A generative adversarial network‐based client‐level handwriting forgery attack in federated learning scenario

IF 3 4区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Expert Systems Pub Date : 2024-07-12 DOI:10.1111/exsy.13676

Lei Shi, Han Wu, Xu Ding, Hao Xu, Sinan Pan

{"title":"A generative adversarial network‐based client‐level handwriting forgery attack in federated learning scenario","authors":"Lei Shi, Han Wu, Xu Ding, Hao Xu, Sinan Pan","doi":"10.1111/exsy.13676","DOIUrl":null,"url":null,"abstract":"Federated learning (FL), celebrated for its privacy‐preserving features, has been revealed by recent studies to harbour security vulnerabilities that jeopardize client privacy, particularly through data reconstruction attacks that enable adversaries to recover original client data. This study introduces a client‐level handwriting forgery attack method for FL based on generative adversarial networks (GANs), which reveals security vulnerabilities existing in FL systems. It should be stressed that this research is purely for academic purposes, aiming to raise concerns about privacy protection and data security, and does not encourage illegal activities. Our novel methodology assumes an adversarial scenario wherein adversaries intercept a fraction of parameter updates via victim clients’ wireless communication channels, then use this information to train GAN for data recovery. Finally, the purpose of handwriting imitation is achieved. To rigorously assess and validate our methodology, experiments were conducted using a bespoke Chinese digit dataset, facilitating in‐depth analysis and robust verification of results. Our experimental findings demonstrated enhanced data recovery effectiveness, a client‐level attack and greater versatility compared to prior art. Notably, our method maintained high attack performance even with a streamlined GAN design, yielding increased precision and significantly faster execution times compared to standard methods. Specifically, our experimental numerical results revealed a substantial boost in reconstruction accuracy by 16.7%, coupled with a 51.9% decrease in computational time compared to the latest similar techniques. Furthermore, tests on a simplified version of our GAN exhibited an average 10% enhancement in accuracy, alongside a remarkable 70% reduction in time consumption. By surmounting the limitations of previous work, this study fills crucial gaps and affirms the effectiveness of our approach in achieving high‐accuracy client‐level data reconstruction within the FL context, thereby stimulating further exploration into FL security measures.","PeriodicalId":51053,"journal":{"name":"Expert Systems","volume":"20 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1111/exsy.13676","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated learning (FL), celebrated for its privacy‐preserving features, has been revealed by recent studies to harbour security vulnerabilities that jeopardize client privacy, particularly through data reconstruction attacks that enable adversaries to recover original client data. This study introduces a client‐level handwriting forgery attack method for FL based on generative adversarial networks (GANs), which reveals security vulnerabilities existing in FL systems. It should be stressed that this research is purely for academic purposes, aiming to raise concerns about privacy protection and data security, and does not encourage illegal activities. Our novel methodology assumes an adversarial scenario wherein adversaries intercept a fraction of parameter updates via victim clients’ wireless communication channels, then use this information to train GAN for data recovery. Finally, the purpose of handwriting imitation is achieved. To rigorously assess and validate our methodology, experiments were conducted using a bespoke Chinese digit dataset, facilitating in‐depth analysis and robust verification of results. Our experimental findings demonstrated enhanced data recovery effectiveness, a client‐level attack and greater versatility compared to prior art. Notably, our method maintained high attack performance even with a streamlined GAN design, yielding increased precision and significantly faster execution times compared to standard methods. Specifically, our experimental numerical results revealed a substantial boost in reconstruction accuracy by 16.7%, coupled with a 51.9% decrease in computational time compared to the latest similar techniques. Furthermore, tests on a simplified version of our GAN exhibited an average 10% enhancement in accuracy, alongside a remarkable 70% reduction in time consumption. By surmounting the limitations of previous work, this study fills crucial gaps and affirms the effectiveness of our approach in achieving high‐accuracy client‐level data reconstruction within the FL context, thereby stimulating further exploration into FL security measures.

查看原文本刊更多论文

联合学习场景中基于生成式对抗网络的客户端级笔迹伪造攻击

联合学习（Federated Learning，FL）因其保护隐私的特性而备受赞誉，但最近的研究却揭示了它存在着危害客户端隐私的安全漏洞，特别是通过数据重构攻击，使对手能够恢复原始客户端数据。本研究介绍了一种基于生成式对抗网络（GANs）的 FL 客户端级笔迹伪造攻击方法，揭示了 FL 系统中存在的安全漏洞。需要强调的是，本研究纯粹出于学术目的，旨在引起人们对隐私保护和数据安全的关注，并不鼓励非法活动。我们的新方法假设了一种对抗场景，即对抗者通过受害者客户端的无线通信信道截获一部分参数更新，然后利用这些信息训练 GAN 进行数据恢复。最后，笔迹模仿的目的就达到了。为了严格评估和验证我们的方法，我们使用定制的中文数字数据集进行了实验，以便对结果进行深入分析和稳健验证。我们的实验结果表明，与现有技术相比，我们的方法提高了数据恢复的有效性、客户端级别的攻击和更大的通用性。值得注意的是，即使采用精简的 GAN 设计，我们的方法仍能保持较高的攻击性能，与标准方法相比，精度更高，执行时间更短。具体来说，我们的数值实验结果表明，与最新的类似技术相比，重建精度大幅提高了 16.7%，计算时间减少了 51.9%。此外，对我们的 GAN 简化版进行的测试表明，精度平均提高了 10%，同时耗时显著减少了 70%。通过克服以往工作的局限性，本研究填补了重要空白，并肯定了我们的方法在 FL 环境下实现高精度客户端级数据重建的有效性，从而激发了对 FL 安全措施的进一步探索。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Expert Systems 工程技术-计算机：理论方法

CiteScore

7.40

自引率

6.10%

发文量

266

审稿时长

24 months

期刊介绍： Expert Systems: The Journal of Knowledge Engineering publishes papers dealing with all aspects of knowledge engineering, including individual methods and techniques in knowledge acquisition and representation, and their application in the construction of systems – including expert systems – based thereon. Detailed scientific evaluation is an essential part of any paper. As well as traditional application areas, such as Software and Requirements Engineering, Human-Computer Interaction, and Artificial Intelligence, we are aiming at the new and growing markets for these technologies, such as Business, Economy, Market Research, and Medical and Health Care. The shift towards this new focus will be marked by a series of special issues covering hot and emergent topics.