Privacy Threats Analysis to Secure Federated Learning
This work identifies critical vulnerabilities in federated learning systems, which is a problem for industries relying on privacy-preserving machine learning, though it is incremental as it builds on known privacy concerns.
The paper analyzes privacy threats in industrial-level federated learning frameworks with secure computation, revealing that attackers can invert entire private inputs for linear and logistic regression models and infer input ranges for decision tree models, as evaluated on real-world datasets.
Federated learning is emerging as a machine learning technique that trains a model across multiple decentralized parties. It is renowned for preserving privacy as the data never leaves the computational devices, and recent approaches further enhance its privacy by hiding messages transferred in encryption. However, we found that despite the efforts, federated learning remains privacy-threatening, due to its interactive nature across different parties. In this paper, we analyze the privacy threats in industrial-level federated learning frameworks with secure computation, and reveal such threats widely exist in typical machine learning models such as linear regression, logistic regression and decision tree. For the linear and logistic regression, we show through theoretical analysis that it is possible for the attacker to invert the entire private input of the victim, given very few information. For the decision tree model, we launch an attack to infer the range of victim's private inputs. All attacks are evaluated on popular federated learning frameworks and real-world datasets.