Privacy-Preserving Federated Learning via Dataset Distillation

TL;DR

This paper introduces FLiP, a federated learning approach that uses dataset distillation to minimize shared knowledge, enhancing privacy while maintaining high model accuracy.

Contribution

FLiP applies local-global dataset distillation to reduce shared knowledge in federated learning, aligning with the principle of least privilege for improved privacy.

Findings

FLiP effectively balances model accuracy and privacy protection.

Experiments show FLiP reduces vulnerability to inference attacks.

FLiP maintains high accuracy with minimal shared knowledge.

Abstract

Federated Learning (FL) allows users to share knowledge instead of raw data to train a model with high accuracy. Unfortunately, during the training, users lose control over the knowledge shared, which causes serious data privacy issues. We hold that users are only willing and need to share the essential knowledge to the training task to obtain the FL model with high accuracy. However, existing efforts cannot help users minimize the shared knowledge according to the user intention in the FL training procedure. This work proposes FLiP, which aims to bring the principle of least privilege (PoLP) to FL training. The key design of FLiP is applying elaborate information reduction on the training data through a local-global dataset distillation design. We measure the privacy performance through attribute inference and membership inference attacks. Extensive experiments show that FLiP strikes a good balance between model accuracy and privacy protection.