TU Darmstadt / ULB / TUbiblio

User-Level Label Leakage from Gradients in Federated Learning

Wainakh, Aidmar ; Ventola, Fabrizio ; Müßig, Till ; Keim, Jens ; Garcia Cordero, Carlos ; Zimmer, Ephraim ; Grube, Tim ; Mühlhäuser, Max (2022)
User-Level Label Leakage from Gradients in Federated Learning.
doi: 10.48550/arXiv.2105.09369
Report, Bibliographie

Kurzbeschreibung (Abstract)

Federated learning enables multiple users to build a joint model by sharing their model updates (gradients), while their raw data remains local on their devices. In contrast to the common belief that this provides privacy benefits, we here add to the very recent results on privacy risks when sharing gradients. Specifically, we investigate Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users’ training data from their shared gradients. The attack exploits the direction and magnitude of gradients to determine the presence or absence of any label. LLG is simple yet effective, capable of leaking potential sensitive information represented by labels, and scales well to arbitrary batch sizes and multiple classes. We mathematically and empirically demonstrate the validity of the attack under different settings. Moreover, empirical results show that LLG successfully extracts labels with high accuracy at the early stages of model training. We also discuss different defense mechanisms against such leakage. Our findings suggest that gradient compression is a practical technique to mitigate the attack.

Typ des Eintrags: Report
Erschienen: 2022
Autor(en): Wainakh, Aidmar ; Ventola, Fabrizio ; Müßig, Till ; Keim, Jens ; Garcia Cordero, Carlos ; Zimmer, Ephraim ; Grube, Tim ; Mühlhäuser, Max
Art des Eintrags: Bibliographie
Titel: User-Level Label Leakage from Gradients in Federated Learning
Sprache: Englisch
Publikationsjahr: 3 Januar 2022
Verlag: arXiv
Reihe: Cryptography and Security
Kollation: 28 Seiten
DOI: 10.48550/arXiv.2105.09369
Zugehörige Links:
Kurzbeschreibung (Abstract):

Federated learning enables multiple users to build a joint model by sharing their model updates (gradients), while their raw data remains local on their devices. In contrast to the common belief that this provides privacy benefits, we here add to the very recent results on privacy risks when sharing gradients. Specifically, we investigate Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users’ training data from their shared gradients. The attack exploits the direction and magnitude of gradients to determine the presence or absence of any label. LLG is simple yet effective, capable of leaking potential sensitive information represented by labels, and scales well to arbitrary batch sizes and multiple classes. We mathematically and empirically demonstrate the validity of the attack under different settings. Moreover, empirical results show that LLG successfully extracts labels with high accuracy at the early stages of model training. We also discuss different defense mechanisms against such leakage. Our findings suggest that gradient compression is a practical technique to mitigate the attack.

Zusätzliche Informationen:

4. Version

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Telekooperation
Hinterlegungsdatum: 21 Feb 2022 10:04
Letzte Änderung: 19 Dez 2024 11:03
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen