Summary of Harvesting Private Medical Images in Federated Learning Systems with Crafted Models, by Shanghao Shi et al.
Harvesting Private Medical Images in Federated Learning Systems with Crafted Models
by Shanghao Shi, Md Shahedul Haque, Abhijeet Parida, Marius George Linguraru, Y.Thomas Hou, Syed Muhammad Anwar, Wenjing Lou
First submitted to arxiv on: 13 Jul 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR); Image and Video Processing (eess.IV)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed novel attack, MediLeak, targets federated learning (FL) by allowing a malicious parameter server to recover high-fidelity patient images from model updates uploaded by clients. This is achieved by generating an adversarial model with a crafted module and having each client train on it, sending the resulting model updates back to the server. The attack exploits FL protocols and can break state-of-the-art cryptographic secure aggregation protocols designed to protect FL systems from privacy inference attacks. MediLeak was tested on MedMNIST and COVIDx CXR-4 datasets, achieving nearly perfect recovery of private images with high recovery rates and quantitative scores. Furthermore, downstream tasks such as disease classification showed no significant performance degradation compared to using original training samples. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary A new kind of attack called MediLeak threatens the security of a type of machine learning called federated learning (FL). FL lets many devices work together without sharing their own data. But MediLeak can make these devices share their data anyway by tricking them into training on a special model. This attack is bad because it means people’s private information, like medical images, could be leaked. The researchers tested MediLeak and found that it was very good at getting back the original images from the device updates. They also did some extra tasks with the recovered data and saw no significant difference in how well they worked. |
Keywords
» Artificial intelligence » Classification » Federated learning » Inference » Machine learning
