Privacy-preserving Collaborative Learning with Automatic Transformation Search
This work tackles a critical privacy vulnerability in collaborative learning, which is important for any organization or individual using such systems where data privacy is paramount.
This paper addresses the vulnerability of collaborative learning to gradient-based reconstruction attacks, where adversaries can recover sensitive training data from shared gradients. The authors propose using data augmentation with automatically discovered transformation policies to preprocess sensitive images, making it infeasible for adversaries to extract useful information from gradients while maintaining model performance.
Collaborative learning has gained great popularity due to its benefit of data privacy protection: participants can jointly train a Deep Learning model without sharing their training sets. However, recent works discovered that an adversary can fully recover the sensitive training samples from the shared gradients. Such reconstruction attacks pose severe threats to collaborative learning. Hence, effective mitigation solutions are urgently desired. In this paper, we propose to leverage data augmentation to defeat reconstruction attacks: by preprocessing sensitive images with carefully-selected transformation policies, it becomes infeasible for the adversary to extract any useful information from the corresponding gradients. We design a novel search method to automatically discover qualified policies. We adopt two new metrics to quantify the impacts of transformations on data privacy and model usability, which can significantly accelerate the search speed. Comprehensive evaluations demonstrate that the policies discovered by our method can defeat existing reconstruction attacks in collaborative learning, with high efficiency and negligible impact on the model performance.