Abstract
With the rise of privacy concerns in traditional centralized machine learning services, federated learning, which incorporates multiple participants to train a global model across their localized training data, has lately received significant attention in both industry and academia. Bringing federated learning into a wireless network scenario is a great move. The combination of them inspires tremendous power and spawns a number of promising applications. Recent researches reveal the inherent vulnerabilities of the various learning modes for the membership inference attacks that the adversary could infer whether a given data record belongs to the model’s training set. Although the state‐of‐the‐art techniques could successfully deduce the membership information from the centralized machine learning models, it is still challenging to infer the member data at a more confined level, the user level. It is exciting that the common wireless monitor technique in the wireless network environment just provides a good ground for fine‐grained membership inference. In this paper, we novelly propose and define a concept of user‐level inference attack in federated learning. Specifically, we first give a comprehensive analysis of active and targeted membership inference attacks in the context of federated learning. Then, by considering a more complicated scenario that the adversary can only passively observe the updating models from different iterations, we incorporate the generative adversarial networks into our method, which can enrich the training set for the final membership inference model. In the end, we comprehensively research and implement inferences launched by adversaries of different roles, which makes the attack scenario complete and realistic. The extensive experimental results demonstrate the effectiveness of our proposed attacking approach in the case of single label and multilabel.
Highlights
With the revolution of decentralized machine learning, researches on collaborative learning technologies such as federated learning for resource-constrained devices on mobile edge networks [1] have been increasing and expanding the landscape of use cases
Unlike other collaborative learning frameworks, federated learning updates a global model by aggregating all local parameters from participants, so that the federated model can benefit from a wide range of non-IID [3] and unbalanced data distribution among diverse participants
Stuck by the model averaging algorithm and the lack of training data for the membership inference, we make full use of the characteristics of the wireless monitor to further propose a local-deployed data augmentation method relying on the generative adversarial networks (GANs) to generate high-quality fake samples
Summary
With the revolution of decentralized machine learning, researches on collaborative learning technologies such as federated learning for resource-constrained devices on mobile edge networks [1] have been increasing and expanding the landscape of use cases. Stuck by the model averaging algorithm and the lack of training data for the membership inference, we make full use of the characteristics of the wireless monitor to further propose a local-deployed data augmentation method relying on the generative adversarial networks (GANs) to generate high-quality fake samples. We further disclose the security hole of the current federated learning enabled by 5G wireless networks with novelly launching fine-grained membership inference attacks and encouraging more researches on preventing participants from leaking privacy. (ii) Data Augment Using GANs. To gain insight into the data distribution of other participants to perform the membership inference, we use the information obtained by a wireless monitor and innovatively develop local-deployed generative adversarial networks (GANs) to generate samples with all labels.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.