Automatic transformation search against deep leakage from gradients

Automatic transformation search against deep leakage from gradients

Collaborative learning has gained great popularity due to its benefit of data privacy protection: participants can jointly train a Deep Learning model without sharing their training sets. However, recent works discovered that an adversary can fully recover the sensitive training samples from the sha...

Full description

Saved in:
Bibliographic Details
Main Authors: Gao, Wei, Zhang, Xu, Guo, Shangwei, Zhang, Tianwei, Xiang, Tao, Qiu, Han, Wen, Yonggang, Liu, Yang
Other Authors: School of Computer Science and Engineering
Format: Article
Language:English
Published: 2023
Subjects:
Engineering::Computer science and engineering
Auto Augmentation
Collaborative Learning
Online Access:https://hdl.handle.net/10356/172192
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-172192
record_format dspace
spelling sg-ntu-dr.10356-1721922023-11-29T01:27:39Z Automatic transformation search against deep leakage from gradients Gao, Wei Zhang, Xu Guo, Shangwei Zhang, Tianwei Xiang, Tao Qiu, Han Wen, Yonggang Liu, Yang School of Computer Science and Engineering S-Lab Engineering::Computer science and engineering Auto Augmentation Collaborative Learning Collaborative learning has gained great popularity due to its benefit of data privacy protection: participants can jointly train a Deep Learning model without sharing their training sets. However, recent works discovered that an adversary can fully recover the sensitive training samples from the shared gradients. Such reconstruction attacks pose severe threats to collaborative learning. Hence, effective mitigation solutions are urgently desired. In this paper, we systematically analyze existing reconstruction attacks and propose to leverage data augmentation to defeat these attacks: by preprocessing sensitive images with carefully-selected transformation policies, it becomes infeasible for the adversary to extract training samples from the corresponding gradients. We first design two new metrics to quantify the impacts of transformations on data privacy and model usability. With the two metrics, we design a novel search method to automatically discover qualified policies from a given data augmentation library. Our defense method can be further combined with existing collaborative training systems without modifying the training protocols. We conduct comprehensive experiments on various system settings. Evaluation results demonstrate that the policies discovered by our method can defeat state-of-the-art reconstruction attacks in collaborative learning, with high efficiency and negligible impact on the model performance. Ministry of Education (MOE) Nanyang Technological University National Research Foundation (NRF) This work was supported in part by the National Key R&D Program of China under Grant 2022YFB3103500; in part by the National Natural Science Foundation of China under Grants U21A20463, U20A20176, and 62102052; in part by the Singapore National Research Foundation under its National Cybersecurity R&D Programme under Grant NRF2018NCR-NCR009-0001, in part by the Singapore Ministry of Education (MOE) under Grants AcRF Tier 2 MOE-T2EP20121-0006 and AcRF Tier 1 RS02/19; and in part by the Nanyang Technological University (NTU) Start-up grant. Moreover, this study is supported under the RIE2020 Industry Alignment Fund. Industry Collaboration Projects (IAF-ICP) Funding Initiative, as well as cash and in-kind contribution from the industry partners. 2023-11-29T01:27:38Z 2023-11-29T01:27:38Z 2023 Journal Article Gao, W., Zhang, X., Guo, S., Zhang, T., Xiang, T., Qiu, H., Wen, Y. & Liu, Y. (2023). Automatic transformation search against deep leakage from gradients. IEEE Transactions On Pattern Analysis and Machine Intelligence, 45(9), 10650-10668. https://dx.doi.org/10.1109/TPAMI.2023.3262813 0162-8828 https://hdl.handle.net/10356/172192 10.1109/TPAMI.2023.3262813 37030873 2-s2.0-85151496830 9 45 10650 10668 en NRF2018NCR-NCR009-0001 MOE-T2EP20121-0006 RS02/19 IEEE Transactions on Pattern Analysis and Machine Intelligence © 2023 IEEE. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Auto Augmentation
Collaborative Learning
spellingShingle Engineering::Computer science and engineering
Auto Augmentation
Collaborative Learning
Gao, Wei
Zhang, Xu
Guo, Shangwei
Zhang, Tianwei
Xiang, Tao
Qiu, Han
Wen, Yonggang
Liu, Yang
Automatic transformation search against deep leakage from gradients
description Collaborative learning has gained great popularity due to its benefit of data privacy protection: participants can jointly train a Deep Learning model without sharing their training sets. However, recent works discovered that an adversary can fully recover the sensitive training samples from the shared gradients. Such reconstruction attacks pose severe threats to collaborative learning. Hence, effective mitigation solutions are urgently desired. In this paper, we systematically analyze existing reconstruction attacks and propose to leverage data augmentation to defeat these attacks: by preprocessing sensitive images with carefully-selected transformation policies, it becomes infeasible for the adversary to extract training samples from the corresponding gradients. We first design two new metrics to quantify the impacts of transformations on data privacy and model usability. With the two metrics, we design a novel search method to automatically discover qualified policies from a given data augmentation library. Our defense method can be further combined with existing collaborative training systems without modifying the training protocols. We conduct comprehensive experiments on various system settings. Evaluation results demonstrate that the policies discovered by our method can defeat state-of-the-art reconstruction attacks in collaborative learning, with high efficiency and negligible impact on the model performance.
author2 School of Computer Science and Engineering
author_facet School of Computer Science and Engineering
Gao, Wei
Zhang, Xu
Guo, Shangwei
Zhang, Tianwei
Xiang, Tao
Qiu, Han
Wen, Yonggang
Liu, Yang
format Article
author Gao, Wei
Zhang, Xu
Guo, Shangwei
Zhang, Tianwei
Xiang, Tao
Qiu, Han
Wen, Yonggang
Liu, Yang
author_sort Gao, Wei
title Automatic transformation search against deep leakage from gradients
title_short Automatic transformation search against deep leakage from gradients
title_full Automatic transformation search against deep leakage from gradients
title_fullStr Automatic transformation search against deep leakage from gradients
title_full_unstemmed Automatic transformation search against deep leakage from gradients
title_sort automatic transformation search against deep leakage from gradients
publishDate 2023
url https://hdl.handle.net/10356/172192
_version_ 1783955580217458688

Similar Items