Conference ProceedingsOPEN ACCESS

BI-GAN: Batch Inversion Membership Inference Attack on Federated Learning

Proceedings of the 17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022 (2022) 31-36
DOI: 10.1145/3556548.3559636
3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Federated Learning is a growing advanced collaborative machine learning framework that aims to preserve user-privacy data. However, multiple researchers have investigated attack methods from the server side via gradient inversion techniques or Generative Adversarial Networks (GAN) to reconstruct the raw data distributions from users. In this paper, we propose Batch Inversion GAN (BI-GAN), a novel membership inference attack that can recover user-level batch images from local updates, utilizing both gradient inversion techniques and GAN. Our attack is more stealthy since it only requires access to gradients and does not interfere with the global model performance and is more robust in terms of image batch recovery and victim classification. The experiments show that our attack recovers higher quality images of the victim with higher accuracy compared to other attacks.

Author supplied keywords

Cite

CITATION STYLE

APA

Vo, H., Tang, M., Zheng, X., & Yu, S. (2022). BI-GAN: Batch Inversion Membership Inference Attack on Federated Learning. In Proceedings of the 17th ACM Workshop on Mobility in the Evolving Internet Architecture, MobiArch 2022 (pp. 31–36). Association for Computing Machinery, Inc. https://doi.org/10.1145/3556548.3559636

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free