A Novel Model-Based Attribute Inference Attack in Federated Learning
Abstract
In federated learning, clients such as mobile devices or data silos (e.g. hospitals and banks) collaboratively improve a shared model, while maintaining their data locally. Multiple recent works show that client’s private information can still be disclosed to an adversary who just eavesdrops the messages exchanged between the targeted client and the server. In this paper, we propose a novel model-based attribute inference attack in federated learning which overcomes the limits of gradient-based ones. Furthermore, we provide an analytical lower-bound for the success of this attack. Empirical results using real world datasets confirm that our attribute inference attack works well for both regression and classification tasks. Moreover, we benchmark our novel attribute inference attack against the state-of-the-art attacks in federated learning. Our attack results in higher reconstruction accuracy especially when the clients’ datasets are heterogeneous (as is common in federated learning).
Cite
Text
Driouich et al. "A Novel Model-Based Attribute Inference Attack in Federated Learning." NeurIPS 2022 Workshops: Federated_Learning, 2022.Markdown
[Driouich et al. "A Novel Model-Based Attribute Inference Attack in Federated Learning." NeurIPS 2022 Workshops: Federated_Learning, 2022.](https://mlanthology.org/neuripsw/2022/driouich2022neuripsw-novel/)BibTeX
@inproceedings{driouich2022neuripsw-novel,
title = {{A Novel Model-Based Attribute Inference Attack in Federated Learning}},
author = {Driouich, Ilias and Xu, Chuan and Neglia, Giovanni and Giroire, Frederic and Thomas, Eoin},
booktitle = {NeurIPS 2022 Workshops: Federated_Learning},
year = {2022},
url = {https://mlanthology.org/neuripsw/2022/driouich2022neuripsw-novel/}
}