MSc Thesis Defense Announcement of Saroj Dayal:"Comparative Analysis of Membership Inference Attack in Federated Learning"

 

Date: Monday, April 24th, 2023

Time:  10:00am – 12:00pm 

Location: Essex Hall, Room 122

 

Reminders: 1. Two-part attendance mandatory (sign-in sheet, QR Code) 2. Arrive 5-10 minutes prior to event starting - LATECOMERS WILL NOT BE ADMITTED. Note that due to demand, if the room has reached capacity, even if you are "early" admission is not guaranteed. 3. Please be respectful of the presenter by NOT knocking on the door for admittance once the door has been closed whether the presentation has begun or not (If the room is at capacity, overflow is not permitted (ie. sitting on floors) as this is a violation of the Fire Safety code). 4. Be respectful of the decision of the advisor/host of the event if you are not given admittance. The School of Computer Science has numerous events occurring soon.

 

Given a federated learning model and a record, a membership inference attack can determine whether this record is part of the model’s training dataset.  Federated learning is a machine learning technique that enables different parties to train a model without the need to centralize or share their local data. Membership inference attack risks the private datasets if those datasets are used to train the federated learning model and access to the generated model is available. There is a need to study the membership inference attack in the federated learning setting. In this thesis, we empirically investigated and compared various membership inference attack approaches in a federated learning environment. We evaluated these attacks on three datasets (MNIST, FMINST, CIFAR-10) using different optimizers (SGD, RMSProp, AdaGrad) and analyzed them with and without countermeasures. The experimental results show that the membership inference approach using the prediction sensitivity approach is the worst for attackers. Additionally, among all the countermeasures, knowledge distillation has significant advantages in handling the trade-off between privacy and utility.

 

Keywords: Federated Learning, Membership Inference Attack, Privacy, Machine Learning

 

Internal Reader: Dr. Shafaq Khan            

External Reader: Dr. Jagdish Pathak       

Advisor: Dr. Dima Alhadidi

Chair: Dr. Mahdi Firoozjaei