Perfectly Accurate Membership Inference by a Dishonest Central Server in Federated Learning

03/30/2022
by   Georg Pichler, et al.
0

Federated Learning is expected to provide strong privacy guarantees, as only gradients or model parameters but no plain text training data is ever exchanged either between the clients or between the clients and the central server. In this paper, we challenge this claim by introducing a simple but still very effective membership inference attack algorithm, which relies only on a single training step. In contrast to the popular honest-but-curious model, we investigate a framework with a dishonest central server. Our strategy is applicable to models with ReLU activations and uses the properties of this activation function to achieve perfect accuracy. Empirical evaluation on visual classification tasks with MNIST, CIFAR10, CIFAR100 and CelebA datasets show that our method provides perfect accuracy in identifying one sample in a training set with thousands of samples. Occasional failures of our method lead us to discover duplicate images in the CIFAR100 and CelebA datasets.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/24/2023

Active Membership Inference Attack under Local Differential Privacy in Federated Learning

Federated learning (FL) was originally regarded as a framework for colla...
research
10/19/2020

From Distributed Machine Learning To Federated Learning: In The View Of Data Privacy And Security

Federated learning is an improved version of distributed machine learnin...
research
10/15/2021

FedMe: Federated Learning via Model Exchange

Federated learning is a distributed machine learning method in which a s...
research
12/24/2020

Decentralized Federated Learning via Mutual Knowledge Transfer

In this paper, we investigate the problem of decentralized federated lea...
research
09/30/2021

Federated Learning in ASR: Not as Easy as You Think

With the growing availability of smart devices and cloud services, perso...
research
09/13/2021

Source Inference Attacks in Federated Learning

Federated learning (FL) has emerged as a promising privacy-aware paradig...
research
04/02/2019

Data Disclosure under Perfect Sample Privacy

Perfect data privacy seems to be in fundamental opposition to the econom...

Please sign up or login with your details

Forgot password? Click here to reset