UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Exploiting Unintended Feature Leakage in Collaborative Learning

Melis, L; Song, C; De Cristofaro, E; Shmatikov, V; (2019) Exploiting Unintended Feature Leakage in Collaborative Learning. In: Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP). (pp. pp. 691-706). IEEE: San Francisco, CA, USA, USA. Green open access

[thumbnail of De Cristofaro_Exploiting Unintended Feature Leakage in Collaborative Learning_AAM.pdf]
Preview
Text
De Cristofaro_Exploiting Unintended Feature Leakage in Collaborative Learning_AAM.pdf - Accepted Version

Download (1MB) | Preview

Abstract

Collaborative machine learning and related techniques such as federated learning allow multiple participants, each with his own training dataset, to build a joint model by training locally and periodically exchanging model updates. We demonstrate that these updates leak unintended information about participants’ training data and develop passive and active inference attacks to exploit this leakage. First, we show that an adversarial participant can infer the presence of exact data points—for example, specific locations—in others’ training data (i.e., membership inference). Then, we show how this adversary can infer properties that hold only for a subset of the training data and are independent of the properties that the joint model aims to capture. For example, he can infer when a specific person first appears in the photos used to train a binary gender classifier. We evaluate our attacks on a variety of tasks, datasets, and learning configurations, analyze their limitations, and discuss possible defenses.

Type: Proceedings paper
Title: Exploiting Unintended Feature Leakage in Collaborative Learning
Event: 40th IEEE Symposium on Security & Privacy (S&P 2019)
Location: San Francisco, CA
Dates: 20 May 2019 - 22 May 2019
Open access status: An open access version is available from UCL Discovery
DOI: 10.1109/SP.2019.00029
Publisher version: https://doi.org/10.1109/SP.2019.00029
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Training, Training data, Data models, Servers, Collaborative work, Task analysis, Computational modeling, privacy, collaborative-learning, deep-learning, security, inference-attacks
UCL classification: UCL
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10061777
Downloads since deposit
151Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item