Find a Scapegoat: Poisoning Membership Inference Attack and Defense to Federated Learning
This addresses privacy concerns in federated learning for companies and users under regulations like GDPR, but it is incremental as it builds on existing poisoning attack research.
The paper tackles the problem of privacy risks in federated learning by introducing FedPoisonMIA, a poisoning membership inference attack that infers membership information, and proposes a defense mechanism that reduces its impact, with experiments showing effectiveness across datasets.
Federated learning (FL) allows multiple clients to collaboratively train a global machine learning model with coordination from a central server, without needing to share their raw data. This approach is particularly appealing in the era of privacy regulations like the GDPR, leading many prominent companies to adopt it. However, FL's distributed nature makes it susceptible to poisoning attacks, where malicious clients, controlled by an attacker, send harmful data to compromise the model. Most existing poisoning attacks in FL aim to degrade the model's integrity, such as reducing its accuracy, with limited attention to privacy concerns from these attacks. In this study, we introduce FedPoisonMIA, a novel poisoning membership inference attack targeting FL. FedPoisonMIA involves malicious clients crafting local model updates to infer membership information. Additionally, we propose a robust defense mechanism to mitigate the impact of FedPoisonMIA attacks. Extensive experiments across various datasets demonstrate the attack's effectiveness, while our defense approach reduces its impact to a degree.