Rethinking Privacy Protection in Federated Learning in the Face of Model Inversion Attacks
Wenjing Lou, Virginia Tech, United States
Keynote Lecture
Awais Rashid, University of Bristol, United Kingdom
Keynote Lecture
Ahmad-Reza Sadeghi, Technical University of Darmstadt, Germany
Rethinking Privacy Protection in Federated Learning in the Face of Model Inversion Attacks
Wenjing Lou
Virginia Tech
United States
![]()
Brief Bio
Wenjing Lou is the W. C. English Endowed Professor of Computer Science at Virginia Tech and a Fellow of the IEEE and ACM. Her research interests cover many topics in the cybersecurity field, with her current research interest focusing on security and privacy problems in wireless networks, blockchain, trustworthy machine learning, and Internet of Things (IoT) systems. Prof. Lou is a highly cited researcher by the Web of Science Group. She received the Virginia Tech Alumni Award for Research Excellence in 2018, the highest university-level faculty research award. She received the INFOCOM Test-of-Time paper award in 2020. She is the TPC chair for IEEE INFOCOM 2019 and ACM WiSec 2020. She was the Steering Committee Chair for IEEE CNS conference from 2013 to 2020. She is currently the vice chair of IEEE INFOCOM and a steering committee member of IEEE CNS. She served as a program director at the US National Science Foundation (NSF) from 2014 to 2017.
Abstract
The current success of machine learning has largely depended on centralized learning, which pools data from multiple sources to a central location. This presents significant challenges in domains like healthcare where patient data is often siloed across multiple institutions, and strict privacy regulations prevent centralized data sharing. Federated learning, a distributed learning paradigm allowing institutions to collaboratively train models without moving data across institutional boundaries, is thus highly advantageous due to its ability to maintain data locality and address legal and ethical barriers to data sharing. However, recent research has shown that federated learning is susceptible to privacy attacks, such as data reconstruction and membership inference, where sensitive information can be inferred from model updates.
In this talk, we will explore privacy challenges in federated learning by introducing a sophisticated model inversion attack called scale-MIA. This attack efficiently reconstructs clients’ training samples from aggregated model updates in federated learning and undermines the effectiveness of secure aggregation protocols. We will also discuss the impact of such attacks and explore emerging solutions to enhance privacy in federated learning systems.
Keynote Lecture
Awais Rashid
University of Bristol
United Kingdom
Brief Bio
Awais Rashid is Professor of Cyber Security at University of Bristol where he heads the Cyber Security Group. He is editor-in-chief and principal investigator for CyBOK. He is also Director of the EPSRC Centre for Doctoral Training in Trust, Identity, Privacy and Security in Large-Scale Infrastructures and Director of the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN). His research interests are in security of cyber-physical systems, software security and human factors. He leads projects as part of the UK Research Institute on Trustworthy Interconnected Cyber-Physical Systems (RITICS), UK Research Institute on Sociotechnical Cyber Security (RISCS), the Digital Security by Design Hub+ (Discribe) and the PETRAS National Centre of Excellence in Cyber Security of IoT.
Keynote Lecture
Ahmad-Reza Sadeghi
Technical University of Darmstadt
Germany
![]()
Brief Bio
Ahmad-Reza Sadeghi is a Full Professor of Computer Science at the Technical University of Darmstadt, Germany, where he heads the System Security Lab. Since 2012 Prof. Sadeghi has established a long-term cooperation with Intel. It has already emerged in several Collaborative Research Centers on various topics, such as Secure Computing in Mobile and Embedded Systems, Autonomous and Resilient Systems, and Private AI. Moreover, he also established the Open Lab for Sustainable Security and Safety (OpenS3 Lab) with Huawei in 2019.
He received his Ph.D. in Computer Science with a focus on Cryptography from the University of Saarland, Germany. Before academia, he worked for several years in the Research and Development of the Telecommunications industry, amongst others, Ericsson. He has been leading and involved in many national and international research and development projects in the design and implementation of Trustworthy Computing Platforms, Hardware-assisted Security, IoT Security and Privacy, Applied Cryptography, and Trustworthy AI.
Prof. Sadeghi has been serving as General or Program Chair and Program Committee member of major Information Security and Privacy and Design and Automation venues, such as ACM CCS, IEEE Security & Privacy, NDSS, USENIX Security, DAC, DATE, and ICCAD. He was Editor-In-Chief of IEEE Security and Privacy Magazine. Ahmad served on several editorial boards, such as ACM Transactions on Information & System Security (TISSEC), as Guest editor of the IEEE TCAD, ACM Books, and ACM DIOT. He is on the editorial board of ACM TODAES and ACM DTRAP.
In 2008 Prof. Sadeghi was awarded the renowned German prize “Karl Heinz Beckurts” for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with a high impact on industrial innovations in Germany.
In 2010 his group received the German IT Security Competition Award.
In 2018 he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and pioneering contributions in content protection, mobile security, and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit, and Control.
In 2021 he was honored with the Intel Academic Leadership Award at USENIX Security for his influential research in information and computer security, particularly hardware-assisted security.
In 2022 he received the prestigious European Research Council (ERC) Advanced Grant.