University of Twente Student Theses


Membership Inference Attacks on Federated Horizontal Gradient Boosted Decision Trees

Meerhof, J.J. (2023) Membership Inference Attacks on Federated Horizontal Gradient Boosted Decision Trees.

This is the latest version of this item.

[img] PDF
Abstract:Federated Learning is often presented as a privacy preserving measure, as the raw unprocessed data is not transferred to other parties. The privacy claims of Federated Learning have been called into question after successful privacy breaching attacks on the model or protocol. By attacking the model or entire federated protocol itself Membership Inference Attacks could retrieve if an individual was present in a dataset. These attacks are especially dangerous in the medical domain; where sensitive data require privacy guarantees. Attacking Federated Learning Gradient Boosted Decision Trees algorithms is a field mostly left unexplored, therefore this paper investigates the Horizontal Federated Learning protocol “FederBoost” with XGBoost's regularisation parameters. FederBoost is investigated by attacking with two different methods that use extra information acquired during the Federated Learning process. This is all done to asses to what extent Gradient Boosted Decision Trees preserve privacy when using Federated Learning with and without heavy encryption methods. One of the two methods that used the leaked federated information was successful and improved the accuracy of the Membership Inference Attack in certain conditions, thus showing the danger of sharing gradients and hessians during training.
Item Type:Essay (Master)
RIVM, Bilthoven, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page