Do Gradient Inversion Attacks Make Federated Learning Unsafe?

Hatamizadeh, Ali; Yin, Hong; Molchanov, Pavlo; Myronenko, Andriy; Li, Wenqi; Dogra, Prerna; Feng, Andrew; Flores, Mona G.; Kautz, Jan; Xu, Daguang; Roth, Holger R.

doi:10.48550/arxiv.2202.06924

Cited by 3 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An overview of model inversion attack implementations and defense approaches is already described in prior work. 61 Advancements in these attacks continue to be put forward, and works that demonstrate such attacks in the setting of FL for medical models that demonstrate successful approximation of hidden batch normalization statistics, for example, 62 acknowledge the importance of understanding such threats in these settings. Membership inference: membership inference is the process by which an adversary has possession of a particular data sample and is attempting to infer whether it was included in the training set of the model.…”

Section: Threats To Privacy During Flmentioning

confidence: 99%

Section: Threats To Privacy During Flmentioning

confidence: 99%

“…In particular, secure and private FL has hope to greatly benefit collaborations in domains with stringent policies around data sharing, such as is the case for health care. 14 , 21 , 22 , 23 , 24 , 25 , 26 , 27 , 28 Some literature exists reporting on general vulnerabilities of FL 29 , 30 and even exploring privacy and security concepts related to FL, 31 , 32 , 33 albeit without providing a focus on their implications in the health-care domain. We further note a survey of open-source frameworks enabling FL, although without adequately exploring concepts of privacy.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Privacy preservation for federated learning in health care

Pati,

Kumar,

Varma

et al. 2024

Patterns

View full text Add to dashboard Cite

Section: Threats To Privacy During Flmentioning

confidence: 99%

Section: Threats To Privacy During Flmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Privacy preservation for federated learning in health care

Pati,

Kumar,

Varma

et al. 2024

Patterns

View full text Add to dashboard Cite

“…To inject class-specific impression to the synthetic images without violating privacy regulations (such as re-identification), we assume the averaged image of each class xt k (k ∈ Y t ) is available to initialize the optimization of x in Eq (1). It is worth noting that, Class Impression aims to generate images following the distributions of the past class, rather than reconstructing the training data points as model inversion attacks does [24,8,6], thus Class Impression aims to meet certain privacy requirements imposed on storing medical data.…”

Section: Class Impressionmentioning

confidence: 99%

Class Impression for Data-free Incremental Learning

Sana¹,

Abolmaesumi²,

Tsang³

et al. 2022

Preprint

View full text Add to dashboard Cite

Standard deep learning-based classification approaches require collecting all samples from all classes in advance and are trained offline. This paradigm may not be practical in real-world clinical applications, where new classes are incrementally introduced through the addition of new data. Class incremental learning is a strategy allowing learning from such data. However, a major challenge is catastrophic forgetting, i.e., performance degradation on previous classes when adapting a trained model to new data. To alleviate this challenge, prior methodologies save a portion of training data that require perpetual storage, which may introduce privacy issues. Here, we propose a novel data-free class incremental learning framework that first synthesizes data from the model trained on previous classes to generate a Class Impression. Subsequently, it updates the model by combining the synthesized data with new class data. Furthermore, we incorporate a cosine normalized Crossentropy loss to mitigate the adverse effects of the imbalance, a margin loss to increase separation among previous classes and new ones, and an intradomain contrastive loss to generalize the model trained on the synthesized data to real data. We compare our proposed framework with stateof-the-art methods in class incremental learning, where we demonstrate improvement in accuracy for the classification of 11,062 echocardiography cine series of patients. Code is available at https://github.com/sanaAyrml/Class-Impresion-for-Data-free-Incremental-Learning

show abstract

“…Privacy in FL and PFL Privacy is a hot and significant topic in the age of medical big data [37]. Nevertheless, previous studies showed that FL is still vulnerable to attacks, such as data poisoning attack [38], membership inference attack [39]- [41], source inference attack (SIA) [42], attribute reconstruction attack [43], and inversion attack [44]- [47], thus compromising data privacy.…”

mentioning

confidence: 99%

Personalized and privacy-preserving federated heterogeneous medical image analysis with PPPML-HMI

Zhou

Wang

et al. 2023

Preprint

View full text Add to dashboard Cite

Heterogeneous data is endemic due to the use of diverse models and settings of devices by hospitals in the field of medical imaging. However, there are few open-source frameworks for federated heterogeneous medical image analysis with personalization and privacy protection without the demand to modify the existing model structures or to share any private data. In this paper, we proposed PPPML-HMI, a novel open-source learning paradigm for personalized and privacy-preserving federated heterogeneous medical image analysis. To our best knowledge, personalization and privacy protection were achieved simultaneously for the first time under the federated scenario by integrating the PerFedAvg algorithm and designing the novel cyclic secure aggregation with the homomorphic encryption algorithm. To show the utility of PPPML-HMI, we applied it to a simulated classification task namely the classification of healthy people and patients from the RAD-ChestCT Dataset, and one real-world segmentation task namely the segmentation of lung infections from COVID-19 CT scans. For the real-world task, PPPML-HMI achieved $\sim$5\% higher Dice score on average compared to conventional FL under the heterogeneous scenario. Meanwhile, we applied the improved deep leakage from gradients to simulate adversarial attacks and showed the strong privacy-preserving capability of PPPML-HMI. By applying PPPML-HMI to both tasks with different neural networks, a varied number of users, and sample sizes, we further demonstrated the strong generalizability of PPPML-HMI.

show abstract

Do Gradient Inversion Attacks Make Federated Learning Unsafe?

Cited by 3 publications

References 29 publications

Privacy preservation for federated learning in health care

Privacy preservation for federated learning in health care

Class Impression for Data-free Incremental Learning

Personalized and privacy-preserving federated heterogeneous medical image analysis with PPPML-HMI

Contact Info

Product

Resources

About