SRATTA : Sample Re-ATTribution Attack of Secure Aggregation in Federated Learning
Authors:
Tanguy Marchand,
Régis Loeb,
Ulysse Marteau-Ferey,
Jean Ogier du Terrail,
Arthur Pignet
Abstract:
We consider a cross-silo federated learning (FL) setting where a machine learning model with a fully connected first layer is trained between different clients and a central server using FedAvg, and where the aggregation step can be performed with secure aggregation (SA). We present SRATTA an attack relying only on aggregated models which, under realistic assumptions, (i) recovers data samples fro…
▽ More
We consider a cross-silo federated learning (FL) setting where a machine learning model with a fully connected first layer is trained between different clients and a central server using FedAvg, and where the aggregation step can be performed with secure aggregation (SA). We present SRATTA an attack relying only on aggregated models which, under realistic assumptions, (i) recovers data samples from the different clients, and (ii) groups data samples coming from the same client together. While sample recovery has already been explored in an FL setting, the ability to group samples per client, despite the use of SA, is novel. This poses a significant unforeseen security threat to FL and effectively breaks SA. We show that SRATTA is both theoretically grounded and can be used in practice on realistic models and datasets. We also propose counter-measures, and claim that clients should play an active role to guarantee their privacy during training.
△ Less
Submitted 13 June, 2023;
originally announced June 2023.
FLamby: Datasets and Benchmarks for Cross-Silo Federated Learning in Realistic Healthcare Settings
Authors:
Jean Ogier du Terrail,
Samy-Safwan Ayed,
Edwige Cyffers,
Felix Grimberg,
Chaoyang He,
Regis Loeb,
Paul Mangold,
Tanguy Marchand,
Othmane Marfoq,
Erum Mushtaq,
Boris Muzellec,
Constantin Philippenko,
Santiago Silva,
Maria Teleńczuk,
Shadi Albarqouni,
Salman Avestimehr,
Aurélien Bellet,
Aymeric Dieuleveut,
Martin Jaggi,
Sai Praneeth Karimireddy,
Marco Lorenzi,
Giovanni Neglia,
Marc Tommasi,
Mathieu Andreux
Abstract:
Federated Learning (FL) is a novel approach enabling several clients holding sensitive data to collaboratively train machine learning models, without centralizing data. The cross-silo FL setting corresponds to the case of few ($2$--$50$) reliable clients, each holding medium to large datasets, and is typically found in applications such as healthcare, finance, or industry. While previous works hav…
▽ More
Federated Learning (FL) is a novel approach enabling several clients holding sensitive data to collaboratively train machine learning models, without centralizing data. The cross-silo FL setting corresponds to the case of few ($2$--$50$) reliable clients, each holding medium to large datasets, and is typically found in applications such as healthcare, finance, or industry. While previous works have proposed representative datasets for cross-device FL, few realistic healthcare cross-silo FL datasets exist, thereby slowing algorithmic research in this critical application. In this work, we propose a novel cross-silo dataset suite focused on healthcare, FLamby (Federated Learning AMple Benchmark of Your cross-silo strategies), to bridge the gap between theory and practice of cross-silo FL. FLamby encompasses 7 healthcare datasets with natural splits, covering multiple tasks, modalities, and data volumes, each accompanied with baseline training code. As an illustration, we additionally benchmark standard FL algorithms on all datasets. Our flexible and modular suite allows researchers to easily download datasets, reproduce results and re-use the different components for their research. FLamby is available at~\url{www.github.com/owkin/flamby}.
△ Less
Submitted 5 May, 2023; v1 submitted 10 October, 2022;
originally announced October 2022.
