Published February 25, 2025 | Version v1
Conference paper Metadata-only

Attribute Inference Attacks for Federated Regression Tasks

Diana, Francesco
Marfoq, Othmane
Xu, Chuan
Neglia, Giovanni
Giroire, Frédéric
Thomas, Eoin
Others:
Combinatorics, Optimization and Algorithms for Telecommunications (COATI) ; Inria Sophia Antipolis - Méditerranée (CRISAM) ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-COMmunications, Réseaux, systèmes Embarqués et Distribués (Laboratoire I3S - COMRED) ; Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S) ; Université Nice Sophia Antipolis (1965 - 2019) (UNS)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UniCA)-Université Nice Sophia Antipolis (1965 - 2019) (UNS)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UniCA)-Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S) ; Université Nice Sophia Antipolis (1965 - 2019) (UNS)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UniCA)-Université Nice Sophia Antipolis (1965 - 2019) (UNS)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UniCA)
Meta
Université Côte d'Azur (UniCA)
Network Engineering and Operations (NEO) ; Inria Sophia Antipolis - Méditerranée (CRISAM) ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)
Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S) ; Université Nice Sophia Antipolis (1965 - 2019) (UNS)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UniCA)
COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)
Amadeus ; Amadeus
Inria-FedMalin
ANR-23-PECL-0003,CARECloud,Comprendre, Améliorer, Réduire les impacts Environnementaux du Cloud computing(2023)
ANR-22-PEFT-0002,NF-MUST,end-to-end MUlti-domain Service managemenT architectures (MUST)(2022)
ANR-15-IDEX-0001,UCA JEDI,Idex UCA JEDI(2015)
ANR-17-EURE-0004,UCA DS4H,UCA Systèmes Numériques pour l'Homme(2017)
ANR-19-P3IA-0002,3IA@cote d'azur,3IA Côte d'Azur(2019)
ANR-23-IACL-0001,3IA Côte d'Azur 2030,3IA Côte d'Azur 2030(2023)
European Project: 101120726,HORIZON-CL4-2022-HUMAN-02,https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/how-to-participate/org-details/999999999/project/101120726/program/43108390/details,dAIEDGE

Description

Federated Learning (FL) enables multiple clients, such as mobile phones and IoT devices, to collaboratively train a global machine learning model while keeping their data localized. However, recent studies have revealed that the training phase of FL is vulnerable to reconstruction attacks, such as attribute inference attacks (AIA), where adversaries exploit exchanged messages and auxiliary public information to uncover sensitive attributes of targeted clients. While these attacks have been extensively studied in the context of classification tasks, their impact on regression tasks remains largely unexplored. In this paper, we address this gap by proposing novel modelbased AIAs specifically designed for regression tasks in FL environments. Our approach considers scenarios where adversaries can either eavesdrop on exchanged messages or directly interfere with the training process. We benchmark our proposed attacks against state-of-the-art methods using real-world datasets. The results demonstrate a significant increase in reconstruction accuracy, particularly in heterogeneous client datasets, a common scenario in FL. The efficacy of our model-based AIAs makes them better candidates for empirically quantifying privacy leakage for federated regression tasks.

Abstract

International audience

Additional details

Identifiers Origin repository
Created:
January 13, 2025
Modified:
January 13, 2025