Over the last few years, federated learning (FL) has emerged as a prominent method in machine learning, emphasizing privacy preservation by allowing multiple clients to collaboratively build a model while keeping their training data private. Despite this focus on privacy, FL models are susceptible to various attacks, including membership inference attacks (MIAs), posing a serious threat to data confidentiality. In a recent study, Rezaei \textit{et al.} revealed the existence of an accuracy-privacy trade-off in deep ensembles and proposed a few fusion strategies to overcome it. In this paper, we aim to explore the relationship between deep ensembles and FL. Specifically, we investigate whether confidence-based metrics derived from deep ensembles apply to FL and whether there is a trade-off between accuracy and privacy in FL with respect to MIA. Empirical investigations illustrate a lack of a non-monotonic correlation between the number of clients and the accuracy-privacy trade-off. By experimenting with different numbers of federated clients, datasets, and confidence-metric-based fusion strategies, we identify and analytically justify the clear existence of the accuracy-privacy trade-off.
翻译:近年来,联邦学习(FL)已成为机器学习领域的重要方法,其通过允许多个客户端在保持训练数据私密性的前提下协作构建模型,从而强调隐私保护。尽管聚焦于隐私保护,联邦学习模型仍易受各类攻击影响,包括成员推理攻击(MIAs),这对数据机密性构成了严重威胁。在最近的一项研究中,Rezaei等人揭示了深度集成方法中存在的准确性与隐私权衡,并提出了一些融合策略以克服此问题。本文旨在探索深度集成与联邦学习之间的关系。具体而言,我们研究了从深度集成中衍生的基于置信度的度量是否适用于联邦学习,以及在联邦学习中针对成员推理攻击是否存在准确性与隐私之间的权衡。实证研究表明,客户端数量与准确性和隐私权衡之间缺乏非单调相关性。通过实验不同的联邦客户端数量、数据集以及基于置信度度量的融合策略,我们识别并从分析上论证了准确性与隐私权衡的明确存在性。