CAREER: Fighting Against Data Reconstruction Attacks in Federated Learning

This project focuses on enhancing privacy in federated learning, an artificial intelligence approach that enables knowledge crowdsourcing without compromising data privacy. The project addresses fundamental issues in vulnerable federated learning schemes that may leak sensitive information through improper privacy definitions or malicious attacks. The project's novelties are developing new, realistic privacy measures and devising strategies to protect against subtle but potentially devastating breaches.

This effort is crucial as federated learning becomes increasingly popular in healthcare, finance, and public services, where privacy is paramount. The project's broader significance and importance are in its potential to protect data privacy in these critical fields, thus fostering a safer environment for knowledge sharing and collaboration.

The project addresses two weak links of federated learning, namely, improper definitions of visual privacy and reconstruction attacks from honest-but-curious clients. First, it introduces a novel metric for assessing privacy leakage in image data that aligns more closely with human perceptions of privacy. This involves conducting comprehensive user studies to understand and design a metric that accurately reflects the privacy implications of image reconstruction attacks.

Second, the project investigates defenses against honest-but-curious clients, a threat where seemingly benign participants can covertly extract sensitive data. The research activities include a detailed analysis of existing defensive mechanisms, the identification of their shortcomings, and the development of innovative defense strategies that are mathematically grounded.

Expected contributions include a deeper understanding of privacy risks and more robust defense mechanisms that can be applied to enhance the privacy of federated learning systems.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.