Hongyan Chang, National University of Singapore; Brandon Edwards, Intel Corporation; Anindya S. Paul, University of Florida; Reza Shokri, National University of Singapore
We design a novel efficient membership inference attack to audit privacy risks in federated learning. Our approach involves computing the slope of specific model performance metrics (e.g., model's output and its loss) across FL rounds to differentiate members from non-members. Since these metrics are automatically computed during the FL process, our solution imposes negligible overhead and can be seamlessly integrated without disrupting training. We validate the effectiveness and superiority of our method over prior work across a wide range of FL settings and real-world datasets.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Hongyan Chang and Brandon Edwards and Anindya S. Paul and Reza Shokri},
title = {Efficient Privacy Auditing in Federated Learning},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {307--323},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/chang},
publisher = {USENIX Association},
month = aug
}
