University of Twente Student Theses
Membership Inference Attacks on Federated Learning Optimisation Protocols
Mulder, P.W. (2024) Membership Inference Attacks on Federated Learning Optimisation Protocols.
PDF
714kB |
Abstract: | Previous works on Membership Inference Attacks (MIAs) have done plentiful research on the effect of different hyperparameters of a Federated Learning (FL) system on the susceptibility to MIAs. In this work, we go one meta-step higher to investigate the effect the optimisation method itself has on the MIA accuracy and AUC. We apply white-box Membership Inference Attacks (MIAs) on these protocols to show that FedAdam, FedNAG, and a version of FedNL are more susceptible to MIAs than FedAvg because of an increased generalisation error, despite an overall lower empirical error. We find this is because alternative protocols have more overconfidence than FedAvg, which results in clearer distinctions in membership. Furthermore, we tailor a new attack to these protocols called the Ancillary Attack. This attack relies on the ancillary variables that the alternative protocols use. The update to the ancillary variables shows different patterns for member than for non-member data and so can be used to improve an MIA. We modify the attack of Nasr et al. by adding a component that takes this update as input. Though this component further decreases the stability of the attack model, we show that it helps to improve the prediction of membership. We run experiments with and without this component on the victim model architectures of ResNet with 18 and 34 layers, smaller Fully Connected Networks (FCNs) and on logistic regression trained for CIFAR-10, CIFAR-100, Purchase100 and Texas100 in a cross-silo federated setting. We show that even with a federation of 100 clients, a client can successfully attack systems optimised with alternatives to FedAvg. Additionally, when using the ancillary attack component, they can further their success. |
Item Type: | Essay (Master) |
Clients: | TNO, The Hague, The Netherlands |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 31 mathematics, 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/103412 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page