Affiliation:
1. School of Computer Science and Information Engineering Hefei University of Technology Hefei Anhui China
2. Engineering Research Center of Safety Critical Industrial Measurement and Control Technology Ministry of Education Hefei Anhui China
Abstract
AbstractFederated learning (FL), celebrated for its privacy‐preserving features, has been revealed by recent studies to harbour security vulnerabilities that jeopardize client privacy, particularly through data reconstruction attacks that enable adversaries to recover original client data. This study introduces a client‐level handwriting forgery attack method for FL based on generative adversarial networks (GANs), which reveals security vulnerabilities existing in FL systems. It should be stressed that this research is purely for academic purposes, aiming to raise concerns about privacy protection and data security, and does not encourage illegal activities. Our novel methodology assumes an adversarial scenario wherein adversaries intercept a fraction of parameter updates via victim clients’ wireless communication channels, then use this information to train GAN for data recovery. Finally, the purpose of handwriting imitation is achieved. To rigorously assess and validate our methodology, experiments were conducted using a bespoke Chinese digit dataset, facilitating in‐depth analysis and robust verification of results. Our experimental findings demonstrated enhanced data recovery effectiveness, a client‐level attack and greater versatility compared to prior art. Notably, our method maintained high attack performance even with a streamlined GAN design, yielding increased precision and significantly faster execution times compared to standard methods. Specifically, our experimental numerical results revealed a substantial boost in reconstruction accuracy by 16.7%, coupled with a 51.9% decrease in computational time compared to the latest similar techniques. Furthermore, tests on a simplified version of our GAN exhibited an average 10% enhancement in accuracy, alongside a remarkable 70% reduction in time consumption. By surmounting the limitations of previous work, this study fills crucial gaps and affirms the effectiveness of our approach in achieving high‐accuracy client‐level data reconstruction within the FL context, thereby stimulating further exploration into FL security measures.
Funder
Natural Science Foundation of Anhui Province
Reference39 articles.
1. Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications
2. Generative Adversarial Networks
3. Chen C. &Campbell N. D.(2021).Understanding training‐data leakage from gradients in neural networks for image classification. arXiv preprint arXiv:2111.10178.
4. Flight track pattern recognition based on few labeled data with outliers;Fan Y.;Journal of Electronic Imaging,2021