Active Membership Inference Attack under Local Differential Privacy in Federated Learning

Authors

Truc Nguyen, University of Florida
Phung Lai, New Jersey Institute of Technology
Khang Tran, New Jersey Institute of Technology
Nhat Hai Phan, New Jersey Institute of Technology
My T. Thai, University of Florida

Document Type

Conference Proceeding

Publication Date

1-1-2023

Abstract

Federated learning (FL) was originally regarded as a framework for collaborative learning among clients with data privacy protection through a coordinating server. In this paper, we propose a new active membership inference (AMI) attack carried out by a dishonest server in FL. In AMI attacks, the server crafts and embeds malicious parameters into global models to effectively infer whether a target data sample is included in a client's private training data or not. By exploiting the correlation among data features through a non-linear decision boundary, AMI attacks with a certified guarantee of success can achieve severely high success rates under rigorous local differential privacy (LDP) protection; thereby exposing clients' training data to significant privacy risk. Theoretical and experimental results on several benchmark datasets show that adding sufficient privacy-preserving noise to prevent our attack would significantly damage FL's model utility.

Identifier

85165171361 (Scopus)

Publication Title

Proceedings of Machine Learning Research

e-ISSN

26403498

First Page

5714

Last Page

5730

Volume

206

Grant

CNS-1935923

Fund Ref

National Science Foundation

Recommended Citation

Nguyen, Truc; Lai, Phung; Tran, Khang; Phan, Nhat Hai; and Thai, My T., "Active Membership Inference Attack under Local Differential Privacy in Federated Learning" (2023). Faculty Publications. 2094.
https://digitalcommons.njit.edu/fac_pubs/2094