Federated Learning (FL) has been proposed as a privacy-preserving solution for machine learning. However, recent works have shown that Federated Learning can leak private client data through membership attacks. In this paper, we show that the effectiveness of these attacks on the clients negatively correlates with the size of the client datasets and model complexity. Based on this finding, we propose model-agnostic Federated Learning as a privacy-enhancing solution because it enables the use of models of varying complexity in the clients. To this end, we present $\texttt{MaPP-FL}$, a novel privacy-aware FL approach that leverages model compression on the clients while keeping a full model on the server. We compare the performance of $\texttt{MaPP-FL}$ against state-of-the-art model-agnostic FL methods on the CIFAR-10, CIFAR-100, and FEMNIST vision datasets. Our experiments show the effectiveness of $\texttt{MaPP-FL}$ in preserving the clients' and the server's privacy while achieving competitive classification accuracies.

翻译：联邦学习（FL）被提出作为一种保护隐私的机器学习解决方案。然而，近期研究表明联邦学习可能通过成员推理攻击泄露客户端的私有数据。本文揭示了此类攻击对客户端的有效性程度与客户端数据集规模及模型复杂度呈负相关关联。基于该发现，我们提出模型无关联邦学习作为隐私增强方案，因其允许客户端采用不同复杂度的模型。为此，我们提出$\texttt{MaPP-FL}$——一种新型隐私感知联邦学习方法，该方法在客户端实施模型压缩的同时保留服务端的完整模型。我们在CIFAR-10、CIFAR-100和FEMNIST视觉数据集上，将$\texttt{MaPP-FL}$与当前最先进的模型无关联邦学习方法进行性能对比。实验结果表明，$\texttt{MaPP-FL}$在保持竞争性分类精度的同时，能有效保护客户端和服务端的隐私。