BI-GAN: batch inversion membership inference attack on federated learning

Hiep Vo, Mingjian Tang, Xi Zheng, Shui Yu

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

1 Citation (Scopus)

Abstract

Federated Learning is a growing advanced collaborative machine learning framework that aims to preserve user-privacy data. However, multiple researchers have investigated attack methods from the server side via gradient inversion techniques or Generative Adversarial Networks (GAN) to reconstruct the raw data distributions from users. In this paper, we propose Batch Inversion GAN (BI-GAN), a novel membership inference attack that can recover user-level batch images from local updates, utilizing both gradient inversion techniques and GAN. Our attack is more stealthy since it only requires access to gradients and does not interfere with the global model performance and is more robust in terms of image batch recovery and victim classification. The experiments show that our attack recovers higher quality images of the victim with higher accuracy compared to other attacks.

Original languageEnglish
Title of host publicationProceedings of the 17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022
Place of PublicationNew York, NY
PublisherAssociation for Computing Machinery, Inc
Pages31-36
Number of pages6
ISBN (Electronic)9781450395182
DOIs
Publication statusPublished - Oct 2022
Event17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022 - Sydney, Australia
Duration: 21 Oct 202221 Oct 2022

Publication series

NameProceedings of the 17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022

Conference

Conference17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022
Country/TerritoryAustralia
CitySydney
Period21/10/2221/10/22

Keywords

  • federated learning
  • GAN
  • gradient inversion
  • membership inference attack

Fingerprint

Dive into the research topics of 'BI-GAN: batch inversion membership inference attack on federated learning'. Together they form a unique fingerprint.

Cite this