Federated Learning for Tabular Data: Exploring Potential Risk to Privacy

Han  Wu; Zilong  Zhao; Lydia Y. Chen; Aad van Moorsel

doi:10.1109/ISSRE55969.2022.00028

Federated Learning for Tabular Data: Exploring Potential Risk to Privacy

Han Wu, Zilong Zhao, Lydia Y. Chen, Aad van Moorsel

Data-Intensive Systems

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

3 Citations (Scopus)

18 Downloads (Pure)

Abstract

Federated Learning (FL) has emerged as a potentially powerful privacy-preserving machine learning method-ology, since it avoids exchanging data between participants, but instead exchanges model parameters. FL has traditionally been applied to image, voice and similar data, but recently it has started to draw attention from domains including financial services where the data is predominantly tabular. However, the work on tabular data has not yet considered potential attacks, in particular attacks using Generative Adversarial Networks (GANs), which have been successfully applied to FL for non-tabular data. This paper is the first to explore leakage of private data in Federated Learning systems that process tabular data. We design a Generative Adversarial Networks (GANs)-based attack model which can be deployed on a malicious client to reconstruct data and its properties from other participants. As a side-effect of considering tabular data, we are able to statistically assess the efficacy of the attack (without relying on human observation such as done for FL for images). We implement our attack model in a recently developed generic FL software framework for tabular data processing. The experimental results demonstrate the effectiveness of the proposed attack model, thus suggesting that further research is required to counter GAN-based privacy attacks.

Original language	English
Title of host publication	Proceedings of the 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)
Editors	Cristina Ceballos
Place of Publication	Piscataway
Publisher	IEEE
Pages	193-204
Number of pages	12
ISBN (Electronic)	978-1-6654-5132-1
ISBN (Print)	978-1-6654-5133-8
DOIs	https://doi.org/10.1109/ISSRE55969.2022.00028
Publication status	Published - 2022
Event	2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE) - Charlotte, United States Duration: 31 Oct 2022 → 3 Nov 2022 Conference number: 33rd

Conference

Conference	2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)
Country/Territory	United States
City	Charlotte
Period	31/10/22 → 3/11/22

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

Federated learning
GAN
Privacy
Tabular Data

Access to Document

10.1109/ISSRE55969.2022.00028

Federated_Learning_for_Tabular_Data_Exploring_Potential_Risk_to_PrivacyFinal published version, 1.43 MB

Cite this

@inproceedings{bd5b36270f994fba9cdb5dc846899107,

title = "Federated Learning for Tabular Data: Exploring Potential Risk to Privacy",

abstract = "Federated Learning (FL) has emerged as a potentially powerful privacy-preserving machine learning method-ology, since it avoids exchanging data between participants, but instead exchanges model parameters. FL has traditionally been applied to image, voice and similar data, but recently it has started to draw attention from domains including financial services where the data is predominantly tabular. However, the work on tabular data has not yet considered potential attacks, in particular attacks using Generative Adversarial Networks (GANs), which have been successfully applied to FL for non-tabular data. This paper is the first to explore leakage of private data in Federated Learning systems that process tabular data. We design a Generative Adversarial Networks (GANs)-based attack model which can be deployed on a malicious client to reconstruct data and its properties from other participants. As a side-effect of considering tabular data, we are able to statistically assess the efficacy of the attack (without relying on human observation such as done for FL for images). We implement our attack model in a recently developed generic FL software framework for tabular data processing. The experimental results demonstrate the effectiveness of the proposed attack model, thus suggesting that further research is required to counter GAN-based privacy attacks.",

keywords = "Federated learning, GAN, Privacy, Tabular Data",

author = "Han Wu and Zilong Zhao and Chen, {Lydia Y.} and {van Moorsel}, Aad",

note = "Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.; 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE) ; Conference date: 31-10-2022 Through 03-11-2022",

year = "2022",

doi = "10.1109/ISSRE55969.2022.00028",

language = "English",

isbn = "978-1-6654-5133-8",

pages = "193--204",

editor = "Ceballos, {Cristina }",

booktitle = "Proceedings of the 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)",

publisher = "IEEE",

address = "United States",

}

Wu, H, Zhao, Z, Chen, LY & van Moorsel, A 2022, Federated Learning for Tabular Data: Exploring Potential Risk to Privacy. in C Ceballos (ed.), Proceedings of the 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE). IEEE, Piscataway, pp. 193-204, 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE), Charlotte, United States, 31/10/22. https://doi.org/10.1109/ISSRE55969.2022.00028

Federated Learning for Tabular Data: Exploring Potential Risk to Privacy. / Wu, Han ; Zhao, Zilong ; Chen, Lydia Y. et al.
Proceedings of the 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE). ed. / Cristina Ceballos. Piscataway: IEEE, 2022. p. 193-204.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Federated Learning for Tabular Data

T2 - 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)

AU - Wu, Han

AU - Zhao, Zilong

AU - Chen, Lydia Y.

AU - van Moorsel, Aad

N1 - Conference code: 33rd

PY - 2022

Y1 - 2022

N2 - Federated Learning (FL) has emerged as a potentially powerful privacy-preserving machine learning method-ology, since it avoids exchanging data between participants, but instead exchanges model parameters. FL has traditionally been applied to image, voice and similar data, but recently it has started to draw attention from domains including financial services where the data is predominantly tabular. However, the work on tabular data has not yet considered potential attacks, in particular attacks using Generative Adversarial Networks (GANs), which have been successfully applied to FL for non-tabular data. This paper is the first to explore leakage of private data in Federated Learning systems that process tabular data. We design a Generative Adversarial Networks (GANs)-based attack model which can be deployed on a malicious client to reconstruct data and its properties from other participants. As a side-effect of considering tabular data, we are able to statistically assess the efficacy of the attack (without relying on human observation such as done for FL for images). We implement our attack model in a recently developed generic FL software framework for tabular data processing. The experimental results demonstrate the effectiveness of the proposed attack model, thus suggesting that further research is required to counter GAN-based privacy attacks.

AB - Federated Learning (FL) has emerged as a potentially powerful privacy-preserving machine learning method-ology, since it avoids exchanging data between participants, but instead exchanges model parameters. FL has traditionally been applied to image, voice and similar data, but recently it has started to draw attention from domains including financial services where the data is predominantly tabular. However, the work on tabular data has not yet considered potential attacks, in particular attacks using Generative Adversarial Networks (GANs), which have been successfully applied to FL for non-tabular data. This paper is the first to explore leakage of private data in Federated Learning systems that process tabular data. We design a Generative Adversarial Networks (GANs)-based attack model which can be deployed on a malicious client to reconstruct data and its properties from other participants. As a side-effect of considering tabular data, we are able to statistically assess the efficacy of the attack (without relying on human observation such as done for FL for images). We implement our attack model in a recently developed generic FL software framework for tabular data processing. The experimental results demonstrate the effectiveness of the proposed attack model, thus suggesting that further research is required to counter GAN-based privacy attacks.

KW - Federated learning

KW - GAN

KW - Privacy

KW - Tabular Data

UR - http://www.scopus.com/inward/record.url?scp=85145880011&partnerID=8YFLogxK

U2 - 10.1109/ISSRE55969.2022.00028

DO - 10.1109/ISSRE55969.2022.00028

M3 - Conference contribution

SN - 978-1-6654-5133-8

SP - 193

EP - 204

BT - Proceedings of the 2022 IEEE 33rd International Symposium on Software Reliability Engineering (ISSRE)

A2 - Ceballos, Cristina

PB - IEEE

CY - Piscataway

Y2 - 31 October 2022 through 3 November 2022

ER -

Federated Learning for Tabular Data: Exploring Potential Risk to Privacy

Abstract

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this