White-box Inference Attacks against Centralized Machine Learning and Federated Learning
This work addresses privacy risks in machine learning for users and service providers, but it is incremental as it builds on existing inference attack methods.
The paper investigates white-box inference attacks on centralized and federated learning models, evaluating factors like neural network layers and attacker locations, and finds that centralized models exhibit more severe member information leakage with attackers in central servers achieving significantly higher accuracy than local participants.
With the development of information science and technology, various industries have generated massive amounts of data, and machine learning is widely used in the analysis of big data. However, if the privacy of machine learning applications' customers cannot be guaranteed, it will cause security threats and losses to users' personal privacy information and service providers. Therefore, the issue of privacy protection of machine learning has received wide attention. For centralized machine learning models, we evaluate the impact of different neural network layers, gradient, gradient norm, and fine-tuned models on member inference attack performance with prior knowledge; For the federated learning model, we discuss the location of the attacker in the target model and its attack mode. The results show that the centralized machine learning model shows more serious member information leakage in all aspects, and the accuracy of the attacker in the central parameter server is significantly higher than the local Inference attacks as participants.