FedAU2: Attribute Unlearning for User-Level Federated Recommender Systems with Adaptive and Robust Adversarial Training
- URL: http://arxiv.org/abs/2511.22872v1
- Date: Fri, 28 Nov 2025 04:22:27 GMT
- Title: FedAU2: Attribute Unlearning for User-Level Federated Recommender Systems with Adaptive and Robust Adversarial Training
- Authors: Yuyuan Li, Junjie Fang, Fengyuan Yu, Xichun Sheng, Tianyu Du, Xuyang Teng, Shaowei Jiang, Linbo Jiang, Jianan Lin, Chaochao Chen,
- Abstract summary: Adversarial training emerges as the most feasible approach within this context.<n>We propose FedAU2, an attribute unlearning method for user-level FedRecs.<n>Our proposed FedAU2 achieves superior performance in unlearning effectiveness and recommendation performance compared to existing baselines.
- Score: 25.123969330252848
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Federated Recommender Systems (FedRecs) leverage federated learning to protect user privacy by retaining data locally. However, user embeddings in FedRecs often encode sensitive attribute information, rendering them vulnerable to attribute inference attacks. Attribute unlearning has emerged as a promising approach to mitigate this issue. In this paper, we focus on user-level FedRecs, which is a more practical yet challenging setting compared to group-level FedRecs. Adversarial training emerges as the most feasible approach within this context. We identify two key challenges in implementing adversarial training-based attribute unlearning for user-level FedRecs: i) mitigating training instability caused by user data heterogeneity, and ii) preventing attribute information leakage through gradients. To address these challenges, we propose FedAU2, an attribute unlearning method for user-level FedRecs. For CH1, we propose an adaptive adversarial training strategy, where the training dynamics are adjusted in response to local optimization behavior. For CH2, we propose a dual-stochastic variational autoencoder to perturb the adversarial model, effectively preventing gradient-based information leakage. Extensive experiments on three real-world datasets demonstrate that our proposed FedAU2 achieves superior performance in unlearning effectiveness and recommendation performance compared to existing baselines.
Related papers
- An Efficient Gradient-Based Inference Attack for Federated Learning [0.0]
Federated learning is a machine learning setting that reduces direct data exposure, improving the privacy guarantees of machine learning models.<n>We present a new gradient-based membership inference attack for federated learning scenarios.<n>Our method uses the shadow technique to learn round-wise gradient patterns of the training records, requiring no access to the private dataset.
arXiv Detail & Related papers (2025-12-17T07:10:04Z) - FedRW: Efficient Privacy-Preserving Data Reweighting for Enhancing Federated Learning of Language Models [7.5015683571464]
We propose Federated ReWeighting (FedRW) to perform soft deduplication via sample reweighting without assuming a trusted third party.<n>At its core, FedRW proposes a secure, frequency-aware reweighting protocol through secure multi-party computation.<n>We show FedRW outperforms the state-of-the-art method by achieving up to 28.78x speedup in preprocessing and approximately 11.42% improvement in perplexity.
arXiv Detail & Related papers (2025-11-10T18:29:55Z) - DARLR: Dual-Agent Offline Reinforcement Learning for Recommender Systems with Dynamic Reward [14.323631574821123]
Model-based offline reinforcement learning has emerged as a promising approach for recommender systems.<n>DarLR is proposed to dynamically update world models to enhance recommendation policies.<n>Experiments on four benchmark datasets demonstrate the superior performance of DARLR.
arXiv Detail & Related papers (2025-05-12T06:18:31Z) - Efficient and Robust Regularized Federated Recommendation [52.24782464815489]
The recommender system (RSRS) addresses both user preference and privacy concerns.
We propose a novel method that incorporates non-uniform gradient descent to improve communication efficiency.
RFRecF's superior robustness compared to diverse baselines.
arXiv Detail & Related papers (2024-11-03T12:10:20Z) - Post-Training Attribute Unlearning in Recommender Systems [37.67195112898097]
Existing studies predominantly use training data, i.e., model inputs, as unlearning target.
We name this unseen information as textitattribute and treat it as unlearning target.
To protect the sensitive attribute of users, Attribute Unlearning (AU) aims to make target attributes indistinguishable.
arXiv Detail & Related papers (2024-03-11T14:02:24Z) - Making Users Indistinguishable: Attribute-wise Unlearning in Recommender
Systems [28.566330708233824]
We find that attackers can extract private information, i.e., gender, race, and age, from a trained model even if it has not been explicitly encountered during training.
To protect the sensitive attribute of users, Attribute Unlearning (AU) aims to degrade attacking performance and make target attributes indistinguishable.
arXiv Detail & Related papers (2023-10-06T09:36:44Z) - Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server.
Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples.
We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
arXiv Detail & Related papers (2023-09-14T03:48:27Z) - UPFL: Unsupervised Personalized Federated Learning towards New Clients [13.98952154869707]
In this paper, we address a relatively unexplored problem in federated learning.
When a federated model has been trained and deployed, and an unlabeled new client joins, providing a personalized model for the new client becomes a highly challenging task.
We extend the adaptive risk minimization technique into the unsupervised personalized federated learning setting and propose our method, FedTTA.
arXiv Detail & Related papers (2023-07-29T14:30:11Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - Combating Exacerbated Heterogeneity for Robust Models in Federated
Learning [91.88122934924435]
Combination of adversarial training and federated learning can lead to the undesired robustness deterioration.
We propose a novel framework called Slack Federated Adversarial Training (SFAT)
We verify the rationality and effectiveness of SFAT on various benchmarked and real-world datasets.
arXiv Detail & Related papers (2023-03-01T06:16:15Z) - SURF: Semi-supervised Reward Learning with Data Augmentation for
Feedback-efficient Preference-based Reinforcement Learning [168.89470249446023]
We present SURF, a semi-supervised reward learning framework that utilizes a large amount of unlabeled samples with data augmentation.
In order to leverage unlabeled samples for reward learning, we infer pseudo-labels of the unlabeled samples based on the confidence of the preference predictor.
Our experiments demonstrate that our approach significantly improves the feedback-efficiency of the preference-based method on a variety of locomotion and robotic manipulation tasks.
arXiv Detail & Related papers (2022-03-18T16:50:38Z) - Acceleration of Federated Learning with Alleviated Forgetting in Local
Training [61.231021417674235]
Federated learning (FL) enables distributed optimization of machine learning models while protecting privacy.
We propose FedReg, an algorithm to accelerate FL with alleviated knowledge forgetting in the local training stage.
Our experiments demonstrate that FedReg not only significantly improves the convergence rate of FL, especially when the neural network architecture is deep.
arXiv Detail & Related papers (2022-03-05T02:31:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.