Concealing Sensitive Samples against Gradient Leakage in Federated Learning

Jing Wu; Munawar Hayat; Mingyi Zhou; Mehrtash Harandi

doi:10.1609/aaai.v38i19.30171

Concealing Sensitive Samples against Gradient Leakage in Federated Learning

Jing Wu, Munawar Hayat, Mingyi Zhou, Mehrtash Harandi

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

7 Citations (Scopus)

Abstract

Federated Learning (FL) is a distributed learning paradigm that enhances users' privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users' private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance. Code is located at https://github.com/JingWu321/DCS-2.

Original language	English
Title of host publication	Thirty-Eighth AAAI Conference on Artificial Intelligence
Editors	Michael Wooldridge, Jennifer Dy, Sriraam Natarajan
Place of Publication	Washington DC USA
Publisher	Association for the Advancement of Artificial Intelligence (AAAI)
Pages	21717-21725
Number of pages	9
Volume	38
Edition	19
ISBN (Electronic)	9781577358879
DOIs	https://doi.org/10.1609/aaai.v38i19.30171
Publication status	Published - 2024
Event	AAAI Conference on Artificial Intelligence 2024 - Vancouver, Canada Duration: 20 Feb 2024 → 27 Feb 2024 Conference number: 38th https://ojs.aaai.org/index.php/AAAI/issue/view/588 (AAAI-24 Technical Tracks 13) https://ojs.aaai.org/index.php/AAAI/issue/view/589 (AAAI-24 Technical Tracks 14) https://ojs.aaai.org/index.php/AAAI/issue/view/593 (AAAI-24 Technical Tracks 18) https://aaai.org/aaai-conference/ (Website)

Conference

Conference	AAAI Conference on Artificial Intelligence 2024
Abbreviated title	AAAI 2024
Country/Territory	Canada
City	Vancouver
Period	20/02/24 → 27/02/24
Internet address	https://ojs.aaai.org/index.php/AAAI/issue/view/588 (AAAI-24 Technical Tracks 13) https://ojs.aaai.org/index.php/AAAI/issue/view/589 (AAAI-24 Technical Tracks 14) https://ojs.aaai.org/index.php/AAAI/issue/view/593 (AAAI-24 Technical Tracks 18) https://aaai.org/aaai-conference/ (Website)

Access to Document

10.1609/aaai.v38i19.30171

Cite this

Wu, J., Hayat, M., Zhou, M., & Harandi, M. (2024). Concealing Sensitive Samples against Gradient Leakage in Federated Learning. In M. Wooldridge, J. Dy, & S. Natarajan (Eds.), Thirty-Eighth AAAI Conference on Artificial Intelligence (19 ed., Vol. 38, pp. 21717-21725). Association for the Advancement of Artificial Intelligence (AAAI). https://doi.org/10.1609/aaai.v38i19.30171

Wu, Jing ; Hayat, Munawar ; Zhou, Mingyi et al. / Concealing Sensitive Samples against Gradient Leakage in Federated Learning. Thirty-Eighth AAAI Conference on Artificial Intelligence. editor / Michael Wooldridge ; Jennifer Dy ; Sriraam Natarajan. Vol. 38 19. ed. Washington DC USA : Association for the Advancement of Artificial Intelligence (AAAI), 2024. pp. 21717-21725

@inproceedings{17db8e94b06942fdaa9ab9b5bbd7b865,

title = "Concealing Sensitive Samples against Gradient Leakage in Federated Learning",

abstract = "Federated Learning (FL) is a distributed learning paradigm that enhances users' privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users' private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance. Code is located at https://github.com/JingWu321/DCS-2.",

author = "Jing Wu and Munawar Hayat and Mingyi Zhou and Mehrtash Harandi",

note = "Publisher Copyright: Copyright {\textcopyright} 2024, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved.; AAAI Conference on Artificial Intelligence 2024, AAAI 2024 ; Conference date: 20-02-2024 Through 27-02-2024",

year = "2024",

doi = "10.1609/aaai.v38i19.30171",

language = "English",

volume = "38",

pages = "21717--21725",

editor = "Michael Wooldridge and Jennifer Dy and Sriraam Natarajan",

booktitle = "Thirty-Eighth AAAI Conference on Artificial Intelligence",

publisher = "Association for the Advancement of Artificial Intelligence (AAAI)",

address = "United States of America",

edition = "19",

url = "https://ojs.aaai.org/index.php/AAAI/issue/view/588, https://ojs.aaai.org/index.php/AAAI/issue/view/589, https://ojs.aaai.org/index.php/AAAI/issue/view/593, https://aaai.org/aaai-conference/",

}

Wu, J, Hayat, M, Zhou, M & Harandi, M 2024, Concealing Sensitive Samples against Gradient Leakage in Federated Learning. in M Wooldridge, J Dy & S Natarajan (eds), Thirty-Eighth AAAI Conference on Artificial Intelligence. 19 edn, vol. 38, Association for the Advancement of Artificial Intelligence (AAAI), Washington DC USA, pp. 21717-21725, AAAI Conference on Artificial Intelligence 2024, Vancouver, British Columbia, Canada, 20/02/24. https://doi.org/10.1609/aaai.v38i19.30171

Concealing Sensitive Samples against Gradient Leakage in Federated Learning. / Wu, Jing; Hayat, Munawar; Zhou, Mingyi et al.
Thirty-Eighth AAAI Conference on Artificial Intelligence. ed. / Michael Wooldridge; Jennifer Dy; Sriraam Natarajan. Vol. 38 19. ed. Washington DC USA: Association for the Advancement of Artificial Intelligence (AAAI), 2024. p. 21717-21725.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Concealing Sensitive Samples against Gradient Leakage in Federated Learning

AU - Wu, Jing

AU - Hayat, Munawar

AU - Zhou, Mingyi

AU - Harandi, Mehrtash

N1 - Conference code: 38th

PY - 2024

Y1 - 2024

N2 - Federated Learning (FL) is a distributed learning paradigm that enhances users' privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users' private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance. Code is located at https://github.com/JingWu321/DCS-2.

AB - Federated Learning (FL) is a distributed learning paradigm that enhances users' privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users' private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance. Code is located at https://github.com/JingWu321/DCS-2.

UR - http://www.scopus.com/inward/record.url?scp=85189650829&partnerID=8YFLogxK

U2 - 10.1609/aaai.v38i19.30171

DO - 10.1609/aaai.v38i19.30171

M3 - Conference Paper

AN - SCOPUS:85189650829

VL - 38

SP - 21717

EP - 21725

BT - Thirty-Eighth AAAI Conference on Artificial Intelligence

A2 - Wooldridge, Michael

A2 - Dy, Jennifer

A2 - Natarajan, Sriraam

PB - Association for the Advancement of Artificial Intelligence (AAAI)

CY - Washington DC USA

T2 - AAAI Conference on Artificial Intelligence 2024

Y2 - 20 February 2024 through 27 February 2024

ER -

Concealing Sensitive Samples against Gradient Leakage in Federated Learning

Abstract

Conference

Access to Document

Other files and links

Exploiting Geometries of Learning for Fast, Adaptive and Robust AI

Cite this

Concealing Sensitive Samples against Gradient Leakage in Federated Learning

Abstract

Conference

Access to Document

Other files and links

Projects

Exploiting Geometries of Learning for Fast, Adaptive and Robust AI

Cite this