Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Communication Systems

SecureComm 2021: Security and Privacy in Communication Networks pp 287–307Cite as

Local Model Privacy-Preserving Study for Federated Learning

  • Conference paper
  • First Online:

  • 1246 Accesses

Abstract

In federated learning framework, data are kept locally by clients, which provides naturally a certain level of privacy. However, we show in this paper that a curious onlooker can still infer some sensitive information of clients by looking at the exchanged messages. More precisely, for the linear regression task, the onlooker can decode the exact local model of each client in a constant number of rounds under both cross-device and cross-silo federated learning settings. We improve one of the learning algorithms and experimentally show that it makes the onlooker harder to decode the local model of clients.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    https://github.com/tcapelle/timeseries_fastai.

  2. 2.

    UMAP is a general purpose manifold learning and dimension reduction algorithm: https://umap-learn.readthedocs.io/en/latest/basic_usage.html.

  3. 3.

    Boston House Dataset:https://scikit-learn.org/stable/modules/generated/sklearn.datasets.load_bost-on.html.

References

  1. McMahan, B., Moore, E., Ramage, D., et al.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics. PMLR, pp. 1273–1282 (2017)

    Google Scholar 

  2. Ma, C., Li, J., Ding, M., Shu, F., et al.: On safeguarding privacy and security in the framework of federated learning. IEEE Network 34(4), 242–248 (2020)

    Article  Google Scholar 

  3. Wang, Z., Song, M., Zhang, Z., Song, Y., Qi, H.: Beyond inferring class representatives: user-level privacy leakage from federated learning. In: IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, pp. 2512–2520. IEEE (2019)

    Google Scholar 

  4. Dwork, C., Roth, A.: The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)

    MathSciNet  MATH  Google Scholar 

  5. Li, J., Khodak, M., Caldas, S., Talwalkar, A.: Differentially Private Meta-Learning. arXiv preprint arXiv:1909.05830 (2019)

  6. Truex, S., Baracaldo, N., Anwar, A., Steinke, T., et al.: A hybrid approach to privacy-preserving federated learning. In: Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security, pp. 1–11. ACM (2019)

    Google Scholar 

  7. Fredrikson, M., Lantz, E., Jha, S., et al.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 17–32. USENIX (2014)

    Google Scholar 

  8. Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322–1333. ACM (2015)

    Google Scholar 

  9. Kairouz, P., McMahan, H.B., Avent, B., et al.: Advances and open problems in federated learning. arXiv preprint arXiv:1912.04977 (2019)

  10. Apple: Designing for privacy (video and slide deck). Apple WWDC (2019). https://developer.apple.com/videos/play/wwdc2019/708

  11. ai.google: Under the hood of the Pixel 2: How AI is supercharging hardware (2018). https://ai.google/stories/ai-in-hardware

  12. Hard, A., Rao, K., Mathews, R., et al.: Federated learning for mobile keyboard prediction. arXiv preprint arXiv:1811.03604 (2018)

  13. Musketeer: The MUSKETEER cross-domain platform will validate progress in the two industrial scenarios: SMART MANUFACTURING and HEALTH CARE (2019). http://musketeer.eu/project

  14. WeBank: WeBank and Swiss resigned cooperation MOU (2019). https://finance.yahoo.com/news/webank-swiss-signed-cooperation-mou-112300218.html

  15. Blondel, V.D., Hendrickx, J.M., Olshevsky, A., et al.: Convergence in multiagent coordination, consensus, and flocking. In: Proceedings of the 44th IEEE Conference on Decision and Control, pp. 2996–3000. IEEE (2005)

    Google Scholar 

  16. Jadbabaie, A., Lin, J., Morse, A.S.: Coordination of groups of mobile autonomous agents using nearest neighbor rules. IEEE Trans. Autom. Control 48(6), 988–1001 (2003)

    Article  MathSciNet  Google Scholar 

  17. Tsitsiklis, J., Bertsekas, D., Athans, M.: Distributed asynchronous deterministic and stochastic gradient optimization algorithms. IEEE Trans. Autom. Control 31(9), 803–812 (1986)

    Article  MathSciNet  Google Scholar 

  18. Gao, H., Wang, Y.: Dynamics Based Privacy Protection for Average Consensus on Directed Graphs. arXiv preprint arXiv:1812.02255 (2018)

  19. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_1

    Chapter  Google Scholar 

  20. Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: privacy via distributed noise generation. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 486–503. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_29

    Chapter  Google Scholar 

  21. Kempe, D., Dobra, A., Gehrke, J.: Gossip-based computation of aggregate information. In: 44th Annual IEEE Symposium on Foundations of Computer Science, Proceedings, pp. 482–491. IEEE (2003)

    Google Scholar 

  22. Bénézit, F., Blondel, V., Thiran, P., Tsitsiklis, J., Vetterli, M.: Weighted gossip: distributed averaging using non-doubly stochastic matrices. In: 2010 IEEE International Symposium on Information Theory, pp. 1753–1757. IEEE (2010)

    Google Scholar 

  23. Nedic, A., Ozdaglar, A.: Distributed subgradient methods for multi-agent optimization. IEEE Trans. Autom. Control 54(1), 48–61 (2009)

    Article  MathSciNet  Google Scholar 

  24. Boyd, S., Ghosh, A., Prabhakar, B., Shah, D.: Randomized gossip algorithms. IEEE Trans. Inf. Theory 52(6), 2508–2530 (2006)

    Article  MathSciNet  Google Scholar 

  25. Nedić, A., Olshevsky, A.: Distributed optimization over time-varying directed graphs. IEEE Trans. Autom. Control 60(3), 601–615 (2015)

    Article  MathSciNet  Google Scholar 

  26. Balcan, M.F., Blum, A., Fine, S., et al.: Distributed learning, communication complexity and privacy. In: Conference on Learning Theory. JMLR Workshop and Conference Proceedings, pp. 26-1 (2012)

    Google Scholar 

  27. Shamir, O., Srebro, N.: Distributed stochastic optimization and learning. In: 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 850–857. IEEE (2014)

    Google Scholar 

  28. Tsianos, K.I., Lawlor, S., Rabbat, M.G.: Push-sum distributed dual averaging for convex optimization. In: 2012 IEEE 51st IEEE Conference on Decision and Control (CDC), pp. 5453–5458. IEEE (2012)

    Google Scholar 

  29. Geyer, R.C., Klein, T., Nabi, M.: Differentially private federated learning: a client level perspective. arXiv preprint arXiv:1712.07557 (2017)

  30. Wei, K., Li, J., Ding, M., et al.: Federated learning with differential privacy: algorithms and performance analysis. IEEE Trans. Inf. Forensics Secur. 15, 3454–3469 (2020)

    Article  Google Scholar 

  31. Nagumey, A.: Book review: parallel and distributed computation: numerical methods. Int. J. Supercomput. Appl. 3(4), 73–74 (1989)

    Google Scholar 

  32. Fawaz, H.I., Lucas, B., Forestier, G., et al.: Inceptiontime: finding alexnet for time series classification. Data Min. Knowl. Disc. 34(6), 1936–1962 (2020)

    Article  MathSciNet  Google Scholar 

  33. Tsianos, K.I.: The Role of the Network in Distributed Optimization Algorithms: Convergence Rates, Scalability, Communication/Computation Tradeoffs and Communication Delays. McGill University Libraries (2013)

    Google Scholar 

  34. Fercoq, O., Qu, Z., Richtárik, P., Takáč, M.: Fast distributed coordinate descent for non-strongly convex losses. In: 2014 IEEE International Workshop on Machine Learning for Signal Processing (MLSP), pp. 1–6. IEEE (2014)

    Google Scholar 

  35. Tsianos, K.I., Lawlor, S., Rabbat, M.G.: Consensus-based distributed optimization: practical issues and applications in large-scale machine learning. In: 2012 50th Annual Allerton Conference on Communication, Control, and Computing (allerton), pp. 1543–1550. IEEE (2012)

    Google Scholar 

Download references

Acknowledgment

Most of the work was finished during the master internship of the first author in Inria Sophia Antipolis, France. We would like to thank Prof. Giovanni Neglia and Dr. Chuan Xu for their ideas and suggestions. And this research is supported by the National Key R&D Program of China (2017YFB0801701 and 2017YFB0802805), the National Natural Science Foundation of China (Grants: U1936120, U1636216), Joint Fund of Ministry of Education of China for Equipment Preresearch (No. 6141A020333), the Fundamental Research Funds for the Central Universities, and the Basic Research Program of State Grid Shanghai Municipal Electric Power Company (52094019007F). Daojing He is the corresponding author of this article.

Author information

Authors and Affiliations

  1. Software Engineering Institute, East China Normal University, Shanghai, China

    Kaiyun Pan & Daojing He

  2. Inria Sophia Antipolis, Valbonne, France

    Chuan Xu

Authors
  1. Kaiyun Pan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daojing He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuan Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daojing He .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. University of Kent Canterbury, Canterbury, Kent, UK

    Shujun Li

  3. University of Washington, Seattle, WA, USA

    Radha Poovendran

  4. Télécom SudParis, Institut Polytechnique de Paris, Palaiseau, France

    Hervé Debar

  5. Google Inc., New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pan, K., He, D., Xu, C. (2021). Local Model Privacy-Preserving Study for Federated Learning. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90019-9_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90018-2

  • Online ISBN: 978-3-030-90019-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation