On Defensive Neural Networks against Inference Attack in Federated Learning

Hongkyu Lee; Jeehyeong Kim; Rasheed Hussain; Sunghyun Cho; Junggab Son

doi:10.1109/ICC42927.2021.9500936

On Defensive Neural Networks against Inference Attack in Federated Learning

Hongkyu Lee, Jeehyeong Kim, Rasheed Hussain, Sunghyun Cho, Junggab Son

Department of Electrical & Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

13 Citations (Scopus)

Abstract

Federated Learning (FL) is a promising technique for edge computing environments as it provides better data privacy protection. It enables each edge node in the system to send a central server a computed value, named gradient, rather than sending raw data. However, recent research results show that the FL is still vulnerable to an inference attack, which is an adversarial algorithm that is capable of identifying the data used to compute the gradient. One prevalent mitigation strategy is differential privacy which computes a gradient with noised data, but this causes another problem that is accuracy degradation. To effectively deal with this problem, this paper proposes a new digestive neural network (DNN) and integrates it into FL. The proposed scheme distorts raw data by DNN to make it unrecognizable then computes a gradient by a classification network. The gradients generated by edge nodes will be sent to the server to complete a trained model. The simulation results show that the proposed scheme has 9.31% higher classification accuracy and 19.25% lower attack accuracy on average than the differential private schemes.

Original language	English
Title of host publication	ICC 2021 - IEEE International Conference on Communications, Proceedings
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
ISBN (Electronic)	9781728171227
DOIs	https://doi.org/10.1109/ICC42927.2021.9500936
Publication status	Published - Jun 2021
Event	2021 IEEE International Conference on Communications, ICC 2021 - Virtual, Online, Canada Duration: 14 Jun 2021 → 23 Jun 2021

Publication series

Name	IEEE International Conference on Communications
Publisher	IEEE
ISSN (Print)	1550-3607
ISSN (Electronic)	1938-1883

Conference

Conference	2021 IEEE International Conference on Communications, ICC 2021
Country/Territory	Canada
City	Virtual, Online
Period	14/06/21 → 23/06/21

Bibliographical note

Funding Information:
This work was supported by the MSIT (Ministry of Science, ICT), Korea, under the High-Potential Individuals Global Training Program (2019-0-01601) supervised by the IITP (Institute for Information & Communications Technology Planning & Evaluation). Corresponding Author: Junggab Son (Email: [email protected])

Publisher Copyright:
© 2021 IEEE.

Keywords

Deep Learning
Differential Privacy
Edge Computing
Federated Learning
Inference Attack

Access to Document

10.1109/ICC42927.2021.9500936

Handle.net

Persistent link

Cite this

@inproceedings{f337e68c46be4f37a9cec241810f9514,

title = "On Defensive Neural Networks against Inference Attack in Federated Learning",

abstract = "Federated Learning (FL) is a promising technique for edge computing environments as it provides better data privacy protection. It enables each edge node in the system to send a central server a computed value, named gradient, rather than sending raw data. However, recent research results show that the FL is still vulnerable to an inference attack, which is an adversarial algorithm that is capable of identifying the data used to compute the gradient. One prevalent mitigation strategy is differential privacy which computes a gradient with noised data, but this causes another problem that is accuracy degradation. To effectively deal with this problem, this paper proposes a new digestive neural network (DNN) and integrates it into FL. The proposed scheme distorts raw data by DNN to make it unrecognizable then computes a gradient by a classification network. The gradients generated by edge nodes will be sent to the server to complete a trained model. The simulation results show that the proposed scheme has 9.31% higher classification accuracy and 19.25% lower attack accuracy on average than the differential private schemes.",

keywords = "Deep Learning, Differential Privacy, Edge Computing, Federated Learning, Inference Attack",

author = "Hongkyu Lee and Jeehyeong Kim and Rasheed Hussain and Sunghyun Cho and Junggab Son",

note = "Funding Information: This work was supported by the MSIT (Ministry of Science, ICT), Korea, under the High-Potential Individuals Global Training Program (2019-0-01601) supervised by the IITP (Institute for Information & Communications Technology Planning & Evaluation). Corresponding Author: Junggab Son (Email: [email protected]) Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE International Conference on Communications, ICC 2021 ; Conference date: 14-06-2021 Through 23-06-2021",

year = "2021",

month = jun,

doi = "10.1109/ICC42927.2021.9500936",

language = "English",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

booktitle = "ICC 2021 - IEEE International Conference on Communications, Proceedings",

address = "United States",

}

Lee, H, Kim, J, Hussain, R, Cho, S & Son, J 2021, On Defensive Neural Networks against Inference Attack in Federated Learning. in ICC 2021 - IEEE International Conference on Communications, Proceedings. IEEE International Conference on Communications, Institute of Electrical and Electronics Engineers (IEEE), 2021 IEEE International Conference on Communications, ICC 2021, Virtual, Online, Canada, 14/06/21. https://doi.org/10.1109/ICC42927.2021.9500936

On Defensive Neural Networks against Inference Attack in Federated Learning. / Lee, Hongkyu; Kim, Jeehyeong; Hussain, Rasheed et al.
ICC 2021 - IEEE International Conference on Communications, Proceedings. Institute of Electrical and Electronics Engineers (IEEE), 2021. (IEEE International Conference on Communications).

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - On Defensive Neural Networks against Inference Attack in Federated Learning

AU - Lee, Hongkyu

AU - Kim, Jeehyeong

AU - Hussain, Rasheed

AU - Cho, Sunghyun

AU - Son, Junggab

N1 - Funding Information: This work was supported by the MSIT (Ministry of Science, ICT), Korea, under the High-Potential Individuals Global Training Program (2019-0-01601) supervised by the IITP (Institute for Information & Communications Technology Planning & Evaluation). Corresponding Author: Junggab Son (Email: [email protected]) Publisher Copyright: © 2021 IEEE.

PY - 2021/6

Y1 - 2021/6

N2 - Federated Learning (FL) is a promising technique for edge computing environments as it provides better data privacy protection. It enables each edge node in the system to send a central server a computed value, named gradient, rather than sending raw data. However, recent research results show that the FL is still vulnerable to an inference attack, which is an adversarial algorithm that is capable of identifying the data used to compute the gradient. One prevalent mitigation strategy is differential privacy which computes a gradient with noised data, but this causes another problem that is accuracy degradation. To effectively deal with this problem, this paper proposes a new digestive neural network (DNN) and integrates it into FL. The proposed scheme distorts raw data by DNN to make it unrecognizable then computes a gradient by a classification network. The gradients generated by edge nodes will be sent to the server to complete a trained model. The simulation results show that the proposed scheme has 9.31% higher classification accuracy and 19.25% lower attack accuracy on average than the differential private schemes.

AB - Federated Learning (FL) is a promising technique for edge computing environments as it provides better data privacy protection. It enables each edge node in the system to send a central server a computed value, named gradient, rather than sending raw data. However, recent research results show that the FL is still vulnerable to an inference attack, which is an adversarial algorithm that is capable of identifying the data used to compute the gradient. One prevalent mitigation strategy is differential privacy which computes a gradient with noised data, but this causes another problem that is accuracy degradation. To effectively deal with this problem, this paper proposes a new digestive neural network (DNN) and integrates it into FL. The proposed scheme distorts raw data by DNN to make it unrecognizable then computes a gradient by a classification network. The gradients generated by edge nodes will be sent to the server to complete a trained model. The simulation results show that the proposed scheme has 9.31% higher classification accuracy and 19.25% lower attack accuracy on average than the differential private schemes.

KW - Deep Learning

KW - Differential Privacy

KW - Edge Computing

KW - Federated Learning

KW - Inference Attack

UR - http://www.scopus.com/inward/record.url?scp=85115693313&partnerID=8YFLogxK

U2 - 10.1109/ICC42927.2021.9500936

DO - 10.1109/ICC42927.2021.9500936

M3 - Conference Contribution (Conference Proceeding)

AN - SCOPUS:85115693313

T3 - IEEE International Conference on Communications

BT - ICC 2021 - IEEE International Conference on Communications, Proceedings

PB - Institute of Electrical and Electronics Engineers (IEEE)

T2 - 2021 IEEE International Conference on Communications, ICC 2021

Y2 - 14 June 2021 through 23 June 2021

ER -

On Defensive Neural Networks against Inference Attack in Federated Learning

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this