Fed-AugMix: Balancing Privacy and Utility via Data Augmentation

TL;DR

Fed-AugMix introduces a data augmentation framework using AugMix and Jensen-Shannon divergence to improve privacy protection in federated learning while maintaining or enhancing model utility.

Contribution

The paper presents a novel privacy-preserving data augmentation method that balances privacy and utility in federated learning, integrating AugMix with JS divergence for robustness.

Findings

Effective privacy protection against gradient leakage attacks.

Maintains or improves model performance in federated settings.

Demonstrates stability and robustness across benchmark datasets.

Abstract

Gradient leakage attacks pose a significant threat to the privacy guarantees of federated learning. While distortion-based protection mechanisms are commonly employed to mitigate this issue, they often lead to notable performance degradation. Existing methods struggle to preserve model performance while ensuring privacy. To address this challenge, we propose a novel data augmentation-based framework designed to achieve a favorable privacy-utility trade-off, with the potential to enhance model performance in certain cases. Our framework incorporates the AugMix algorithm at the client level, enabling data augmentation with controllable severity. By integrating the Jensen-Shannon divergence into the loss function, we embed the distortion introduced by AugMix into the model gradients, effectively safeguarding privacy against deep leakage attacks. Moreover, the JS divergence promotes model consistency across different augmentations of the same image, enhancing both robustness and performance. Extensive experiments on benchmark datasets demonstrate the effectiveness and stability of our method in protecting privacy. Furthermore, our approach maintains, and in some cases improves, model performance, showcasing its ability to achieve a robust privacy-utility trade-off.