Do Gradient Inversion Attacks Make Federated Learning Unsafe?

Do Gradient Inversion Attacks Make Federated Learning Unsafe?

Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. This capability makes it especially interesting for healthcare applications where patient and data privacy is of utmost concern. However, recent works on the inversion of deep neural networks fr...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on medical imaging 2023-07, Vol.42 (7), p.1-1
Hauptverfasser: Hatamizadeh, Ali, Yin, Hongxu, Molchanov, Pavlo, Myronenko, Andriy, Li, Wenqi, Dogra, Prerna, Feng, Andrew, Flores, Mona G., Kautz, Jan, Xu, Daguang, Roth, Holger R.
Format: Artikel
Sprache:eng
Schlagworte:
Artificial intelligence
Artificial neural networks
Computational modeling
Data models
Deep Learning
Federated Learning
Gradient Inversion
Humans
Image reconstruction
Inversion
Leakage
Machine learning
Measurement methods
Medical Informatics
Medical services
Model accuracy
Neural networks
Neural Networks, Computer
Patient Privacy
Privacy
Security
Servers
Supervised Machine Learning
Training
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. This capability makes it especially interesting for healthcare applications where patient and data privacy is of utmost concern. However, recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in FL use-cases where the clients' training involves updating the Batch Normalization (BN) statistics and provide a new baseline attack that works for such scenarios. Furthermore, we present new ways to measure and visualize potential data leakage in FL. Our work is a step towards establishing reproducible methods of measuring data leakage in FL and could help determine the optimal tradeoffs between privacy-preserving techniques, such as differential privacy, and model accuracy based on quantifiable metrics.
ISSN:0278-0062
1558-254X
1558-254X
DOI:10.1109/TMI.2023.3239391