Detecting GAN-based Privacy Attack in Distributed Learning

Yayuan Xiong,Fengyuan Xu,Sheng Thong
DOI: https://doi.org/10.1109/icc40277.2020.9149430
2020-01-01
Abstract:Distributed learning unleashes the power of training collaboration among multiple parties who have different training data. While participants enjoy mutually beneficial outcomes of the distributed learning, which cannot be achieved by single party, they also worry about the risk of privacy leaking. In fact, recent work shows that a malicious participant is able to leverage a Generative Adversarial Network (GAN) to steal sensitive information of training data owned by others through shared gradient updates. However, existed countermeasures, such as the differential privacy or cryptographic methods, could disturb the training in terms of model accuracy or computation overhead. In this paper, we seek to mitigate this privacy issue in a non-intrusive manner. Instead of passive protection, we propose to actively detect such GAN-based attackers at the very beginning of training. Our detection only utilizes the gradient updates uploaded by participants during the training, so it is transparent to participants and does not require protocol changes. We demonstrate the effectiveness of our detection through extensive experiments in different settings and attack scenarios.
What problem does this paper attempt to address?