Data Leakage in Federated Averaging

Dimitrov, Dimitar; Balunović, Mislav; Konstantinov, Nikola; Vechev, Martin

doi:10.48550/arxiv.2206.12395

Cited by 3 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While they only quantize the gradient to 16-bit and 8-bit integers, our NNC module uses an arbitrary number of quantization points, fine-tuned for each layer. These works are good indicators that gradient obfuscation techniques can be successfully employed to counteract attacks such as those proposed by Geiping et al [18] and Dimitrov et al [12].…”

Section: Data Security and Privacy Protectionmentioning

confidence: 91%

“…Since FedAvg does not share the gradient but the updated local model, it is not vulnerable to this kind of attack. And still, Dimitrov et al [12] show that it is possible to reconstruct training images in realistic FedAvg settings. Despite the method's success with a single client relying on many local training rounds, attacking aggregated parameter updates from multiple clients, even if only a few them are used, significantly degrades the reconstruction performance.…”

Section: Data Security and Privacy Protectionmentioning

confidence: 99%

See 1 more Smart Citation

A Privacy Preserving System for Movie Recommendations using Federated Learning

Neumann¹,

Lutz²,

Müller³

et al. 2023

Preprint

View full text Add to dashboard Cite

Recommender systems have become ubiquitous in the past years. They solve the tyranny of choice problem faced by many users, and are employed by many online businesses to drive engagement and sales. Besides other criticisms, like creating filter bubbles within social networks, recommender systems are often reproved for collecting considerable amounts of personal data. However, to personalize recommendations, personal information is fundamentally required. A recent distributed learning scheme called federated learning has made it possible to learn from personal user data without its central collection. Accordingly, we present a complete recommender system for movie recommendations, which provides privacy and thus trustworthiness on two levels: First, it is trained using federated learning and thus is, by its very nature, privacy-preserving, while still enabling individual users to benefit from global insights. And second, a novel federated learning scheme, FedQ, is employed, which not only addresses the problem of non-i.i.d. and small local datasets, but also prevents input data reconstruction attacks by aggregating client models early. To reduce the communication overhead, compression is applied, which significantly reduces the exchanged neural network updates to a fraction of their original data. We conjecture that it may also improve data privacy through its lossy quantization stage.

show abstract

Section: Data Security and Privacy Protectionmentioning

confidence: 91%

Section: Data Security and Privacy Protectionmentioning

confidence: 99%

A Privacy Preserving System for Movie Recommendations using Federated Learning

Neumann¹,

Lutz²,

Müller³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

A Privacy Preserving System for Movie Recommendations Using Federated Learning

Neumann,

Lutz,

Müller

et al. 2023

ACM Trans. Recomm. Syst.

View full text Add to dashboard Cite

Recommender systems have become ubiquitous in the past years. They solve the tyranny of choice problem faced by many users, and are utilized by many online businesses to drive engagement and sales. Besides other criticisms, like creating filter bubbles within social networks, recommender systems are often reproved for collecting considerable amounts of personal data. However, to personalize recommendations, personal information is fundamentally required. A recent distributed learning scheme called federated learning has made it possible to learn from personal user data without its central collection. Consequently, we present a recommender system for movie recommendations, which provides privacy and thus trustworthiness on multiple levels: First and foremost, it is trained using federated learning and thus, by its very nature, privacy-preserving, while still enabling users to benefit from global insights. Furthermore, a novel federated learning scheme, called FedQ, is employed, which not only addresses the problem of non-i.i.d.-ness and small local datasets, but also prevents input data reconstruction attacks by aggregating client updates early. Finally, to reduce the communication overhead, compression is applied, which significantly compresses the exchanged neural network parametrizations to a fraction of their original size. We conjecture that this may also improve data privacy through its lossy quantization stage.

show abstract