AugMixCloak: A Defense against Membership Inference Attacks via Image Transformation
This addresses privacy concerns in federated learning for users and organizations by providing a defense against membership inference attacks, though it appears incremental as it builds on existing defense techniques.
The paper tackles the problem of membership inference attacks in federated learning by proposing AugMixCloak, a two-stage defense using data augmentation and PCA-based fusion on query images, which successfully defends against attacks across five datasets and various topologies, showing stronger protection than regularization-based methods and better generalization than confidence score masking.
Traditional machine learning (ML) raises serious privacy concerns, while federated learning (FL) mitigates the risk of data leakage by keeping data on local devices. However, the training process of FL can still leak sensitive information, which adversaries may exploit to infer private data. One of the most prominent threats is the membership inference attack (MIA), where the adversary aims to determine whether a particular data record was part of the training set. This paper addresses this problem through a two-stage defense called AugMixCloak. The core idea is to apply data augmentation and principal component analysis (PCA)-based information fusion to query images, which are detected by perceptual hashing (pHash) as either identical to or highly similar to images in the training set. Experimental results show that AugMixCloak successfully defends against both binary classifier-based MIA and metric-based MIA across five datasets and various decentralized FL (DFL) topologies. Compared with regularization-based defenses, AugMixCloak demonstrates stronger protection. Compared with confidence score masking, AugMixCloak exhibits better generalization.