Real-world data is usually segmented by attributes and distributed across different parties. Federated learning empowers collaborative training without exposing local data or models. As we demonstrate through designed attacks, even with a small proportion of corrupted data, an adversary can accurately infer the input attributes. We introduce an adversarial learning based procedure which tunes a local model to release privacy-preserving intermediate representations. To alleviate the accuracy decline, we propose a defense method based on the forward-backward splitting algorithm, which respectively deals with the accuracy loss and privacy loss in the forward and backward gradient descent steps, achieving the two objectives simultaneously. Extensive experiments on a variety of datasets have shown that our defense significantly mitigates privacy leakage with negligible impact on the federated learning task.
翻译:现实世界数据通常按属性分列,并分布在不同党派。 联邦学习会增强合作培训,而不会暴露当地数据或模型。 正如我们通过设计攻击,即使有一小部分的腐败数据,对手也能准确地推断输入属性。 我们引入了一种基于对抗性学习的程序,调和一个本地模式,以释放隐私保护中间代表。 为了减轻准确性下降,我们建议了一种基于前向后向分裂算法的防御方法,该算法分别处理前向和后向梯度下降步骤的准确性损失和隐私损失,同时实现这两个目标。 对各种数据集的广泛实验表明,我们的防御大大减轻隐私泄露,对联合学习任务的影响微不足道。
相关内容
微信扫码咨询专知VIP会员