We consider the problem of predicting cellular network performance (signal maps) from measurements collected by several mobile devices. We formulate the problem within the online federated learning framework: (i) federated learning (FL) enables users to collaboratively train a model, while keeping their training data on their devices; (ii) measurements are collected as users move around over time and are used for local training in an online fashion. We consider an honest-but-curious server, who observes the updates from target users participating in FL and infers their location using a deep leakage from gradients (DLG) type of attack, originally developed to reconstruct training data of DNN image classifiers. We make the key observation that a DLG attack, applied to our setting, infers the average location of a batch of local data, and can thus be used to reconstruct the target users' trajectory at a coarse granularity. We build on this observation to protect location privacy, in our setting, by revisiting and designing mechanisms within the federated learning framework including: tuning the FL parameters for averaging, curating local batches so as to mislead the DLG attacker, and aggregating across multiple users with different trajectories. We evaluate the performance of our algorithms through both analysis and simulation based on real-world mobile datasets, and we show that they achieve a good privacy-utility tradeoff.

翻译：我们考虑从多个移动设备收集的测量数据预测蜂窝网络性能（信号地图）的问题。我们在在线联邦学习框架中形式化该问题：（i）联邦学习（FL）使用户能够协作训练模型，同时将训练数据保留在设备本地；（ii）测量数据随用户移动而随时间收集，并以在线方式用于本地训练。我们考虑一个诚实但好奇的服务器，该服务器观察参与FL的目标用户上传的更新，并利用一种最初为重建深度神经网络图像分类器训练数据而设计的深度梯度泄露（DLG）攻击来推断用户位置。我们通过关键观察发现，应用于本场景的DLG攻击会推断一批本地数据的平均位置，因此可用于以粗粒度重建目标用户的轨迹。基于此观察，我们在本场景中通过重新审视并设计联邦学习框架内的机制来保护位置隐私，具体包括：调整用于平均的FL参数、策划本地批次以误导DLG攻击者，以及聚合具有不同轨迹的多个用户数据。我们基于真实移动数据集通过分析和仿真评估算法性能，结果表明算法能够实现良好的隐私-效用权衡。