Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification

Wen, Yuxin; Geiping, Jonas; Fowl, Liam; Goldblum, Micah; Goldstein, Tom

doi:10.48550/arxiv.2202.00580

Cited by 4 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As an example, [75] leverages a GAN (Generative Adversarial Network) [76] to reconstruct other users' personal data, while [77] uses a GAN to ensure the quality of the data that the attacker aims to reconstruct and [78] tries to infer characteristics of the clients with ad-hoc classifiers. Additionally, a malicious server might put in place label and feature fishing attacks by intentionally modifying some parameters of the global model [79]. For an in-depth discussion on threats and attacks in FL, we refer the readers to [32], [33].…”

Section: Privacy In Federated Learningmentioning

confidence: 99%

Accelerating Federated Learning via Sequential Training of Grouped Heterogeneous Clients

Silvi,

Rizzardi,

Caldarola

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Federated Learning (FL) allows training machine learning models in privacy-constrained scenarios by enabling the cooperation of edge devices without requiring local data sharing. This approach raises several challenges due to the different statistical distribution of the local datasets and the clients' computational heterogeneity. In particular, the presence of highly non-i.i.d. data severely impairs both the performance of the trained neural network and its convergence rate, increasing the number of communication rounds required to reach centralized performance. As a solution, we propose FedSeq, a novel framework leveraging the sequential training of subgroups of heterogeneous clients, i.e., superclients, to learn more robust models before the server-side averaging step. Given a fixed budget of communication rounds, we show that FedSeq outperforms or match several state-of-the-art federated algorithms in terms of final performance and speed of convergence. Our method can be easily integrated with other approaches available in the literature, and empirical results show that combining existing algorithms with FedSeq further improves its final performance and convergence speed. We evaluate our method across multiple FL benchmarks, establishing its effectiveness in both i.i.d. and non-i.i.d. scenarios. Lastly, we highlight that the sequential training introduced here does not introduce additional privacy concerns when compared to the de facto standard, FedAvg.

show abstract

Section: Privacy In Federated Learningmentioning

confidence: 99%

Accelerating Federated Learning via Sequential Training of Grouped Heterogeneous Clients

Silvi,

Rizzardi,

Caldarola

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…As our research progresses we find that increasing the batch size is no longer effective in preventing privacy breaches. The gradient attack algorithm proposed in the literature [78] can obtain individual gradients in arbitrarily large aggregated batches and, crucially, it applies to arbitrary models. The gradient attack algorithm is now able to reconstruct image information with a resolution of 224 × 224 and steals information with increasing accuracy.…”

Section: Figure 3: Research History Of Gradient Leakagementioning

confidence: 99%

Multi-Robot Privacy-Preserving Algorithms Based on Federated Learning: A Review

Peng,

Guo,

Bao

et al. 2023

CMC

View full text Add to dashboard Cite

The robotics industry has seen rapid development in recent years due to the Corona Virus Disease 2019. With the development of sensors and smart devices, factories and enterprises have accumulated a large amount of data in their daily production, which creates extremely favorable conditions for robots to perform machine learning. However, in recent years, people's awareness of data privacy has been increasing, leading to the inability to circulate data between different enterprises, resulting in the emergence of data silos. The emergence of federated learning provides a feasible solution to this problem, and the combination of federated learning and multi-robot systems can break down data silos and improve the overall performance of robots. However, as scholars have studied more deeply, they found that federated learning has very limited privacy protection. Therefore, how to protect data privacy from infringement remains an important issue. In this paper, we first give a brief introduction to the current development of multi-robot and federated learning; second, we review three aspects of privacy protection methods commonly used, privacy protection methods for multi-robot, and Other Problems Faced by Multi-robot Systems, focusing on method comparisons and challenges; and finally draw conclusions and predict possible future research directions.

show abstract

“…Or in federated learning, a malicious server can select model architectures that enable reconstructing training samples [9,20]. Alternatively, participants in decentralized learning protocols can boost privacy attacks by sending dynamic malicious updates [44,51,69]. Our work differs from these in only requiring the weak assumption that the attacker can add a small amount of arbitrary data to the training set once, without contributing to any other part of training thereafter.…”

Section: Attacks On Training Integritymentioning

confidence: 99%

Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets

Tramèr¹,

Shokri²,

Joaquin³

et al. 2022

Preprint

View full text Add to dashboard Cite

We introduce a new class of attacks on machine learning models. We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other parties. Our active inference attacks connect two independent lines of work targeting the integrity and privacy of machine learning training data.Our attacks are effective across membership inference, attribute inference, and data extraction. For example, our targeted attacks can poison <0.1% of the training dataset to boost the performance of inference attacks by 1 to 2 orders of magnitude. Further, an adversary who controls a significant fraction of the training data (e.g., 50%) can launch untargeted attacks that enable 8× more precise inference on all other users' otherwise-private data points.Our results cast doubts on the relevance of cryptographic privacy guarantees in multiparty computation protocols for machine learning, if parties can arbitrarily select their share of training data.

show abstract

Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification

Cited by 4 publications

References 19 publications

Accelerating Federated Learning via Sequential Training of Grouped Heterogeneous Clients

Accelerating Federated Learning via Sequential Training of Grouped Heterogeneous Clients

Multi-Robot Privacy-Preserving Algorithms Based on Federated Learning: A Review

Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets

Contact Info

Product

Resources

About