Federated Learning (FL) has emerged as a potentially powerful privacy-preserving machine learning methodology, since it avoids exchanging data between participants, but instead exchanges model parameters. FL has traditionally been applied to image, voice and similar data, but recently it has started to draw attention from domains including financial services where the data is predominantly tabular. However, the work on tabular data has not yet considered potential attacks, in particular attacks using Generative Adversarial Networks (GANs), which have been successfully applied to FL for non-tabular data. This paper is the first to explore leakage of private data in Federated Learning systems that process tabular data. We design a Generative Adversarial Networks (GANs)-based attack model which can be deployed on a malicious client to reconstruct data and its properties from other participants. As a side-effect of considering tabular data, we are able to statistically assess the efficacy of the attack (without relying on human observation such as done for FL for images). We implement our attack model in a recently developed generic FL software framework for tabular data processing. The experimental results demonstrate the effectiveness of the proposed attack model, thus suggesting that further research is required to counter GAN-based privacy attacks.
翻译:联邦学习联合会(FL)已经成为一个潜在强大的保护隐私的机器学习方法,因为它避免了参与者之间交换数据,而取而代之的是交换模型参数。FL传统上一直适用于图像、声音和类似数据,但最近它开始吸引包括金融服务在内的各领域的注意,这些领域的数据主要以表格形式列出;然而,关于表格数据的工作尚未被视为潜在的攻击,特别是利用基因反转网络(GANs)成功地应用到FL(FL)进行非表列数据的攻击。本文是首次探索处理表格数据的联邦学习系统中私人数据渗漏情况的文件。我们设计了一个基于GANs(GANs)的General Aversarial Network(GANs)攻击模型,这个模型可以用于恶意客户从其他参与者那里重建数据及其特性。作为考虑表格数据的副作用,我们能够从统计角度评估攻击的效果(而不必依靠人类观察,例如FL(FL)图像)。我们在最近开发的表格数据处理通用FL软件框架中执行我们的攻击模型。我们设计了我们的攻击模式。我们设计了一个基于GAN(GAN)攻击模型的实验性结果显示拟议的攻击模型需要进一步研究。