Enhancing Privacy of Spatiotemporal Federated Learning against Gradient Inversion Attacks

TL;DR

This paper investigates privacy risks in spatiotemporal federated learning by proposing a novel gradient inversion attack tailored to location data and developing an adaptive defense mechanism that balances privacy and utility.

Contribution

It introduces the Spatiotemporal Gradient Inversion Attack (ST-GIA) and an adaptive defense strategy, addressing a gap in systematic privacy analysis for spatiotemporal federated learning.

Findings

ST-GIA effectively reconstructs original locations from gradients.

Adaptive defense improves privacy without significantly harming model utility.

Proposed methods outperform existing privacy-preserving techniques.

Abstract

Spatiotemporal federated learning has recently raised intensive studies due to its ability to train valuable models with only shared gradients in various location-based services. On the other hand, recent studies have shown that shared gradients may be subject to gradient inversion attacks (GIA) on images or texts. However, so far there has not been any systematic study of the gradient inversion attacks in spatiotemporal federated learning. In this paper, we explore the gradient attack problem in spatiotemporal federated learning from attack and defense perspectives. To understand privacy risks in spatiotemporal federated learning, we first propose Spatiotemporal Gradient Inversion Attack (ST-GIA), a gradient attack algorithm tailored to spatiotemporal data that successfully reconstructs the original location from gradients. Furthermore, we design an adaptive defense strategy to mitigate gradient inversion attacks in spatiotemporal federated learning. By dynamically adjusting the perturbation levels, we can offer tailored protection for varying rounds of training data, thereby achieving a better trade-off between privacy and utility than current state-of-the-art methods. Through intensive experimental analysis on three real-world datasets, we reveal that the proposed defense strategy can well preserve the utility of spatiotemporal federated learning with effective security protection.