Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Task-Agnostic Privacy-Preserving Representation Learning for Federated Learning Against Attribute Inference Attacks (2312.06989v1)

Published 12 Dec 2023 in cs.CR

Abstract: Federated learning (FL) has been widely studied recently due to its property to collaboratively train data from different devices without sharing the raw data. Nevertheless, recent studies show that an adversary can still be possible to infer private information about devices' data, e.g., sensitive attributes such as income, race, and sexual orientation. To mitigate the attribute inference attacks, various existing privacy-preserving FL methods can be adopted/adapted. However, all these existing methods have key limitations: they need to know the FL task in advance, or have intolerable computational overheads or utility losses, or do not have provable privacy guarantees. We address these issues and design a task-agnostic privacy-preserving presentation learning method for FL ({\bf TAPPFL}) against attribute inference attacks. TAPPFL is formulated via information theory. Specifically, TAPPFL has two mutual information goals, where one goal learns task-agnostic data representations that contain the least information about the private attribute in each device's data, and the other goal ensures the learnt data representations include as much information as possible about the device data to maintain FL utility. We also derive privacy guarantees of TAPPFL against worst-case attribute inference attacks, as well as the inherent tradeoff between utility preservation and privacy protection. Extensive results on multiple datasets and applications validate the effectiveness of TAPPFL to protect data privacy, maintain the FL utility, and be efficient as well. Experimental results also show that TAPPFL outperforms the existing defenses\footnote{Source code and full version: \url{https://github.com/TAPPFL}}.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (58)
  1. Deep Variational Information Bottleneck. In ICLR.
  2. Alibaba Federated Learning. 2022. https://federatedscope.io/.
  3. Privacy-preserving deep learning: Revisited and enhanced. In ATIS.
  4. Mutual information neural estimation. In ICML.
  5. Towards federated learning at scale: System design. MLSys.
  6. Practical secure aggregation for privacy-preserving machine learning. In CCS.
  7. Calabro, C. 2009. The exponential complexity of satisfiability problems. University of California, San Diego.
  8. Infogan: Interpretable representation learning by information maximizing generative adversarial nets. In NIPS.
  9. CLUB: A Contrastive Log-ratio Upper Bound of Mutual Information. In ICML.
  10. Revealing and protecting labels in distributed training. In NeurIPS.
  11. Fully distributed privacy preserving mini-batch gradient descent learning. In IFIP DAIS.
  12. UCI Machine Learning Repository.
  13. Property inference attacks on fully connected neural networks using permutation invariant representations. In CCS.
  14. Differentially private federated learning: A client level perspective. arXiv.
  15. On choosing and bounding probability metrics. International statistical review, 70(3): 419–435.
  16. Generative adversarial nets. In NIPS.
  17. Google Federated Learning. 2022. https://federated.withgoogle.com/.
  18. Learning privately from multiparty data. In ICML.
  19. Equality of Opportunity in Supervised Learning.
  20. Learning deep representations by mutual information estimation and maximization. In ICLR.
  21. IBM Federated Learning. 2022. https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=models-federated-learning.
  22. AttriInfer: Inferring user attributes in online social networks using markov random fields. In WWW.
  23. Secure, privacy-preserving and federated machine learning in medical imaging. Nature Machine Intelligence.
  24. Lessons Learned from the Chameleon Testbed. In USENIX ATC.
  25. Training with the invisibles: Obfuscating images to share safely for learning visual recognition models. arXiv.
  26. An introduction to variational autoencoders. Foundations and Trends® in Machine Learning, 12(4): 307–392.
  27. Krizhevsky, A. 2009. Learning multiple layers of features from tiny images. Technical report.
  28. Deepobfuscator: Adversarial training framework for privacy-preserving image classification. arXiv preprint arXiv:1909.04126.
  29. Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine.
  30. Information obfuscation of graph neural networks. In ICML.
  31. Privacy Adversarial Network: Representation Learning for Mobile Data Privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 3(4): 1–18.
  32. Learning adversarially fair and transferable representations. In ICML.
  33. Communication-Efficient Learning of Deep Networks from Decentralized Data. In AISTATS.
  34. Learning Differentially Private Recurrent Language Models. In ICLR.
  35. Exploiting unintended feature leakage in collaborative learning. In IEEE SP.
  36. Microsoft Federated Learning. 2022. https://www.microsoft.com/en-us/research/blog/flute-a-scalable-federated-learning-simulation-platform/.
  37. R2DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions. In CCS, 677–696. ACM.
  38. Secureml: A system for scalable privacy-preserving machine learning. In IEEE SP.
  39. Invariant representations without adversarial training. In NeurIPS.
  40. Adversarial image perturbation for privacy protection a game theory perspective. In ICCV.
  41. Representation learning with contrastive predictive coding. arXiv.
  42. Deep private-feature extraction. IEEE TKDE.
  43. Multiparty differential privacy via aggregation of locally trained classifiers. In NIPS.
  44. Variational discriminator bottleneck: Improving imitation learning, inverse rl, and gans by constraining information flow. arXiv preprint arXiv:1810.00821.
  45. Learning privacy preserving encodings through adversarial training. In WACV.
  46. On variational bounds of mutual information. In ICML.
  47. The future of digital health with federated learning. NPJ digital medicine, 3(1): 119.
  48. Privacy-preserving deep learning. In CCS.
  49. Overlearning Reveals Sensitive Attributes. In ICLR.
  50. Learning controllable fair representations. In AISTATS.
  51. Visualizing data using t-SNE. JMLR.
  52. User-Level Label Leakage from Gradients in Federated Learning. In PTES.
  53. Privacy-Preserving Representation Learning on Graphs: A Mutual Information Perspective. In KDD.
  54. A Model-Agnostic Approach to Differentially Private Topic Mining. In KDD, 1835–1845. ACM.
  55. Federated learning with differential privacy: Algorithms and performance analysis. IEEE TIFS.
  56. Towards privacy-preserving visual recognition via adversarial training: A pilot study. In ECCV.
  57. Trade-offs and guarantees of adversarial representation learning for information obfuscation. In NeurIPS.
  58. Deep leakage from gradients. In NeurIPS.
Citations (6)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now