Comparative Analysis of Membership Inference Attacks in Federated Learning

Author

Saroj Dayal, University of Windsor

Date of Award

2023

Publication Type

Thesis

Degree Name

M.Sc.

Department

Computer Science

Keywords

Federated learning, Inference attack, Private datasets, Machine learning

Supervisor

D.Alhadidi

Supervisor

S. Khan

Rights

info:eu-repo/semantics/openAccess

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

Given a federated learning model and a record, a membership inference attack can determine whether this record is part of the model’s training dataset. Federated learning is a machine learning technique that enables different parties to train a model without the need to centralize or share their local data. Membership inference attack risks the private datasets if those datasets are used to train the federated learning model and access to the generated model is available. There is a need to study the membership inference attack in the federated learning setting. In this thesis, we empirically investigated and compared various membership inference attack approaches in a federated learning environment. We evaluated these attacks on three datasets(MNIST, FMINST, CIFAR-10) using different optimizers(SGD, RMSProp, AdaGrad) and analyzed them with and without countermeasures. The experimental results show that the membership inference approach using the prediction sensitivity approach is the worst for attackers. Additionally, among all the countermeasures, knowledge distillation has significant advantages in handling the trade-off between privacy and utility.

Recommended Citation

Dayal, Saroj, "Comparative Analysis of Membership Inference Attacks in Federated Learning" (2023). Electronic Theses and Dissertations. 9069.
https://scholar.uwindsor.ca/etd/9069