Skip to main content
Springer Nature Link
Log in

Prevention of GAN-Based Privacy Inferring Attacks Towards Federated Learning

  • Conference paper
  • First Online:
Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2022)

Abstract

With the increasing amount of data, data privacy has drawn great concern in machine learning among the public. Federated Learning, which is a new kind of distributed learning framework, enables data providers to train models locally to protect privacy. It solves the problem of privacy leakage of data by enabling multiple parties, each with their training dataset, to share the model instead of exchanging private data with the server side. However, there are still threats of data privacy leakage in federated learning. In this work, we are motivated to prevent GAN-based privacy inferring attacks in federated learning. For the GAN-based privacy inferring attacks, inspired by the idea of gradient compression, we propose a defense method called Federated Learning Parameter Compression (FLPC) which can reduce the sharing of information for privacy protection. It prevents attackers from recovering the privacy information of victims while maintaining the accuracy of the global model. Comprehensive experimental results demonstrated that our method is effective in the prevention of GAN-based privacy inferring attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Yan, K., Wang, X., Du, Y., Jin, N., Huang, H., Zhou, H.: Multi-step short-term power consumption forecasting with a hybrid deep learning strategy. Energies 11(11), 3089 (2018)

    Article  Google Scholar 

  2. Wang, W., et al.: Hgate: Heterogeneous graph attention auto-encoders. IEEE Transactions on Knowledge and Data Engineering, pp. 1–1 (2021). https://doi.org/10.1109/TKDE.2021.3138788

  3. Sharma, U., Maheshkar, S., Mishra, A.N., Kaushik, R.: Visual speech recognition using optical flow and hidden markov model. Wireless Pers. Commun. 106(4), 2129–2147 (2019)

    Article  Google Scholar 

  4. Liu, P., Yuan, W., Fu, J., Jiang, Z., Hayashi, H., Neubig, G.: Pre-train, prompt, and predict: A systematic survey of prompting methods in natural language processing. arXiv preprint arXiv:2107.13586 (2021)

  5. Ranjan, R., Bansal, A., Zheng, J., Xu, H., Gleason, J., Lu, B., Nanduri, A., Chen, J.C., Castillo, C.D., Chellappa, R.: A fast and accurate system for face detection, identification, and verification. IEEE Trans. Biomet., Behav. Identity Sci. 1(2), 82–96 (2019)

    Article  Google Scholar 

  6. Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pp. 1310–1321 (2015)

    Google Scholar 

  7. McMahan, B., Moore, E., Ramage, D., Hampson, S., y Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, pp. 1273–1282. PMLR (2017)

    Google Scholar 

  8. Liu, M., Ho, S., Wang, M., Gao, L., Jin, Y., Zhang, H.: Federated learning meets natural language processing: A survey. arXiv preprint arXiv:2107.12603 (2021)

  9. Hitaj, B., Ateniese, G., Perez-Cruz, F.: Deep models under the gan: information leakage from collaborative deep learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 603–618 (2017)

    Google Scholar 

  10. Lyu, L., Yu, H., Ma, X., Sun, L., Zhao, J., Yang, Q., Yu, P.S.: Privacy and robustness in federated learning: Attacks and defenses. arXiv preprint arXiv:2012.06337 (2020)

  11. Naseri, M., Hayes, J., De Cristofaro, E.: Toward robustness and privacy in federated learning: Experimenting with local and central differential privacy. arXiv e-prints pp. arXiv-2009 (2020)

    Google Scholar 

  12. Zhu, H., Xu, J., Liu, S., Jin, Y.: Federated learning on non-iid data: a survey. Neurocomputing 465, 371–390 (2021)

    Article  Google Scholar 

  13. Saha, S., Ahmad, T.: Federated transfer learning: concept and applications. Intelligenza Artificiale 15(1), 35–44 (2021)

    Article  Google Scholar 

  14. Maschler, B., Weyrich, M.: Deep transfer learning for industrial automation: a review and discussion of new techniques for data-driven machine learning. IEEE Ind. Electron. Mag. 15(2), 65–75 (2021)

    Article  Google Scholar 

  15. Liu, P., Xu, X., Wang, W.: Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives. Cybersecurity 5(1), 4 (2022)

    Article  Google Scholar 

  16. Zhao, B., Mopuri, K.R., Bilen, H.: idlg: Improved deep leakage from gradients. arXiv preprint arXiv:2001.02610 (2020)

  17. Sannai, A.: Reconstruction of training samples from loss functions. CoRR abs/1805.07337 (2018), http://arxiv.org/abs/1805.07337

  18. Wang, Z., Song, M., Zhang, Z., Song, Y., Wang, Q., Qi, H.: Beyond inferring class representatives: User-level privacy leakage from federated learning. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications, pp. 2512–2520. IEEE (2019)

    Google Scholar 

  19. Fu, C., Zhang, X., Ji, S., Chen, J., Wu, J., Guo, S., Zhou, J., Liu, A.X., Wang, T.: Label inference attacks against vertical federated learning. In: 31st USENIX Security Symposium (USENIX Security 22), Boston, MA (2022)

    Google Scholar 

  20. Triastcyn, A., Faltings, B.: Federated learning with bayesian differential privacy. In: 2019 IEEE International Conference on Big Data (Big Data), pp. 2587–2596. IEEE (2019)

    Google Scholar 

  21. Shejwalkar, V., Houmansadr, A.: Manipulating the byzantine: Optimizing model poisoning attacks and defenses for federated learning. In: NDSS (2021)

    Google Scholar 

  22. Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938–2948. PMLR (2020)

    Google Scholar 

  23. Blanchard, P., El Mhamdi, E.M., Guerraoui, R., Stainer, J.: Machine learning with adversaries: Byzantine tolerant gradient descent. In: Advances in Neural Information Processing Systems, vol. 30 (2017)

    Google Scholar 

  24. Guerraoui, R., Rouault, S., et al.: The hidden vulnerability of distributed learning in byzantium. In: International Conference on Machine Learning, pp. 3521–3530. PMLR (2018)

    Google Scholar 

  25. Yin, D., Chen, Y., Kannan, R., Bartlett, P.: Byzantine-robust distributed learning: Towards optimal statistical rates. In: International Conference on Machine Learning, pp. 5650–5659. PMLR (2018)

    Google Scholar 

  26. Fang, M., Cao, X., Jia, J., Gong, N.: Local model poisoning attacks to \(\{\)Byzantine-Robust\(\}\) federated learning. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1605–1622 (2020)

    Google Scholar 

  27. Wang, W., Wang, X., Feng, D., Liu, J., Han, Z., Zhang, X.: Exploring permission-induced risk in android applications for malicious application detection. IEEE Trans. Inf. Forensics Secur. 9(11), 1869–1882 (2014)

    Article  Google Scholar 

  28. Wang, W., Zhao, M., Wang, J.: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network. J. Ambient Intell. Human. Comput. 10(8), 3035–3043 (2018)

    Google Scholar 

  29. Fan, M., Liu, J., Wang, W., Li, H., Tian, Z., Liu, T.: DAPASA: detecting android piggybacked apps through sensitive subgraph analysis. IEEE Trans. Inf. Forensics Secur. 12(8), 1772–1785 (2017)

    Article  Google Scholar 

  30. Wang, W., Li, Y., Wang, X., Liu, J., Zhang, X.: Detecting android malicious apps and categorizing benign apps with ensemble of classifiers. Future Gener. Comput. Syst. 78, 987–994 (2018)

    Article  Google Scholar 

  31. Su, D., Liu, J., Wang, W., Wang, X., Du, X., Guizani, M.: Discovering communities of malapps on android-based mobile cyber-physical systems. Ad Hoc Netw. 80, 104–115 (2018)

    Article  Google Scholar 

  32. Wang, X., Wang, W., He, Y., Liu, J., Han, Z., Zhang, X.: Characterizing android apps’ behavior for effective detection of malapps at large scale. Future Gener. Comput. Syst. 75, 30–45 (2017)

    Article  Google Scholar 

  33. Liu, X., Liu, J., Zhu, S., Wang, W., Zhang, X.: Privacy risk analysis and mitigation of analytics libraries in the android ecosystem. IEEE Trans. Mob. Comput. 19(5), 1184–1199 (2020)

    Article  Google Scholar 

  34. Wang, W., Song, J., Xu, G., Li, Y., Wang, H., Su, C.: ContractWard: Automated vulnerability detection models for ethereum smart contracts. IEEE Trans. Netw. Sci. Eng. 8(2), 1133–1144 (2021)

    Google Scholar 

  35. Wang, W., Shang, Y., He, Y., Li, Y., Liu, J.: Botmark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284–296 (2020)

    Article  Google Scholar 

  36. Li, L., et al.: Creditcoin: a privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles. IEEE Trans. Intell. Transp. Syst. 19(7), 2204–2220 (2018)

    Article  Google Scholar 

  37. Goodfellow, I., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A., Bengio, Y.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, vol. 27 (2014)

    Google Scholar 

  38. Hinz, T., Fisher, M., Wang, O., Wermter, S.: Improved techniques for training single-image gans. In: Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pp. 1300–1309 (2021)

    Google Scholar 

  39. Karras, T., Laine, S., Aittala, M., Hellsten, J., Lehtinen, J., Aila, T.: Analyzing and improving the image quality of stylegan. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 8110–8119 (2020)

    Google Scholar 

  40. Ding, M., et al.: Cogview: mastering text-to-image generation via transformers. Adv. Neural. Inf. Process. Syst. 34, 19822–19835 (2021)

    Google Scholar 

  41. Yan, X., Cui, B., Xu, Y., Shi, P., Wang, Z.: A method of information protection for collaborative deep learning under gan model attack. In: IEEE/ACM Transactions on Computational Biology and Bioinformatics (2019)

    Google Scholar 

  42. Luo, X., Zhu, X.: Exploiting defenses against gan-based feature inference attacks in federated learning. arXiv preprint arXiv:2004.12571 (2020)

  43. Lin, Y., Han, S., Mao, H., Wang, Y., Dally, W.J.: Deep gradient compression: Reducing the communication bandwidth for distributed training. arXiv preprint arXiv:1712.01887 (2017)

  44. Shi, S., Wang, Q., Chu, X., Li, B., Qin, Y., Liu, R., Zhao, X.: Communication-efficient distributed deep learning with merged gradient sparsification on gpus. In: IEEE INFOCOM 2020-IEEE Conference on Computer Communications, pp. 406–415. IEEE (2020)

    Google Scholar 

  45. Chen, C.Y., Choi, J., Brand, D., Agrawal, A., Zhang, W., Gopalakrishnan, K.: Adacomp: Adaptive residual gradient compression for data-parallel distributed training. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 32 (2018)

    Google Scholar 

  46. Deng, L.: The mnist database of handwritten digit images for machine learning research. IEEE Signal Process. Mag. 29(6), 141–142 (2012)

    Article  Google Scholar 

Download references

Acknowledgement

This work was supported in part by National Key R &D Program of China, under Grant 2020YFB2103802, in part by the National Natural Science Foundation of China, under grant U21A20463 and in part by the Fundamental Research Funds for the Central Universities of China under Grant KKJB320001536.

Author information

Authors and Affiliations

  1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, No.3 Shangyuancun, Beijing, 100044, China

    Hongbo Cao, Yuange Ren & Wei Wang

  2. School of electronic information engineering, Beijing Jiaotong University, No.3 Shangyuancun, Beijing, 100044, China

    Yongsheng Zhu

  3. Institute of Computing Technologies, China Academy of Railway Sciences Corporation Limited, Beijing, 100081, China

    Yongsheng Zhu & Wanqi Wang

  4. Zhejiang Key Laboratory of Multi-dimensional Perception Technology, Application and Cybersecurity, Hangzhou, 310053, China

    Bin Wang

  5. iFLYTEK Co., Ltd, Hefei, China

    Mingqing Hu

Authors
  1. Hongbo Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongsheng Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuange Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mingqing Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wanqi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Wei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Wang .

Editor information

Editors and Affiliations

  1. Shanghai University, Shanghai, China

    Honghao Gao

  2. Xi’an Jiaotong-Liverpool University, Suzhou, China

    Xinheng Wang

  3. Zhejiang University City College, Hangzhou, China

    Wei Wei

  4. London South Bank University, London, UK

    Tasos Dagiuklas

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cao, H. et al. (2022). Prevention of GAN-Based Privacy Inferring Attacks Towards Federated Learning. In: Gao, H., Wang, X., Wei, W., Dagiuklas, T. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 461. Springer, Cham. https://doi.org/10.1007/978-3-031-24386-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-24386-8_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-24385-1

  • Online ISBN: 978-3-031-24386-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics