SGDE: Secure Generative Data Exchange for Cross-Silo Federated Learning

TL;DR

This paper introduces SGDE, a privacy-preserving generative data exchange protocol for cross-silo federated learning that enhances security, accuracy, and robustness by sharing differentially private data generators instead of raw data or gradients.

Contribution

SGDE is a novel protocol that uses differentially private data generators to improve security and performance in federated learning, addressing vulnerabilities of traditional methods.

Findings

SGDE improves task accuracy and fairness.

SGDE enhances resilience to attacks.

SGDE effectively synthesizes private data with strong privacy guarantees.

Abstract

Privacy regulation laws, such as GDPR, impose transparency and security as design pillars for data processing algorithms. In this context, federated learning is one of the most influential frameworks for privacy-preserving distributed machine learning, achieving astounding results in many natural language processing and computer vision tasks. Several federated learning frameworks employ differential privacy to prevent private data leakage to unauthorized parties and malicious attackers. Many studies, however, highlight the vulnerabilities of standard federated learning to poisoning and inference, thus raising concerns about potential risks for sensitive data. To address this issue, we present SGDE, a generative data exchange protocol that improves user security and machine learning performance in a cross-silo federation. The core of SGDE is to share data generators with strong differential privacy guarantees trained on private data instead of communicating explicit gradient information. These generators synthesize an arbitrarily large amount of data that retain the distinctive features of private samples but differ substantially. In this work, SGDE is tested in a cross-silo federated network on images and tabular datasets, exploiting beta-variational autoencoders as data generators. From the results, the inclusion of SGDE turns out to improve task accuracy and fairness, as well as resilience to the most influential attacks on federated learning.