Exploiting Defenses against GAN-Based Feature Inference Attacks in Federated Learning
This addresses privacy vulnerabilities in federated learning for users with sensitive data, but it is incremental as it builds on existing defenses against known attacks.
The paper tackles the problem of GAN-based feature inference attacks in federated learning by proposing Anti-GAN, a framework that manipulates visual features of private images to prevent attackers from learning their distribution, and it shows minimal harm to model accuracy.
Federated learning (FL) is a decentralized model training framework that aims to merge isolated data islands while maintaining data privacy. However, recent studies have revealed that Generative Adversarial Network (GAN) based attacks can be employed in FL to learn the distribution of private datasets and reconstruct recognizable images. In this paper, we exploit defenses against GAN-based attacks in FL and propose a framework, Anti-GAN, to prevent attackers from learning the real distribution of the victim's data. The core idea of Anti-GAN is to manipulate the visual features of private training images to make them indistinguishable to human eyes even restored by attackers. Specifically, Anti-GAN projects the private dataset onto a GAN's generator and combines the generated fake images with the actual images to create the training dataset, which is then used for federated model training. The experimental results demonstrate that Anti-GAN is effective in preventing attackers from learning the distribution of private images while causing minimal harm to the accuracy of the federated model.