University of Twente Student Theses
Membership Inference Attacks on Federated Horizontal Gradient Boosted Decision Trees
Meerhof, J.J. (2023) Membership Inference Attacks on Federated Horizontal Gradient Boosted Decision Trees.
This is the latest version of this item.
PDF
1MB |
Abstract: | Federated Learning is often presented as a privacy preserving measure, as the raw unprocessed data is not transferred to other parties. The privacy claims of Federated Learning have been called into question after successful privacy breaching attacks on the model or protocol. By attacking the model or entire federated protocol itself Membership Inference Attacks could retrieve if an individual was present in a dataset. These attacks are especially dangerous in the medical domain; where sensitive data require privacy guarantees. Attacking Federated Learning Gradient Boosted Decision Trees algorithms is a field mostly left unexplored, therefore this paper investigates the Horizontal Federated Learning protocol “FederBoost” with XGBoost's regularisation parameters. FederBoost is investigated by attacking with two different methods that use extra information acquired during the Federated Learning process. This is all done to asses to what extent Gradient Boosted Decision Trees preserve privacy when using Federated Learning with and without heavy encryption methods. One of the two methods that used the leaked federated information was successful and improved the accuracy of the Membership Inference Attack in certain conditions, thus showing the danger of sharing gradients and hessians during training. |
Item Type: | Essay (Master) |
Clients: | RIVM, Bilthoven, Netherlands |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/97917 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page