TU Darmstadt / ULB / TUbiblio

User-Level Label Leakage from Gradients in Federated Learning

Wainakh, Aidmar ; Ventola, Fabrizio ; Müßig, Till ; Keim, Jens ; Carcia Cordero, Carlos ; Zimmer, Ephraim ; Grube, Tim ; Kersting, Kristian ; Mühlhäuser, Max (2022)
User-Level Label Leakage from Gradients in Federated Learning.
In: Proceedings on Privacy Enhancing Technologies (PoPETs), 2022 (2)
doi: 10.2478/popets-2022-0043
Article, Bibliographie

Abstract

Federated learning enables multiple users to build a joint model by sharing their model updates (gradients), while their raw data remains local on their devices. In contrast to the common belief that this provides privacy benefits, we here add to the very recent results on privacy risks when sharing gradients. Specifically, we investigate Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users’ training data from their shared gradients. The attack exploits the direction and magnitude of gradients to determine the presence or absence of any label. LLG is simple yet effective, capable of leaking potential sensitive information represented by labels, and scales well to arbitrary batch sizes and multiple classes. We mathematically and empirically demonstrate the validity of the attack under different settings. Moreover, empirical results show that LLG successfully extracts labels with high accuracy at the early stages of model training. We also discuss different defense mechanisms against such leakage. Our findings suggest that gradient compression is a practical technique to mitigate

Item Type: Article
Erschienen: 2022
Creators: Wainakh, Aidmar ; Ventola, Fabrizio ; Müßig, Till ; Keim, Jens ; Carcia Cordero, Carlos ; Zimmer, Ephraim ; Grube, Tim ; Kersting, Kristian ; Mühlhäuser, Max
Type of entry: Bibliographie
Title: User-Level Label Leakage from Gradients in Federated Learning
Language: English
Date: April 2022
Publisher: De Gruyter Open
Journal or Publication Title: Proceedings on Privacy Enhancing Technologies (PoPETs)
Volume of the journal: 2022
Issue Number: 2
Book Title: Proceedings on Privacy Enhancing Technologies (PETS) 2022
DOI: 10.2478/popets-2022-0043
Corresponding Links:
Abstract:

Federated learning enables multiple users to build a joint model by sharing their model updates (gradients), while their raw data remains local on their devices. In contrast to the common belief that this provides privacy benefits, we here add to the very recent results on privacy risks when sharing gradients. Specifically, we investigate Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users’ training data from their shared gradients. The attack exploits the direction and magnitude of gradients to determine the presence or absence of any label. LLG is simple yet effective, capable of leaking potential sensitive information represented by labels, and scales well to arbitrary batch sizes and multiple classes. We mathematically and empirically demonstrate the validity of the attack under different settings. Moreover, empirical results show that LLG successfully extracts labels with high accuracy at the early stages of model training. We also discuss different defense mechanisms against such leakage. Our findings suggest that gradient compression is a practical technique to mitigate

Additional Information:

Proceedings on Privacy Enhancing Technologies (PoPETs) is the journal that publishes papers accepted to the annual Privacy Enhancing Technologies Symposium (PETS); This Paper was presented at the 22nd Privacy Enhancing Technologies Symposium, Sydney, Australia, July 11.-15. 2022

Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
Date Deposited: 29 Mar 2022 08:45
Last Modified: 29 Mar 2022 08:45
PPN:
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details