Differentially Private Federated Learning: A Client Level Perspective

Klein, Tassilo; Nabi, Moin

doi:10.48550/arxiv.1712.07557

Cited by 160 publications

(304 citation statements)

References 4 publications

Supporting

Mentioning

303

Contrasting

Order By: Relevance

“…Some data still have to be sent in an aggregated form for billing, but these data do not reveal many details. Techniques such as secure aggregation [25] and differential privacy [26] are being explored to enforce trust requirements.…”

Section: B Federated Learningmentioning

confidence: 99%

Electrical Load Forecasting Using Edge Computing and Federated Learning

Taïk

Cherkaoui

2020

ICC 2020 - 2020 IEEE International Conference on Communications (ICC)

134

View full text Add to dashboard Cite

In the smart grid, huge amounts of consumption data are used to train deep learning models for applications such as load monitoring and demand response. However, these applications raise concerns regarding security and have high accuracy requirements. In one hand, the data used is privacysensitive. For instance, the fine-grained data collected by a smart meter at a consumer's home may reveal information on the appliances and thus the consumer's behaviour at home. On the other hand, the deep learning models require big data volumes with enough variety and to be trained adequately. In this paper, we evaluate the use of Edge computing and federated learning, a decentralized machine learning scheme that allows to increase the volume and diversity of data used to train the deep learning models without compromising privacy. This paper reports, to the best of our knowledge, the first use of federated learning for household load forecasting and achieves promising results. The simulations were done using Tensorflow Federated on the data from 200 houses from Texas, USA.

show abstract

Section: B Federated Learningmentioning

confidence: 99%

Electrical Load Forecasting Using Edge Computing and Federated Learning

Taïk

Cherkaoui

2020

ICC 2020 - 2020 IEEE International Conference on Communications (ICC)

134

View full text Add to dashboard Cite

show abstract

“…DP is used to encrypt the response for each query in the SMC. Geyer et al [9] introduce a DP algorithm focusing on removing the data source info. In addition to using the same SGD framework as DPSGD, the algorithm also will randomly ignore a portion of the data to protect data privacy.…”

Section: Differential Privacy In Federated Learningmentioning

confidence: 99%

Differential Privacy in Privacy-Preserving Big Data and Learning: Challenge and Opportunity

Jiang¹,

Gao²,

Sarwar³

et al. 2021

Preprint

View full text Add to dashboard Cite

Differential privacy (DP) has become the de facto standard of privacy preservation due to its strong protection and sound mathematical foundation, which is widely adopted in different applications such as big data analysis, graph data process, machine learning, deep learning, and federated learning. Although DP has become an active and influential area, it is not the best remedy for all privacy problems in different scenarios. Moreover, there are also some misunderstanding, misuse, and great challenges of DP in specific applications. In this paper, we point out a series of limits and open challenges of corresponding research areas. Besides, we offer potentially new insights and avenues on combining differential privacy with other effective dimension reduction techniques and secure multiparty computing to clearly define various privacy models.

show abstract

“…Any inappropriate setting of fixed privacy parameters will bring in vulnerability to gradient leakage attacks. [29], [50] and DP-baseline with clipping bound C = S = 4 and noise scale σ = 6 as in [24], [27]. It is observed that an adequate amount of noise is necessary to mask the gradients from malicious or curious inference attackers using the reconstruction learning on the leaked gradients.…”

Section: Baseline With Fixed Parametersmentioning

confidence: 99%

“…Inherent Limitations of Baseline. Inspired by the pioneer work [24], many proposals in the literature [25], [27], [29] and open source community [30], [31] employ the fixed privacy parameter strategy to decide clipping method, define the sensitivity of gradient updates and noise scale, which results in constant noise injection throughout every step of the entire training process. Although such a rigid setting of privacy parameters has shown reasonable accuracy while providing a certain level of differential privacy guarantee, they suffer some inherent limitations.…”

Section: Introductionmentioning

confidence: 99%

Gradient Leakage Attack Resilient Deep Learning

Wei¹,

Liu²

2021

Preprint

View full text Add to dashboard Cite

Gradient leakage attacks are considered one of the wickedest privacy threats in deep learning as attackers covertly spy gradient updates during iterative training without compromising model training quality, and yet secretly reconstruct sensitive training data using leaked gradients with high attack success rate. Although deep learning with differential privacy is a defacto standard for publishing deep learning models with differential privacy guarantee, we show that differentially private algorithms with fixed privacy parameters are vulnerable against gradient leakage attacks. This paper investigates alternative approaches to gradient leakage resilient deep learning with differential privacy (DP). First, we analyze existing implementation of deep learning with differential privacy, which use fixed noise variance to injects constant noise to the gradients in all layers using fixed privacy parameters. Despite the DP guarantee provided, the method suffers from low accuracy and is vulnerable to gradient leakage attacks. Second, we present a gradient leakage resilient deep learning approach with differential privacy guarantee by using dynamic privacy parameters. Unlike fixedparameter strategies that result in constant noise variance, different dynamic parameter strategies present alternative techniques to introduce adaptive noise variance and adaptive noise injection which are closely aligned to the trend of gradient updates during differentially private model training. Finally, we describe four complementary metrics to evaluate and compare alternative approaches. Extensive experiments on six benchmark datasets show that differentially private deep learning with dynamic privacy parameters outperforms the deep learning using fixed DP parameters, and existing adaptive clipping approaches in all aspects: compelling accuracy performance, strong differential privacy guarantee, and high attack resilience.

show abstract

Differentially Private Federated Learning: A Client Level Perspective

Cited by 160 publications

References 4 publications

Electrical Load Forecasting Using Edge Computing and Federated Learning

Electrical Load Forecasting Using Edge Computing and Federated Learning

Differential Privacy in Privacy-Preserving Big Data and Learning: Challenge and Opportunity

Gradient Leakage Attack Resilient Deep Learning

Contact Info

Product

Resources

About