Privacy Assessment of Federated Learning using Private Personalized Layers

TL;DR

This paper evaluates the privacy and utility trade-offs of using private personalized layers in federated learning, demonstrating improved privacy against inference attacks and faster convergence with slight accuracy gains.

Contribution

It quantifies the privacy benefits of personalized layers in federated learning, a novel aspect not previously analyzed.

Findings

Personalized layers accelerate model convergence.

They slightly improve accuracy over standard FL.

They better prevent attribute and membership inference attacks.

Abstract

Federated Learning (FL) is a collaborative scheme to train a learning model across multiple participants without sharing data. While FL is a clear step forward towards enforcing users' privacy, different inference attacks have been developed. In this paper, we quantify the utility and privacy trade-off of a FL scheme using private personalized layers. While this scheme has been proposed as local adaptation to improve the accuracy of the model through local personalization, it has also the advantage to minimize the information about the model exchanged with the server. However, the privacy of such a scheme has never been quantified. Our evaluations using motion sensor dataset show that personalized layers speed up the convergence of the model and slightly improve the accuracy for all users compared to a standard FL scheme while better preventing both attribute and membership inferences compared to a FL scheme using local differential privacy.