Privacy Challenges in Meta-Learning: An Investigation on Model-Agnostic Meta-Learning

TL;DR

This paper investigates privacy risks in model-agnostic meta-learning, specifically MAML, revealing how gradient sharing can leak sensitive data and proposing noise-based defenses to mitigate these risks.

Contribution

It identifies privacy vulnerabilities in MAML's gradient sharing and introduces noise injection techniques to protect task data from membership inference attacks.

Findings

Gradient sharing in MAML can leak sensitive task data.

Noise injection methods can effectively defend against privacy attacks.

Proposed defenses reduce information leakage without significantly harming model performance.

Abstract

Meta-learning involves multiple learners, each dedicated to specific tasks, collaborating in a data-constrained setting. In current meta-learning methods, task learners locally learn models from sensitive data, termed support sets. These task learners subsequently share model-related information, such as gradients or loss values, which is computed using another part of the data termed query set, with a meta-learner. The meta-learner employs this information to update its meta-knowledge. Despite the absence of explicit data sharing, privacy concerns persist. This paper examines potential data leakage in a prominent metalearning algorithm, specifically Model-Agnostic Meta-Learning (MAML). In MAML, gradients are shared between the metalearner and task-learners. The primary objective is to scrutinize the gradient and the information it encompasses about the task dataset. Subsequently, we endeavor to propose membership inference attacks targeting the task dataset containing support and query sets. Finally, we explore various noise injection methods designed to safeguard the privacy of task data and thwart potential attacks. Experimental results demonstrate the effectiveness of these attacks on MAML and the efficacy of proper noise injection methods in countering them.