes watermark nodes across graph communities.
  arXiv  Detail & Related papers  (2025-04-24T22:49:28Z)
• Data Poisoning Attacks to Locally Differentially Private Range Query Protocols [15.664794320925562]
  Local Differential Privacy (LDP) has been widely adopted to protect user privacy in decentralized data collection. Recent studies have revealed that LDP protocols are vulnerable to data poisoning attacks. We present the first study on data poisoning attacks targeting LDP range query protocols.
  arXiv  Detail & Related papers  (2025-03-05T12:40:34Z)
• Unveiling Privacy Vulnerabilities: Investigating the Role of Structure in Graph Data [17.11821761700748]
  This study advances the understanding and protection against privacy risks emanating from network structure. We develop a novel graph private attribute inference attack, which acts as a pivotal tool for evaluating the potential for privacy leakage through network structures. Our attack model poses a significant threat to user privacy, and our graph data publishing method successfully achieves the optimal privacy-utility trade-off.
  arXiv  Detail & Related papers  (2024-07-26T07:40:54Z)
• Ungeneralizable Examples [70.76487163068109]
  Current approaches to creating unlearnable data involve incorporating small, specially designed noises. We extend the concept of unlearnable data to conditional data learnability and introduce textbfUntextbfGeneralizable textbfExamples (UGEs) UGEs exhibit learnability for authorized users while maintaining unlearnability for potential hackers.
  arXiv  Detail & Related papers  (2024-04-22T09:29:14Z)
• Towards Attack-tolerant Federated Learning via Critical Parameter Analysis [85.41873993551332]
  Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Analysis) Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not.
  arXiv  Detail & Related papers  (2023-08-18T05:37:55Z)
• A Trajectory K-Anonymity Model Based on Point Density and Partition [0.0]
  This paper develops a trajectory K-anonymity model based on Point Density and Partition (K PDP) It successfully resists re-identification attacks and reduces the data utility loss of the k-anonymized dataset.
  arXiv  Detail & Related papers  (2023-07-31T17:10:56Z)
• Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation [60.50994154879244]
  Recent studies show that Graph Neural Networks are vulnerable and easily fooled by small perturbations. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack. We propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model.
  arXiv  Detail & Related papers  (2022-11-15T11:44:31Z)
• Securing Federated Learning against Overwhelming Collusive Attackers [7.587927338603662]
  We propose two graph theoretic algorithms, based on Minimum Spanning Tree and k-Densest graph, by leveraging correlations between local models. Our FL model can nullify the influence of attackers even when they are up to 70% of all the clients. We establish the superiority of our algorithms over the existing ones using accuracy, attack success rate, and early detection round.
  arXiv  Detail & Related papers  (2022-09-28T13:41:04Z)
• Model Inversion Attacks against Graph Neural Networks [65.35955643325038]
  We study model inversion attacks against Graph Neural Networks (GNNs) In this paper, we present GraphMI to infer the private training graph data. Our experimental results show that such defenses are not sufficiently effective and call for more advanced defenses against privacy attacks.
  arXiv  Detail & Related papers  (2022-09-16T09:13:43Z)
• Query-based Adversarial Attacks on Graph with Fake Nodes [32.67989796394633]
  We propose a novel adversarial attack by introducing a set of fake nodes to the original graph. Specifically, we query the victim model for each victim node to acquire their most adversarial feature. Our attack is performed in a practical and unnoticeable manner.
  arXiv  Detail & Related papers  (2021-09-27T14:19:17Z)
• Graph Backdoor [53.70971502299977]
  We present GTA, the first backdoor attack on graph neural networks (GNNs) GTA departs in significant ways: it defines triggers as specific subgraphs, including both topological structures and descriptive features. It can be instantiated for both transductive (e.g., node classification) and inductive (e.g., graph classification) tasks.
  arXiv  Detail & Related papers  (2020-06-21T19:45:30Z)
• Adversarial Attack on Community Detection by Hiding Individuals [68.76889102470203]
  We focus on black-box attack and aim to hide targeted individuals from the detection of deep graph community detection models. We propose an iterative learning framework that takes turns to update two modules: one working as the constrained graph generator and the other as the surrogate community detection model.
  arXiv  Detail & Related papers  (2020-01-22T09:50:04Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.