On Model Protection in Federated Learning against Eavesdropping Attacks
This work addresses a security issue for federated learning systems by focusing on model protection rather than data privacy, though it appears incremental as it builds on existing research with a shifted focus.
The paper tackles the problem of protecting client models in federated learning from eavesdropping attacks, where adversaries intercept model updates, and finds through theoretical analysis and numerical experiments that factors like client selection probability and local objective functions impact protection, with results compared to differential privacy methods.
In this study, we investigate the protection offered by federated learning algorithms against eavesdropping adversaries. In our model, the adversary is capable of intercepting model updates transmitted from clients to the server, enabling it to create its own estimate of the model. Unlike previous research, which predominantly focuses on safeguarding client data, our work shifts attention protecting the client model itself. Through a theoretical analysis, we examine how various factors, such as the probability of client selection, the structure of local objective functions, global aggregation at the server, and the eavesdropper's capabilities, impact the overall level of protection. We further validate our findings through numerical experiments, assessing the protection by evaluating the model accuracy achieved by the adversary. Finally, we compare our results with methods based on differential privacy, underscoring their limitations in this specific context.