Federated Learning (FL) has emerged as a promising paradigm for collaborative model training without the need to share clients' personal data, thereby preserving privacy. However, the non-IID nature of the clients' data introduces major challenges for FL, highlighting the importance of personalized federated learning (PFL) methods. In PFL, models are trained to cater to specific feature distributions present in the population data. A notable method for PFL is the Iterative Federated Clustering Algorithm (IFCA), which mitigates the concerns associated with the non-IID-ness by grouping clients with similar data distributions. While it has been shown that IFCA enhances both accuracy and fairness, its strategy of dividing the population into smaller clusters increases vulnerability to Membership Inference Attacks (MIA), particularly among minorities with limited training samples. In this paper, we introduce IFCA-MIR, an improved version of IFCA that integrates MIA risk assessment into the clustering process. Allowing clients to select clusters based on both model performance and MIA vulnerability, IFCA-MIR achieves an improved performance with respect to accuracy, fairness, and privacy. We demonstrate that IFCA-MIR significantly reduces MIA risk while maintaining comparable model accuracy and fairness as the original IFCA.

翻译：联邦学习（FL）作为一种无需共享客户端个人数据即可进行协同模型训练的前沿范式，在保护隐私方面展现出巨大潜力。然而，客户端数据的非独立同分布特性给联邦学习带来了重大挑战，凸显了个性化联邦学习方法的重要性。在个性化联邦学习中，模型被训练以适应群体数据中存在的特定特征分布。一种值得关注的个性化联邦学习方法——迭代联邦聚类算法，通过将具有相似数据分布的客户端分组，缓解了与非独立同分布相关的难题。尽管已有研究表明该算法在准确性和公平性方面均有所提升，但其将群体划分为较小簇的策略却增加了遭受成员推理攻击的脆弱性，特别是在训练样本有限的少数群体中。本文提出了IFCA-MIR，这是该算法的一个改进版本，它将成员推理攻击风险评估整合到聚类过程中。通过允许客户端基于模型性能和成员推理攻击脆弱性共同选择簇，IFCA-MIR在准确性、公平性和隐私性方面实现了更优的综合性能。我们证明，IFCA-MIR在保持与原始算法相当的模型准确性和公平性的同时，能显著降低成员推理攻击风险。