Fortifying Federated Learning against Membership Inference Attacks via Client-level Input Perturbation

被引：7

作者：

Yang, Yuchen ^{[1
]}

Yuan, Haolin ^{[1
]}

Hui, Bo ^{[1
]}

Gong, Neil ^{[2
]}

Fendley, Neil ^{[1
,3
]}

Burlina, Philippe ^{[3
]}

Cao, Yinzhi ^{[1
]}

机构：

[1] Johns Hopkins Univ, Baltimore, MD USA

[2] Duke Univ, Durham, NC USA

[3] Johns Hopkins Appl Phys Lab, Laurel, MD USA

来源：

2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, DSN | 2023年

基金：

美国国家科学基金会;

关键词：

RISK;

D O I：

10.1109/DSN58367.2023.00037

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Membership inference (MI) attacks are more diverse in a Federated Learning (FL) setting, because an adversary may be either an FL client, a server, or an external attacker. Existing defenses against MI attacks rely on perturbations to either the model's output predictions or the training process. However, output perturbations are ineffective in an FL setting, because a malicious server can access the model without output perturbation while training perturbations struggle to achieve a good utility. This paper proposes a novel defense, called CIP, to fortify FL against MI attacks via a client-level input perturbation during training and inference procedures. The key insight is to shift each client's local data distribution via a personalized perturbation to get a shifted model. CIP achieves a good balance between privacy and utility. Our evaluation shows that CIP causes accuracy to drop at most 0.7% while reducing attacks to random guessing.

引用

页码：288 / 301

页数：14

共 50 条

[21] Membership Inference Attacks Against Machine Learning Models via Prediction Sensitivity
Liu, Lan
Wang, Yi
Liu, Gaoyang
Peng, Kai
Wang, Chen
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2023, 20 (03) : 2341 - 2347
[22] Membership Inference Attacks Against Machine Learning Models
Shokri, Reza
Stronati, Marco
Song, Congzheng
Shmatikov, Vitaly
2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, : 3 - 18
[23] A Survey on Membership Inference Attacks Against Machine Learning
Bai, Yang
Chen, Ting
Fan, Mingyu
International Journal of Network Security, 2021, 23 (04) : 685 - 697
[24] Rethinking Membership Inference Attacks Against Transfer Learning
Wu, Cong
Chen, Jing
Fang, Qianru
He, Kun
Zhao, Ziming
Ren, Hao
Xu, Guowen
Liu, Yang
Xiang, Yang
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 6441 - 6454
[25] Label Inference Attacks Against Vertical Federated Learning
Fu, Chong
Zhang, Xuhong
Ji, Shouling
Chen, Jinyin
Wu, Jingzheng
Guo, Shanqing
Zhou, Jun
Liu, Alex X.
Wang, Ting
PROCEEDINGS OF THE 31ST USENIX SECURITY SYMPOSIUM, 2022, : 1397 - 1414
[26] Poster: Membership Inference Attacks via Contrastive Learning
Chen, Depeng
Liu, Xiao
Cui, Jie
Zhong, Hong
PROCEEDINGS OF THE 2023 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, CCS 2023, 2023, : 3555 - 3557
[27] Regulated Federated Learning Against the Effects of Heterogeneity and Client Attacks
Hu, Fei
Zhou, Wuneng
Liao, Kaili
Li, Hongliang
Tong, Dongbing
IEEE INTELLIGENT SYSTEMS, 2024, 39 (06) : 28 - 39
[28] Membership inference attacks against transfer learning for generalized model
Chen, Jinyin
Shangguan, Wenchang
Zhang, Jingjing
Zheng, Haibin
Zheng, Yayu
Zhang, Xu-Hong
Tongxin Xuebao/Journal on Communications, 2021, 42 (10): : 197 - 210
[29] Debiasing Learning for Membership Inference Attacks Against Recommender Systems
Wang, Zihan
Huang, Na
Sun, Fei
Ren, Pengjie
Chen, Zhumin
Luo, Hengliang
de Rijke, Maarten
Ren, Zhaochun
PROCEEDINGS OF THE 28TH ACM SIGKDD CONFERENCE ON KNOWLEDGE DISCOVERY AND DATA MINING, KDD 2022, 2022, : 1959 - 1968
[30] Membership Inference Attacks Against Incremental Learning in IoT Devices
Zhang, Xianglong
Zhang, Huanle
Zhang, Guoming
Yang, Yanni
Li, Feng
Fan, Lisheng
Huang, Zhijian
Cheng, Xiuzhen
Hu, Pengfei
IEEE TRANSACTIONS ON MOBILE COMPUTING, 2025, 24 (05) : 4006 - 4021

← 1 2 3 4 5 →