GBMIA: Gradient-based Membership Inference Attack in Federated Learning

被引:0
|
作者
Wang, Xiaodong [1 ]
Wang, Naiyu [1 ]
Wu, Longfei [2 ]
Guan, Zhitao [1 ]
Du, Xiaojiang [3 ]
Guizani, Mohsen [4 ]
机构
[1] North China Elect Power Univ, Sch Control & Comp Engn, Beijing, Peoples R China
[2] Fayetteville State Univ, Dept Math Comp Sci, Fayetteville, NC 28301 USA
[3] Stevens Inst Technol, Dept Elect & Comp Engn, Hoboken, NJ 07030 USA
[4] Mohamed Bin Zayed Univ Artificial Intelligence, Machine Learning Dept, Abu Dhabi, U Arab Emirates
关键词
Membership Inference Attack; Federated Learning; Membership Privacy; Privacy Leakage;
D O I
10.1109/ICC45041.2023.10279702
中图分类号
TN [电子技术、通信技术];
学科分类号
0809 ;
摘要
Membership inference attack (MIA) has been proved to pose a serious threat to federated learning (FL). However, most of the existing membership inference attacks against FL rely on the specific attack models built from the target model behaviors, which make the attacks costly and complicated. In addition, directly adopting the inference attacks that are originally designed for machine learning models into the federated scenarios can lead to poor performance. We propose GBMIA, an attack model-free membership inference method based on gradient. We take full advantage of the federated learning process by observing the target model's behaviors after gradient ascent tuning. And we combine prediction correctness and the gradient norm-based metric for membership inference. The proposed GBMIA can be conducted by both global and local attackers. We conduct experimental evaluations on three real-world datasets to demonstrate that GBMIA can achieve a high attack accuracy. We further apply the arbitration mechanism to increase the effectiveness of GBMIA which can lead to an attack accuracy close to 1 on all three datasets. We also conduct experiments to substantiate that clients going offline and the overlap of clients' training sets have great effect on the membership leakage in FL.
引用
收藏
页码:5066 / 5071
页数:6
相关论文
共 50 条
  • [41] Direct gradient-based reinforcement learning
    Baxter, J
    Bartlett, PL
    [J]. ISCAS 2000: IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS - PROCEEDINGS, VOL III: EMERGING TECHNOLOGIES FOR THE 21ST CENTURY, 2000, : 271 - 274
  • [42] Topological Gradient-based Competitive Learning
    Barbiero, Pietro
    Ciravegna, Gabriele
    Randazzo, Vincenzo
    Pasero, Eros
    Cirrincione, Giansalvo
    [J]. 2021 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2021,
  • [43] Object recognition with gradient-based learning
    LeCun, Y
    Haffner, P
    Bottou, L
    Bengio, Y
    [J]. SHAPE, CONTOUR AND GROUPING IN COMPUTER VISION, 1999, 1681 : 319 - 345
  • [44] A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems
    Mohammadian, Hesamodin
    Ghorbani, Ali A.
    Lashkari, Arash Habibi
    [J]. APPLIED SOFT COMPUTING, 2023, 137
  • [45] Defending against Membership Inference Attacks in Federated learning via Adversarial Example
    Xie, Yuanyuan
    Chen, Bing
    Zhang, Jiale
    Wu, Di
    [J]. 2021 17TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING (MSN 2021), 2021, : 153 - 160
  • [46] User-Level Membership Inference for Federated Learning in Wireless Network Environment
    Zhao, Yanchao
    Chen, Jiale
    Zhang, Jiale
    Yang, Zilu
    Tu, Huawei
    Han, Hao
    Zhu, Kun
    Chen, Bing
    [J]. WIRELESS COMMUNICATIONS & MOBILE COMPUTING, 2021, 2021
  • [47] Toward Selective Membership Inference Attack against Deep Learning Model
    Kwon, Hyun
    Kim, Yongchul
    [J]. IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2022, E105D (11) : 1911 - 1915
  • [48] FD-Leaks: Membership Inference Attacks Against Federated Distillation Learning
    Yang, Zilu
    Zhao, Yanchao
    Zhang, Jiale
    [J]. WEB AND BIG DATA, PT III, APWEB-WAIM 2022, 2023, 13423 : 364 - 378
  • [49] Efficient Membership Inference Attacks against Federated Learning via Bias Differences
    Zhang, Liwei
    Li, Linghui
    Li, Xiaoyong
    Cai, Binsi
    Gao, Yali
    Dou, Ruobin
    Chen, Luying
    [J]. PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, : 222 - 235
  • [50] Membership Inference Attack against Differentially Private Deep Learning Model
    Rahman, Md Atiqur
    Rahman, Tanzila
    Laganiere, Robert
    Mohammed, Noman
    Wang, Yang
    [J]. TRANSACTIONS ON DATA PRIVACY, 2018, 11 (01) : 61 - 79