Understanding Data Reconstruction Leakage in Federated Learning from a Theoretical Perspective

• URL: http://arxiv.org/abs/2408.12119v1
• Date: Thu, 22 Aug 2024 04:20:48 GMT
• Title: Understanding Data Reconstruction Leakage in Federated Learning from a Theoretical Perspective
• Authors: Zifan Wang, Binghui Zhang, Meng Pang, Yuan Hong, Binghui Wang,
• Abstract summary: Federated learning (FL) is an emerging collaborative learning paradigm that aims to protect data privacy. Recent works show FL algorithms are vulnerable to the serious data reconstruction attacks. We propose a theoretical framework to understand data reconstruction attacks to FL.
• Score: 33.68646515160024
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Federated learning (FL) is an emerging collaborative learning paradigm that aims to protect data privacy. Unfortunately, recent works show FL algorithms are vulnerable to the serious data reconstruction attacks. However, existing works lack a theoretical foundation on to what extent the devices' data can be reconstructed and the effectiveness of these attacks cannot be compared fairly due to their unstable performance. To address this deficiency, we propose a theoretical framework to understand data reconstruction attacks to FL. Our framework involves bounding the data reconstruction error and an attack's error bound reflects its inherent attack effectiveness. Under the framework, we can theoretically compare the effectiveness of existing attacks. For instance, our results on multiple datasets validate that the iDLG attack inherently outperforms the DLG attack.

Related papers

• Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning [83.90283731845867]
  We consider feature reconstruction attacks, a common risk targeting input data compromise. We show that Federated-based models are resistant to state-of-the-art feature reconstruction attacks.
  arXiv  Detail & Related papers  (2024-12-16T12:02:12Z)
• Data Reconstruction Attacks and Defenses: A Systematic Evaluation [27.34562026045369]
  We propose to view the problem as an inverse problem, enabling us to theoretically, quantitatively, and systematically evaluate the data reconstruction problem. We propose a strong reconstruction attack that helps update some previous understanding of the strength of defense methods under our proposed evaluation metric.
  arXiv  Detail & Related papers  (2024-02-13T05:06:34Z)
• Data-Agnostic Model Poisoning against Federated Learning: A Graph Autoencoder Approach [65.2993866461477]
  This paper proposes a data-agnostic, model poisoning attack on Federated Learning (FL) The attack requires no knowledge of FL training data and achieves both effectiveness and undetectability. Experiments show that the FL accuracy drops gradually under the proposed attack and existing defense mechanisms fail to detect it.
  arXiv  Detail & Related papers  (2023-11-30T12:19:10Z)
• Doubly Robust Instance-Reweighted Adversarial Training [107.40683655362285]
  We propose a novel doubly-robust instance reweighted adversarial framework. Our importance weights are obtained by optimizing the KL-divergence regularized loss function. Our proposed approach outperforms related state-of-the-art baseline methods in terms of average robust performance.
  arXiv  Detail & Related papers  (2023-08-01T06:16:18Z)
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [66.56240101249803]
  We study how hardening benign clients can affect the global model (and the malicious clients) We propose a trigger reverse engineering based defense and show that our method can achieve improvement with guarantee robustness. Our results on eight competing SOTA defense methods show the empirical superiority of our method on both single-shot and continuous FL backdoor attacks.
  arXiv  Detail & Related papers  (2022-10-23T22:24:03Z)
• RelaxLoss: Defending Membership Inference Attacks without Losing Utility [68.48117818874155]
  We propose a novel training framework based on a relaxed loss with a more achievable learning target. RelaxLoss is applicable to any classification model with added benefits of easy implementation and negligible overhead. Our approach consistently outperforms state-of-the-art defense mechanisms in terms of resilience against MIAs.
  arXiv  Detail & Related papers  (2022-07-12T19:34:47Z)
• Fabricated Flips: Poisoning Federated Learning without Data [9.060263645085564]
  Attacks on Federated Learning (FL) can severely reduce the quality of the generated models. We propose a data-free untargeted attack (DFA) that synthesizes malicious data to craft adversarial models. DFA achieves similar or even higher attack success rate than state-of-the-art untargeted attacks.
  arXiv  Detail & Related papers  (2022-02-07T20:38:28Z)
• Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning [51.15273664903583]
  Data heterogeneity has been identified as one of the key features in federated learning but often overlooked in the lens of robustness to adversarial attacks. This paper focuses on characterizing and understanding its impact on backdooring attacks in federated learning through comprehensive experiments using synthetic and the LEAF benchmarks.
  arXiv  Detail & Related papers  (2021-02-01T06:06:21Z)
• Provable Defense against Privacy Leakage in Federated Learning from Representation Perspective [47.23145404191034]
  Federated learning (FL) is a popular distributed learning framework that can reduce privacy risks by not explicitly sharing private data. Recent works demonstrated that sharing model updates makes FL vulnerable to inference attacks. We show our key observation that the data representation leakage from gradients is the essential cause of privacy leakage in FL.
  arXiv  Detail & Related papers  (2020-12-08T20:42:12Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.