Attacks to Federated Learning: Responsive Web User Interface to Recover Training Data from User Gradients

TL;DR

This paper demonstrates how local differential privacy can protect user data in federated learning by visualizing data recovery risks and showing how LDP prevents sensitive information from being exposed to untrusted aggregators.

Contribution

It introduces an interactive web demo that visualizes federated learning with LDP and proposes the exp-hamming recovery measure to quantify data recovery risks.

Findings

LDP effectively prevents sensitive data recovery by untrusted aggregators.

The web demo visualizes the impact of LDP on data privacy in federated learning.

The exp-hamming recovery measure quantifies data recovery potential.

Abstract

Local differential privacy (LDP) is an emerging privacy standard to protect individual user data. One scenario where LDP can be applied is federated learning, where each user sends in his/her user gradients to an aggregator who uses these gradients to perform stochastic gradient descent. In a case where the aggregator is untrusted and LDP is not applied to each user gradient, the aggregator can recover sensitive user data from these gradients. In this paper, we present a new interactive web demo showcasing the power of local differential privacy by visualizing federated learning with local differential privacy. Moreover, the live demo shows how LDP can prevent untrusted aggregators from recovering sensitive training data. A measure called the exp-hamming recovery is also created to show the extent of how much data the aggregator can recover.