Privacy Assessment of Federated Learning using Private Personalized Layers
This work addresses privacy risks in federated learning for users, though it is incremental as it builds on existing personalized layer methods.
The paper quantified the privacy-utility trade-off of a federated learning scheme with private personalized layers, showing that it speeds up convergence, slightly improves accuracy, and better prevents attribute and membership inference attacks compared to local differential privacy.
Federated Learning (FL) is a collaborative scheme to train a learning model across multiple participants without sharing data. While FL is a clear step forward towards enforcing users' privacy, different inference attacks have been developed. In this paper, we quantify the utility and privacy trade-off of a FL scheme using private personalized layers. While this scheme has been proposed as local adaptation to improve the accuracy of the model through local personalization, it has also the advantage to minimize the information about the model exchanged with the server. However, the privacy of such a scheme has never been quantified. Our evaluations using motion sensor dataset show that personalized layers speed up the convergence of the model and slightly improve the accuracy for all users compared to a standard FL scheme while better preventing both attribute and membership inferences compared to a FL scheme using local differential privacy.