Adversarial Predictions of Data Distributions Across Federated Internet-of-Things Devices

TL;DR

This paper reveals that federated learning models for IoT devices can unintentionally leak sensitive local data information through shared weights, and noise injection is ineffective at preventing this without reducing model accuracy.

Contribution

It demonstrates the potential for data leakage via model weights in federated IoT settings and evaluates the ineffectiveness of noise injection for privacy preservation.

Findings

Model weights can reveal local data distributions.

Noise injection does not effectively prevent data leakage.

Data privacy risks exist in federated IoT device learning.

Abstract

Federated learning (FL) is increasingly becoming the default approach for training machine learning models across decentralized Internet-of-Things (IoT) devices. A key advantage of FL is that no raw data are communicated across the network, providing an immediate layer of privacy. Despite this, recent works have demonstrated that data reconstruction can be done with the locally trained model updates which are communicated across the network. However, many of these works have limitations with regard to how the gradients are computed in backpropagation. In this work, we demonstrate that the model weights shared in FL can expose revealing information about the local data distributions of IoT devices. This leakage could expose sensitive information to malicious actors in a distributed system. We further discuss results which show that injecting noise into model weights is ineffective at preventing data leakage without seriously harming the global model accuracy.