Attacks to Federated Learning: Responsive Web User Interface to Recover Training Data from User Gradients
This work addresses privacy risks for users in federated learning systems, but it is incremental as it focuses on a demo and metric rather than a novel solution.
The paper tackles the problem of data leakage in federated learning from untrusted aggregators by presenting an interactive web demo that visualizes how local differential privacy (LDP) can prevent recovery of sensitive training data from user gradients, with a new exp-hamming recovery measure quantifying the extent of data recovery.
Local differential privacy (LDP) is an emerging privacy standard to protect individual user data. One scenario where LDP can be applied is federated learning, where each user sends in his/her user gradients to an aggregator who uses these gradients to perform stochastic gradient descent. In a case where the aggregator is untrusted and LDP is not applied to each user gradient, the aggregator can recover sensitive user data from these gradients. In this paper, we present a new interactive web demo showcasing the power of local differential privacy by visualizing federated learning with local differential privacy. Moreover, the live demo shows how LDP can prevent untrusted aggregators from recovering sensitive training data. A measure called the exp-hamming recovery is also created to show the extent of how much data the aggregator can recover.