Information Stealing in Federated Learning Systems Based on Generative Adversarial Networks

TL;DR

This paper demonstrates that generative adversarial networks can be used to perform effective data reconstruction attacks on federated learning systems, raising significant privacy concerns.

Contribution

It introduces a novel adversarial attack method using GANs to reconstruct private data from federated learning models, highlighting security vulnerabilities.

Findings

Successful data reconstruction on CIFAR-10, MNIST, Fashion-MNIST

Effective attack performance measured by Euclidean distance

Reconstructed data closely resembles original private data

Abstract

An attack on deep learning systems where intelligent machines collaborate to solve problems could cause a node in the network to make a mistake on a critical judgment. At the same time, the security and privacy concerns of AI have galvanized the attention of experts from multiple disciplines. In this research, we successfully mounted adversarial attacks on a federated learning (FL) environment using three different datasets. The attacks leveraged generative adversarial networks (GANs) to affect the learning process and strive to reconstruct the private data of users by learning hidden features from shared local model parameters. The attack was target-oriented drawing data with distinct class distribution from the CIFAR- 10, MNIST, and Fashion-MNIST respectively. Moreover, by measuring the Euclidean distance between the real data and the reconstructed adversarial samples, we evaluated the performance of the adversary in the learning processes in various scenarios. At last, we successfully reconstructed the real data of the victim from the shared global model parameters with all the applied datasets.