An Overview of Federated Deep Learning Privacy Attacks and Defensive Strategies

Enthoven, David; Al-Ars, Zaid

doi:10.48550/arxiv.2004.04676

Cited by 12 publications

(17 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have also provided results for the widely used LFPW [1] dataset (Table 2). With our EF+CB baseline we could not replicate the numbers reported by [2]. (This could be due to the fact that we could not obtain the whole dataset.)…”

Section: B Distributed Landmark Localization Algorithmmentioning

confidence: 83%

See 1 more Smart Citation

Privacy-Preserving Object Detection & Localization Using Distributed Machine Learning: A Case Study of Infant Eyeblink Conditioning

Zwaard¹,

Boele²,

Alers³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Distributed machine learning is becoming a popular model-training method due to privacy, computational scalability, and bandwidth capacities. In this work, we explore scalable distributed-training versions of two algorithms commonly used in object detection. A novel distributed training algorithm using Mean Weight Matrix Aggregation (MWMA) is proposed for Linear Support Vector Machine (L-SVM) object detection based in Histogram of Orientated Gradients (HOG). In addition, a novel Weighted Bin Aggregation (WBA) algorithm is proposed for distributed training of Ensemble of Regression Trees (ERT) landmark localization. Both algorithms do not restrict the location of model aggregation and allow custom architectures for model distribution. For this work, a Pool-BasedLocal Training and Aggregation (PBLTA) architecture for both algorithms is explored. The application of both algorithms in the medical field is examined using a paradigm from the fields of psychology and neuroscience -eyeblink conditioning with infants -where models need to be trained on facial images while protecting participant privacy. Using distributed learning, models can be trained without sending image data to other nodes. The custom software has been made available for public use on GitHub: https://github.com/SLWZwaard/DMT. Results show that the aggregation of models for the HOG algorithm using MWMA not only preserves the accuracy of the model but also allows for distributed learning with an accuracy increase of 0.9% compared with traditional learning. Furthermore, WBA allows for ERT model aggregation with an accuracy increase of 8% when compared to single-node models.

show abstract

Section: B Distributed Landmark Localization Algorithmmentioning

confidence: 83%

“…point [2]. However, this approach has other advantages, including distribution of the required processing power needed for machine learning, which eliminates the need for heavy central servers, as well as reduction of data communication bandwidth requirements for transferring large amounts of data between nodes.…”

mentioning

confidence: 99%

Privacy-Preserving Object Detection & Localization Using Distributed Machine Learning: A Case Study of Infant Eyeblink Conditioning

Zwaard¹,

Boele²,

Alers³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Privacy and Security in FL. Enthoven et al [32] presented a structured overview about privacy attacks and defense mechanisms in FL, but only for deep learning models. Lyu et al [83] elaborated additionally on security attacks and pointed out weaknesses in current countermeasures through a qualitative analysis of the literature.…”

Section: Review Studiesmentioning

confidence: 99%

Federated Learning Attacks Revisited: A Critical Discussion of Gaps, Assumptions, and Evaluation Setups

Wainakh¹,

Zimmer²,

Subedi³

et al. 2021

Preprint

View full text Add to dashboard Cite

Federated learning (FL) enables a set of entities to collaboratively train a machine learning model without sharing their sensitive data, thus, mitigating some privacy concerns. However, an increasing number of works in the literature propose attacks that can manipulate the model and disclose information about the training data in FL. As a result, there has been a growing belief in the research community that FL is highly vulnerable to a variety of severe attacks. Although these attacks do indeed highlight security and privacy risks in FL, some of them may not be as effective in production deployment because they are feasible only under special-sometimes impractical-assumptions. Furthermore, some attacks are evaluated under limited setups that may not match real-world scenarios. In this paper, we investigate this issue by conducting a systematic mapping study of attacks against FL, covering 48 relevant papers from 2016 to the third quarter of 2021. On the basis of this study, we provide a quantitative analysis of the proposed attacks and their evaluation settings. This analysis reveals several research gaps with regard to the type of target ML models and their architectures. Additionally, we highlight unrealistic assumptions in the problem settings of some attacks, related to the hyper-parameters of the ML model and data distribution among clients. Furthermore, we identify and discuss several fallacies in the evaluation of attacks, which open up questions on the generalizability of the conclusions. As a remedy, we propose a set of recommendations to avoid these fallacies and to promote adequate evaluations.

show abstract

“…Enthoven and Al-Ars [131] summarize most defence strategies used in federated learning, which can be categorized into three types: 1) Subsample or compress the communicated gradients [5,6,132]; 2) Differential privacy and SMC [18], and 3) Robustness aggregation [133] using e.g., the byzantine resilient aggregation rule [134,135].…”

Section: Adversarial Federated Neural Architecture Searchmentioning

confidence: 99%

From Federated Learning to Federated Neural Architecture Search: A Survey

Zhu

Zhang

Jin

2020

Preprint

View full text Add to dashboard Cite

Federated learning is a recently proposed distributed machine learning paradigm for privacy preservation, which has found a wide range of applications where data privacy is of primary concern. Meanwhile, neural architecture search has become very popular in deep learning for automatically tuning the architecture and hyperparameters of deep neural networks. While both federated learning and neural architecture search are faced with many open challenges, searching for optimized neural architectures in the federated learning framework is particularly demanding. This survey paper starts with a brief introduction to federated learning, including both horizontal, vertical, and hybrid federated learning. Then, neural architecture search approaches based on reinforcement learning, evolutionary algorithms and gradient-based are presented. This is followed by a description of federated neural architecture search that has recently been proposed, which is categorized into online and offline implementations, and single-and multi-objective search approaches. Finally, remaining open research questions are outlined and promising research topics are suggested.

show abstract

An Overview of Federated Deep Learning Privacy Attacks and Defensive Strategies

Cited by 12 publications

References 0 publications

Privacy-Preserving Object Detection & Localization Using Distributed Machine Learning: A Case Study of Infant Eyeblink Conditioning

Privacy-Preserving Object Detection & Localization Using Distributed Machine Learning: A Case Study of Infant Eyeblink Conditioning

Federated Learning Attacks Revisited: A Critical Discussion of Gaps, Assumptions, and Evaluation Setups

From Federated Learning to Federated Neural Architecture Search: A Survey

Contact Info

Product

Resources

About