An empirical analysis of image augmentation against model inversion attack in federated learning
- Authors
- Shin, Seunghyeon; Boyapati, Mallika; Suo, Kun; Kang, Kyungtae; Son, Junggab
- Issue Date
- Feb-2023
- Publisher
- Baltzer Science Publishers B.V.
- Keywords
- Federated learning; Model inversion attack; Image augmentation; Defensive augmentation; Differential privacy
- Citation
- Cluster Computing, v.26, no.1, pp 349 - 366
- Pages
- 18
- Indexed
- SCIE
SCOPUS
- Journal Title
- Cluster Computing
- Volume
- 26
- Number
- 1
- Start Page
- 349
- End Page
- 366
- URI
- https://scholarworks.bwise.kr/erica/handle/2021.sw.erica/107832
- DOI
- 10.1007/s10586-022-03596-1
- ISSN
- 1386-7857
1573-7543
- Abstract
- Federated Learning (FL) is a technology that facilitates a sophisticated way to train distributed data. As the FL does not expose sensitive data in the training process, it was considered privacy-safe deep learning. However, a few recent studies proved that it is possible to expose the hidden data by exploiting the shared models only. One common solution for the data exposure is differential privacy that adds noise to hinder such an attack, however, it inevitably involves a trade-off between privacy and utility. This paper demonstrates the effectiveness of image augmentation as an alternative defense strategy that has less impact of the trade-off. We conduct comprehensive experiments on the CIFAR-10 and CIFAR-100 datasets with 14 augmentations and 9 magnitudes. As a result, the best combination of augmentation and magnitude for each image class in the datasets was discovered. Also, our results show that a well-fitted augmentation strategy can outperform differential privacy.
- Files in This Item
-
Go to Link
- Appears in
Collections - COLLEGE OF COMPUTING > DEPARTMENT OF ARTIFICIAL INTELLIGENCE > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.