Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks

Peng He; Xinyu Wang; Weijiao Zhang; Zhongkai Wang; Song Wang; Chuangxin Ou; Guozheng Li

doi:10.1109/BIGCOM65357.2024.00035

Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks

Peng He, Xinyu Wang, Weijiao Zhang^*, Zhongkai Wang, Song Wang, Chuangxin Ou, Guozheng Li^*

^*Corresponding author for this work

School of Computer Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

While machine learning has achieved tremendous success, the privacy security of its models faces challenges. To protect the privacy of machine learning models, researchers have proposed methods such as federated learning and differential privacy. However, the effectiveness of these methods in defending against attacks on model privacy at the practical level has not been comprehensively evaluated. In this paper, we focus on membership inference attacks targeting the privacy of machine learning models. By employing classical black-box membership inference attacks and a white-box membership inference attack proposed in this paper, we evaluate the privacy performance of the federated differential privacy framework in scenarios where privacy attacks are actively defended. Experimental results demonstrate that compared to centralized learning with differential privacy methods, models trained using the federated differential privacy framework exhibit stronger privacy performance and higher utility. We investigate the impact of differential privacy implementation mechanisms and privacy budgets on the privacy performance of federated learning models, providing insights and guidance for selecting critical privacy mechanisms and parameters in the practical application of the federated differential privacy framework.

Original language	English
Title of host publication	Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	196-203
Number of pages	8
Edition	2024
ISBN (Electronic)	9798331509538
DOIs	https://doi.org/10.1109/BIGCOM65357.2024.00035
Publication status	Published - 2024
Event	10th International Conference on Big Data Computing and Communications, BIGCOM 2024 - Dalian, China Duration: 9 Aug 2024 → 11 Aug 2024

Conference

Conference	10th International Conference on Big Data Computing and Communications, BIGCOM 2024
Country/Territory	China
City	Dalian
Period	9/08/24 → 11/08/24

Keywords

Differential Privacy
Federated Learning
Membership Inference Attacks

Access to Document

10.1109/BIGCOM65357.2024.00035

Cite this

He, P., Wang, X., Zhang, W., Wang, Z., Wang, S., Ou, C., & Li, G. (2024). Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks. In Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024 (2024 ed., pp. 196-203). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BIGCOM65357.2024.00035

@inproceedings{abb2e106d8ae4fdf8d1a4abd71f5773f,

title = "Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks",

abstract = "While machine learning has achieved tremendous success, the privacy security of its models faces challenges. To protect the privacy of machine learning models, researchers have proposed methods such as federated learning and differential privacy. However, the effectiveness of these methods in defending against attacks on model privacy at the practical level has not been comprehensively evaluated. In this paper, we focus on membership inference attacks targeting the privacy of machine learning models. By employing classical black-box membership inference attacks and a white-box membership inference attack proposed in this paper, we evaluate the privacy performance of the federated differential privacy framework in scenarios where privacy attacks are actively defended. Experimental results demonstrate that compared to centralized learning with differential privacy methods, models trained using the federated differential privacy framework exhibit stronger privacy performance and higher utility. We investigate the impact of differential privacy implementation mechanisms and privacy budgets on the privacy performance of federated learning models, providing insights and guidance for selecting critical privacy mechanisms and parameters in the practical application of the federated differential privacy framework.",

keywords = "Differential Privacy, Federated Learning, Membership Inference Attacks",

author = "Peng He and Xinyu Wang and Weijiao Zhang and Zhongkai Wang and Song Wang and Chuangxin Ou and Guozheng Li",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 10th International Conference on Big Data Computing and Communications, BIGCOM 2024 ; Conference date: 09-08-2024 Through 11-08-2024",

year = "2024",

doi = "10.1109/BIGCOM65357.2024.00035",

language = "English",

pages = "196--203",

booktitle = "Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

edition = "2024",

}

He, P, Wang, X, Zhang, W, Wang, Z, Wang, S, Ou, C & Li, G 2024, Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks. in Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024. 2024 edn, Institute of Electrical and Electronics Engineers Inc., pp. 196-203, 10th International Conference on Big Data Computing and Communications, BIGCOM 2024, Dalian, China, 9/08/24. https://doi.org/10.1109/BIGCOM65357.2024.00035

Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks. / He, Peng; Wang, Xinyu; Zhang, Weijiao et al.
Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024. 2024. ed. Institute of Electrical and Electronics Engineers Inc., 2024. p. 196-203.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks

AU - He, Peng

AU - Wang, Xinyu

AU - Zhang, Weijiao

AU - Wang, Zhongkai

AU - Wang, Song

AU - Ou, Chuangxin

AU - Li, Guozheng

PY - 2024

Y1 - 2024

N2 - While machine learning has achieved tremendous success, the privacy security of its models faces challenges. To protect the privacy of machine learning models, researchers have proposed methods such as federated learning and differential privacy. However, the effectiveness of these methods in defending against attacks on model privacy at the practical level has not been comprehensively evaluated. In this paper, we focus on membership inference attacks targeting the privacy of machine learning models. By employing classical black-box membership inference attacks and a white-box membership inference attack proposed in this paper, we evaluate the privacy performance of the federated differential privacy framework in scenarios where privacy attacks are actively defended. Experimental results demonstrate that compared to centralized learning with differential privacy methods, models trained using the federated differential privacy framework exhibit stronger privacy performance and higher utility. We investigate the impact of differential privacy implementation mechanisms and privacy budgets on the privacy performance of federated learning models, providing insights and guidance for selecting critical privacy mechanisms and parameters in the practical application of the federated differential privacy framework.

AB - While machine learning has achieved tremendous success, the privacy security of its models faces challenges. To protect the privacy of machine learning models, researchers have proposed methods such as federated learning and differential privacy. However, the effectiveness of these methods in defending against attacks on model privacy at the practical level has not been comprehensively evaluated. In this paper, we focus on membership inference attacks targeting the privacy of machine learning models. By employing classical black-box membership inference attacks and a white-box membership inference attack proposed in this paper, we evaluate the privacy performance of the federated differential privacy framework in scenarios where privacy attacks are actively defended. Experimental results demonstrate that compared to centralized learning with differential privacy methods, models trained using the federated differential privacy framework exhibit stronger privacy performance and higher utility. We investigate the impact of differential privacy implementation mechanisms and privacy budgets on the privacy performance of federated learning models, providing insights and guidance for selecting critical privacy mechanisms and parameters in the practical application of the federated differential privacy framework.

KW - Differential Privacy

KW - Federated Learning

KW - Membership Inference Attacks

UR - http://www.scopus.com/inward/record.url?scp=105001665942&partnerID=8YFLogxK

U2 - 10.1109/BIGCOM65357.2024.00035

DO - 10.1109/BIGCOM65357.2024.00035

M3 - Conference contribution

AN - SCOPUS:105001665942

SP - 196

EP - 203

BT - Proceedings - 2024 10th International Conference on Big Data Computing and Communications, BIGCOM 2024

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 10th International Conference on Big Data Computing and Communications, BIGCOM 2024

Y2 - 9 August 2024 through 11 August 2024

ER -

Evaluating Differential Privacy in Federated Learning Based on Membership Inference Attacks

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this