Date of Award
2023
Publication Type
Thesis
Degree Name
M.Sc.
Department
Computer Science
Keywords
Federated learning, Inference attack, Private datasets, Machine learning
Supervisor
D.Alhadidi
Supervisor
S. Khan
Rights
info:eu-repo/semantics/openAccess
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Abstract
Given a federated learning model and a record, a membership inference attack can determine whether this record is part of the model’s training dataset. Federated learning is a machine learning technique that enables different parties to train a model without the need to centralize or share their local data. Membership inference attack risks the private datasets if those datasets are used to train the federated learning model and access to the generated model is available. There is a need to study the membership inference attack in the federated learning setting. In this thesis, we empirically investigated and compared various membership inference attack approaches in a federated learning environment. We evaluated these attacks on three datasets(MNIST, FMINST, CIFAR-10) using different optimizers(SGD, RMSProp, AdaGrad) and analyzed them with and without countermeasures. The experimental results show that the membership inference approach using the prediction sensitivity approach is the worst for attackers. Additionally, among all the countermeasures, knowledge distillation has significant advantages in handling the trade-off between privacy and utility.
Recommended Citation
Dayal, Saroj, "Comparative Analysis of Membership Inference Attacks in Federated Learning" (2023). Electronic Theses and Dissertations. 9069.
https://scholar.uwindsor.ca/etd/9069