White-box Inference Attacks against Centralized Machine Learning and Federated Learning

TL;DR

This paper investigates privacy vulnerabilities in centralized and federated machine learning, demonstrating that centralized models are more susceptible to inference attacks, with attacker accuracy significantly higher at the central server.

Contribution

It provides a comparative analysis of inference attack effectiveness in centralized versus federated learning, highlighting the impact of model components and attacker location.

Findings

Centralized models leak more member information than federated models.

Attacker accuracy is higher when targeting the central parameter server.

Federated learning's attack modes depend on attacker location.

Abstract

With the development of information science and technology, various industries have generated massive amounts of data, and machine learning is widely used in the analysis of big data. However, if the privacy of machine learning applications' customers cannot be guaranteed, it will cause security threats and losses to users' personal privacy information and service providers. Therefore, the issue of privacy protection of machine learning has received wide attention. For centralized machine learning models, we evaluate the impact of different neural network layers, gradient, gradient norm, and fine-tuned models on member inference attack performance with prior knowledge; For the federated learning model, we discuss the location of the attacker in the target model and its attack mode. The results show that the centralized machine learning model shows more serious member information leakage in all aspects, and the accuracy of the attacker in the central parameter server is significantly higher than the local Inference attacks as participants.