Summary of Bayes’ Capacity As a Measure For Reconstruction Attacks in Federated Learning, by Sayan Biswas et al.
Bayes’ capacity as a measure for reconstruction attacks in federated learning
by Sayan Biswas, Mark Dras, Pedro Faustini, Natasha Fernandes, Annabelle McIver, Catuscia Palamidessi, Parastoo Sadeghi
First submitted to arxiv on: 19 Jun 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Information Theory (cs.IT)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper investigates the threat of reconstruction attacks in federated learning, a method designed to preserve privacy while training machine learning models collaboratively. The researchers demonstrate that an attacker can infer the exact value of a training element given access to weight updates during stochastic gradient descent (SGD). To address this vulnerability, they propose using differential privacy (DP) in the SGD algorithm, known as DP-SGD. However, it is unclear whether DP-SGD effectively counters reconstruction attacks. The paper formalizes the threat model using information-theoretic frameworks and shows that Bayes’ capacity provides a tight upper bound on leakage to an attacker interested in performing a reconstruction attack. Empirical results demonstrate the effectiveness of this measure for evaluating mechanisms against reconstruction threats. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper looks at how attackers can steal secrets from people who are working together to train machine learning models. Right now, there’s a way called federated learning that tries to keep these secrets safe. But some sneaky hackers have found ways to get around this and figure out what the secret is just by looking at how the model changes as it’s being trained. The researchers want to find a way to stop these attacks, so they’re using something called differential privacy (DP) to make sure the model is more secure. They’re testing DP on some special math problems to see if it really works. |
Keywords
» Artificial intelligence » Federated learning » Machine learning » Stochastic gradient descent
