Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Andreas Athanasiou; Kangsoo Jung; Catuscia Palamidessi

doi:10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Andreas Athanasiou
, Kangsoo Jung
, Catuscia Palamidessi

INRIA

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

langue originale	Anglais
titre	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Editeur	Association for Computing Machinery, Inc
Pages	5036-5038
Nombre de pages	3
ISBN (Electronique)	9798400706363
Les DOIs	https://doi.org/10.1145/3658644.3691411
état	Publié - 9 déc. 2024
Modification externe	Oui
Evénement	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, États-Unis Durée: 14 oct. 2024 → 18 oct. 2024

Série de publications

Nom	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Une conférence

Une conférence	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Pays/Territoire	États-Unis
La ville	Salt Lake City
période	14/10/24 → 18/10/24

Accès au document

10.1145/3658644.3691411

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Athanasiou, A., Jung, K., & Palamidessi, C. (2024). Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. Dans CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (p. 5036-5038). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3658644.3691411

Athanasiou, Andreas ; Jung, Kangsoo ; Palamidessi, Catuscia. / Poster : Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 5036-5038 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{a43fdb71b3774425912499f7073a68e9,

title = "Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling",

abstract = "Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients{\textquoteright} model updates, preventing the central server from inferring information about each client{\textquoteright}s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.",

keywords = "Federated Learning, Shuffling, Source Inference Attack, Unary Encoding",

author = "Andreas Athanasiou and Kangsoo Jung and Catuscia Palamidessi",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3691411",

language = "English",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "5036--5038",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

}

Athanasiou, A, Jung, K & Palamidessi, C 2024, Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. Dans CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, p. 5036-5038, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, États-Unis, 14/10/24. https://doi.org/10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. / Athanasiou, Andreas; Jung, Kangsoo; Palamidessi, Catuscia.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 5036-5038 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Poster

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

AU - Athanasiou, Andreas

AU - Jung, Kangsoo

AU - Palamidessi, Catuscia

PY - 2024/12/9

Y1 - 2024/12/9

N2 - Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

AB - Federated Learning (FL) enables clients to train a joint model without disclosing their local data. Instead, they share their local model updates with a central server that moderates the process and creates a joint model. However, FL is susceptible to a series of privacy attacks. Recently, the source inference attack (SIA) has been proposed where an honest-but-curious central server tries to identify exactly which client owns a specific data record. In this work, we propose a defense against SIAs by using a trusted shuffler, without compromising the accuracy of the joint model. We employ a combination of unary encoding with shuffling, which can effectively blend all clients’ model updates, preventing the central server from inferring information about each client’s model update separately. In order to address the increased communication cost of unary encoding we employ quantization. Our preliminary experiments show promising results; the proposed mechanism notably decreases the accuracy of SIAs without compromising the accuracy of the joint model.

KW - Federated Learning

KW - Shuffling

KW - Source Inference Attack

KW - Unary Encoding

UR - https://www.scopus.com/pages/publications/85215509220

U2 - 10.1145/3658644.3691411

DO - 10.1145/3658644.3691411

M3 - Conference contribution

AN - SCOPUS:85215509220

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 5036

EP - 5038

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 14 October 2024 through 18 October 2024

ER -

Athanasiou A, Jung K, Palamidessi C. Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling. Dans CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 5036-5038. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3658644.3691411

Poster: Protection against Source Inference Attacks in Federated Learning using Unary Encoding and Shuffling

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation