Quality Inference in Federated Learning with Secure Aggregation
This reveals a privacy vulnerability in federated learning systems, even with secure aggregation, which is incremental as it builds on known leakage issues.
The paper tackles the problem of inferring individual dataset quality in federated learning with secure aggregation, showing through image recognition experiments that relative quality ordering can be inferred and used for applications like detecting misbehaviors and stabilizing training.
Federated learning algorithms are developed both for efficiency reasons and to ensure the privacy and confidentiality of personal and business data, respectively. Despite no data being shared explicitly, recent studies showed that the mechanism could still leak sensitive information. Hence, secure aggregation is utilized in many real-world scenarios to prevent attribution to specific participants. In this paper, we focus on the quality of individual training datasets and show that such quality information could be inferred and attributed to specific participants even when secure aggregation is applied. Specifically, through a series of image recognition experiments, we infer the relative quality ordering of participants. Moreover, we apply the inferred quality information to detect misbehaviours, to stabilize training performance, and to measure the individual contributions of participants.