Beyond Model-Level Membership Privacy Leakage: an Adversarial Approach in Federated Learning

With the rise of privacy concerns in traditional centralized machine learning services, the federated learning, which incorporates multiple participants to train a global model across their localized training data, has lately received significant attention in both industry and academia. However, recent researches reveal the inherent vulnerabilities of the federated learning for the membership inference attacks that the adversary could infer whether a given data record belongs to the model's training set. Although the state-of-the-art techniques could successfully deduce the membership information from the centralized machine learning models, it is still challenging to infer the membership to a more confined level, user-level. In this paper, We propose a novel user-level inference attack mechanism in federated learning. Specifically, we first give a comprehensive analysis of active and targeted membership inference attacks in the context of the federated learning. Then, by considering a more complicated scenario that the adversary can only passively observe the updating models from different iterations, we incorporate the generative adversarial networks into our method, which can enrich the training set for the final membership inference model. The extensive experimental results demonstrate the effectiveness of our proposed attacking approach in the case of single-label and multi-label.