Federated Learning (FL) is a widely used framework for training models in a decentralized manner, ensuring that the central server does not have direct access to data from local clients. However, this approach may still fail to fully preserve data privacy, as models from local clients are exposed to the central server during the aggregation process. This issue becomes even more critical when training vision-language models (VLMs) with FL, as VLMs can easily memorize training data instances, making them vulnerable to membership inference attacks (MIAs). To address this challenge, we propose the FedRand framework, which avoids disclosing the full set of client parameters. In this framework, each client randomly selects subparameters of Low-Rank Adaptation (LoRA) from the server and keeps the remaining counterparts of the LoRA weights as private parameters. After training both parameters on the client's private dataset, only the non-private client parameters are sent back to the server for aggregation. This approach mitigates the risk of exposing client-side VLM parameters, thereby enhancing data privacy. We empirically validate that FedRand improves robustness against MIAs compared to relevant baselines while achieving accuracy comparable to methods that communicate full LoRA parameters across several benchmark datasets.

翻译：联邦学习（FL）是一种广泛使用的去中心化模型训练框架，确保中央服务器无法直接访问本地客户端的数据。然而，这种方法仍可能无法完全保护数据隐私，因为在聚合过程中，来自本地客户端的模型会暴露给中央服务器。当使用FL训练视觉语言模型（VLM）时，这一问题变得尤为关键，因为VLM容易记忆训练数据实例，使其易受成员推理攻击（MIA）的影响。为应对这一挑战，我们提出了FedRand框架，该框架避免披露客户端的完整参数集。在此框架中，每个客户端从服务器随机选择低秩适应（LoRA）的子参数，并将LoRA权重的其余对应部分保留为私有参数。在客户端的私有数据集上训练这两类参数后，仅将非私有的客户端参数发送回服务器进行聚合。这种方法降低了暴露客户端VLM参数的风险，从而增强了数据隐私。我们通过实验验证，与相关基线方法相比，FedRand在多个基准数据集上实现了与传输完整LoRA参数方法相当的准确性的同时，提升了对MIA的鲁棒性。