GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

Ren, Hanchi; Deng, Jingjing; Xie, Xianghua

doi:10.1145/3510032

Cited by 55 publications

(14 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their proposed attack seems to be slightly better than the one proposed by Geiping et al [64], but further experimentation is required to confirm their superiority. The same can be applied to Ren et al [65], whose comparison with others than Zhu and Han [12] remains undone.…”

Section: Feature Inference Attacksmentioning

confidence: 91%

“…With the same attacker knowledge, Li et al [63] propose a framework to measure the effectiveness of passive Feature inference attacks on logistic regression models, whose inputs are binary. Geiping et al [64] and Ren et al [65] propose different approaches to solve the initialization and stability problems of [12] and their attacks can handle batches of up to 100 and 256 elements, respectively. With the same attacker knowledge, Wei et al [66] propose an extensive study to measure the capabilities of passive reconstruction attacks focused on recovering images.…”

Section: Feature Inference Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Rodríguez-Barroso¹,

López²,

Luzón³

et al. 2022

Preprint

View full text Add to dashboard Cite

Federated learning is a machine learning paradigm that emerges as a solution to the privacy-preservation demands in artificial intelligence. As machine learning, federated learning is threatened by adversarial attacks against the integrity of the learning model and the privacy of data via a distributed approach to tackle local and global learning. This weak point is exacerbated by the inaccessibility of data in federated learning, which makes harder the protection against adversarial attacks and evidences the need to furtherance the research on defence methods to make federated learning a real solution for safeguarding data privacy. In this paper, we present an extensive review of the threats of federated learning, as well as as their corresponding countermeasures, attacks versus defences. This survey provides a taxonomy of adversarial attacks and a taxonomy of defence methods that depict a general picture of this vulnerability of federated learning and how to overcome it. Likewise, we expound guidelines for selecting the most adequate defence method according to the category of the adversarial attack. Besides, we carry out an extensive experimental study from which we draw further conclusions about the behaviour of attacks and defences and the guidelines for selecting the most adequate defence method according to the category of the adversarial attack. This study is finished leading to meditated learned lessons and challenges.

show abstract

Section: Feature Inference Attacksmentioning

confidence: 91%

Section: Feature Inference Attacksmentioning

confidence: 99%

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Rodríguez-Barroso¹,

López²,

Luzón³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Wei et al [146] discussed the gradient leakage attacks targeted at the federated server, thus violating the client's privacy regarding its training data. Ren et al [115] pointed out that the proposed Generative Regression Neural Network can recover the image data in the FL framework.…”

Section: Future Research Directionsmentioning

confidence: 99%

Digital Privacy Under Attack: Challenges and Enablers

Song¹,

Deng²,

Pokhrel³

et al. 2023

Preprint

View full text Add to dashboard Cite

Users have renewed interest in protecting their private data in the digital space. When they don't believe that their privacy is sufficiently covered by one platform, they will readily switch to another. Such an increasing level of privacy awareness has made privacy preservation an essential research topic. Nevertheless, new privacy attacks are emerging day by day. Therefore, a holistic survey to compare the discovered techniques on attacks over privacy preservation and their mitigation schemes is essential in the literature. We develop a study to fill this gap by assessing the resilience of privacy-preserving methods to various attacks and conducting a comprehensive review of countermeasures from a broader perspective. First, we introduce the fundamental concepts and critical components of privacy attacks. Second, we comprehensively cover major privacy attacks targeted at anonymous data, statistical aggregate data, and privacy-preserving models. We also summarize popular countermeasures to mitigate these attacks. Finally, some promising future research directions and related issues in the privacy community are envisaged. We believe this survey will successfully shed some light on privacy research and encourage researchers to entirely understand the resilience of different existing privacy-preserving approaches.

show abstract

“…We simulate the scenarios with possible information leakage risks by presenting several data leakage attacks on CIFAR-10 dataset, including up-convolutional neural network (UpCNN) [60] and variational autoencoder (VAE) [61] that try to recover the input images from the feature representations. And we also adopt the approach from the state-of-the-art gradient attack generative regression neural network (GRNN) [62] to inverse the feature prototypes. From the reconstructed results in Fig.…”

Section: Testing Data Leakage From Prototypesmentioning

confidence: 99%

Stabilizing and Improving Federated Learning with Non-IID Data and Client Dropout

Xu¹,

Yang²,

Ding³

et al. 2023

Preprint

View full text Add to dashboard Cite

The label distribution skew induced data heterogeniety has been shown to be a significant obstacle that limits the model performance in federated learning, which is particularly developed for collaborative model training over decentralized data sources while preserving user privacy. This challenge could be more serious when the participating clients are in unstable circumstances and dropout frequently. Previous work and our empirical observations demonstrate that the classifier head for classification task is more sensitive to label skew and the unstable performance of FedAvg mainly lies in the imbalanced training samples across different classes. The biased classifier head will also impact the learning of feature representations. Therefore, maintaining a balanced classifier head is of significant importance for building a better global model. To this end, we propose a simple yet effective framework by introducing a prior-calibrated softmax function for computing the cross-entropy loss and a prototype-based feature augmentation scheme to re-balance the local training, which are lightweight for edge devices and can facilitate the global model aggregation. The improved model performance over existing baselines in the presence of non-IID data and client dropout is demonstrated by conducting extensive experiments on benchmark classification tasks.

show abstract

GRNN: Generative Regression Neural Network—A Data Leakage Attack for Federated Learning

Cited by 55 publications

References 27 publications

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Survey on Federated Learning Threats: concepts, taxonomy on attacks and defences, experimental study and challenges

Digital Privacy Under Attack: Challenges and Enablers

Stabilizing and Improving Federated Learning with Non-IID Data and Client Dropout

Contact Info

Product

Resources

About