Efficient passive membership inference attack in federated learning
This addresses privacy risks for clients in federated learning systems, though it is incremental as it builds on existing attack methods.
The paper tackles the problem of passive membership inference attacks in federated learning by proposing a new method that significantly reduces computational and memory requirements while improving accuracy, achieving over 4 percentage points higher accuracy on CIFAR100 with three orders of magnitude less memory and five orders of magnitude fewer calculations.
In cross-device federated learning (FL) setting, clients such as mobiles cooperate with the server to train a global machine learning model, while maintaining their data locally. However, recent work shows that client's private information can still be disclosed to an adversary who just eavesdrops the messages exchanged between the client and the server. For example, the adversary can infer whether the client owns a specific data instance, which is called a passive membership inference attack. In this paper, we propose a new passive inference attack that requires much less computation power and memory than existing methods. Our empirical results show that our attack achieves a higher accuracy on CIFAR100 dataset (more than $4$ percentage points) with three orders of magnitude less memory space and five orders of magnitude less calculations.