Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling
Pages 5036 - 5038
Abstract
Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record.
In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients' model updates, preventing the central server from inferring information about each client's model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.
References
[1]
A. Bittau, Ú. Erlingsson, and P. Maniatis et al. 2017. Prochlo: Strong Privacy for Analytics in the Crowd. In SOSP. ACM.
[2]
A. Cheu, A. Smith, J. Ullman, D. Zeber, and M. Zhilyaev. 2019. Distributed Differential Privacy via Shuffling. In EUROCRYPT. Springer.
[3]
A. M. Girgis et al. 2021. Shuffled Model of Federated Learning: Privacy, Accuracy and Communication Trade-Offs. IEEE J. Sel. Areas Inf. Theory 2, 1 (2021), 464--478.
[4]
Reza Shokri et al. 2017. Membership Inference Attacks Against Machine Learning Models. In 2017 IEEE SP. 3--18. https://doi.org/10.1109/SP.2017.41
[5]
H. Hu, Z. Salcic, L. Sun, G. Dobbie, and X. Zhang. 2021. Source Inference Attacks in Federated Learning. In ICDM. IEEE.
[6]
J. Konecný and H. B. McMahan et al. 2016. Federated Learning: Strategies for Improving Communication Efficiency. CoRR abs/1610.05492 (2016).
[7]
H. B. McMahan and E. et al. Moore. 2017. Communication-Efficient Learning of Deep Networks from Decentralized Data. In AIST. PMLR.
[8]
Y. Miao, R. Xie, X. Li, X. Liu, Z. Ma, and R. H. Deng. 2022. Compressed Federated Learning Based on Adaptive Local Differential Privacy. In ACSAC. ACM.
Index Terms
- Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling
Recommendations
Dummy Shuffling Against Algebraic Attacks in White-Box Implementations
Advances in Cryptology – EUROCRYPT 2021AbstractAt CHES 2016, Bos et al. showed that most of existing white-box implementations are easily broken by standard side-channel attacks. A natural idea to apply the well-developed side-channel countermeasure - linear masking schemes - leaves ...
A survey on privacy-preserving federated learning against poisoning attacks
AbstractFederated learning (FL) is designed to protect privacy of participants by not allowing direct access to the participants’ local datasets and training processes. This limitation hinders the server’s ability to verify the authenticity of the model ...
Mitigating Sybil Attacks in Federated Learning
Information Security Practice and ExperienceAbstractFederated learning (FL) is a distributed learning paradigm that facilities a basic data-privacy level, as the clients do not have to share their raw data. Since the clients send local model updates, it increases the attack surface of FL—with ...
Comments
Information & Contributors
Information
Published In
December 2024
5188 pages
ISBN:9798400706363
DOI:10.1145/3658644
- General Chairs:
- Bo Luo,
- Xiaojing Liao,
- Jun Xu,
- Program Chairs:
- Engin Kirda,
- David Lie
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 09 December 2024
Check for updates
Author Tags
Qualifiers
- Poster
Funding Sources
Conference
CCS '24
Sponsor:
CCS '24: ACM SIGSAC Conference on Computer and Communications Security
October 14 - 18, 2024
UT, Salt Lake City, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 52Total Downloads
- Downloads (Last 12 months)52
- Downloads (Last 6 weeks)52
Reflects downloads up to 03 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in