Fidel: Reconstructing Private Training Samples from Weight Updates in   Federated Learning

David Enthoven; Zaid Al-Ars

arXiv:2101.00159·cs.LG·April 12, 2022·1 cites

Fidel: Reconstructing Private Training Samples from Weight Updates in Federated Learning

David Enthoven, Zaid Al-Ars

PDF

Open Access 1 Repo

TL;DR

This paper introduces Fidel, a novel attack method that can reconstruct private training data from model updates in federated learning, revealing privacy vulnerabilities especially in densely connected and convolutional neural networks.

Contribution

The paper presents Fidel, a new attack technique demonstrating the ability to recover private data from federated learning updates, challenging assumptions about privacy in such systems.

Findings

01

Fidel can recover on average 20 out of 30 private samples from dense networks.

02

Fidel can recover over 13 out of 20 samples from convolutional neural networks.

03

ReLU and Dropout layers reduce privacy, making data more vulnerable.

Abstract

With the increasing number of data collectors such as smartphones, immense amounts of data are available. Federated learning was developed to allow for distributed learning on a massive scale whilst still protecting each users' privacy. This privacy is claimed by the notion that the centralized server does not have any access to a client's data, solely the client's model update. In this paper, we evaluate a novel attack method within regular federated learning which we name the First Dense Layer Attack (Fidel). The methodology of using this attack is discussed, and as a proof of viability we show how this attack method can be used to great effect for densely connected networks and convolutional neural networks. We evaluate some key design decisions and show that the usage of ReLu and Dropout are detrimental to the privacy of a client's local dataset. We show how to recover on average…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

Davidenthoven/Fidel-Reconstruction-Demo
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsPrivacy-Preserving Technologies in Data · Adversarial Robustness in Machine Learning · Stochastic Gradient Optimization Techniques

MethodsDropout · *Communicated@Fast*How Do I Communicate to Expedia?