Keynote Lectures
Rethinking Privacy Protection in Federated Learning in the Face of Model Inversion Attacks
Wenjing Lou, Virginia Tech, United States
Keynote Lecture
Awais Rashid, University of Bristol, United Kingdom
Keynote Lecture
Ahmad-Reza Sadeghi, Technical University of Darmstadt, Germany
Rethinking Privacy Protection in Federated Learning in the Face of Model Inversion Attacks
Wenjing Lou
Virginia Tech
United States
![]()
Brief Bio
Wenjing Lou is the W. C. English Endowed Professor of Computer Science at Virginia Tech and a Fellow of the IEEE and ACM. Her research interests cover many topics in the cybersecurity field, with her current research interest focusing on security and privacy problems in wireless networks, blockchain, trustworthy machine learning, and Internet of Things (IoT) systems. Prof. Lou is a highly cited researcher by the Web of Science Group. She received the Virginia Tech Alumni Award for Research Excellence in 2018, the highest university-level faculty research award. She received the INFOCOM Test-of-Time paper award in 2020. She is the TPC chair for IEEE INFOCOM 2019 and ACM WiSec 2020. She was the Steering Committee Chair for IEEE CNS conference from 2013 to 2020. She is currently the vice chair of IEEE INFOCOM and a steering committee member of IEEE CNS. She served as a program director at the US National Science Foundation (NSF) from 2014 to 2017.
Abstract
The current success of machine learning has largely depended on centralized learning, which pools data from multiple sources to a central location. This presents significant challenges in domains like healthcare where patient data is often siloed across multiple institutions, and strict privacy regulations prevent centralized data sharing. Federated learning, a distributed learning paradigm allowing institutions to collaboratively train models without moving data across institutional boundaries, is thus highly advantageous due to its ability to maintain data locality and address legal and ethical barriers to data sharing. However, recent research has shown that federated learning is susceptible to privacy attacks, such as data reconstruction and membership inference, where sensitive information can be inferred from model updates.
In this talk, we will explore privacy challenges in federated learning by introducing a sophisticated model inversion attack called scale-MIA. This attack efficiently reconstructs clients’ training samples from aggregated model updates in federated learning and undermines the effectiveness of secure aggregation protocols. We will also discuss the impact of such attacks and explore emerging solutions to enhance privacy in federated learning systems.
Keynote Lecture
Awais Rashid
University of Bristol
United Kingdom
Brief Bio
Awais Rashid is Professor of Cyber Security at University of Bristol where he heads the Cyber Security Group. He is editor-in-chief and principal investigator for CyBOK. He is also Director of the EPSRC Centre for Doctoral Training in Trust, Identity, Privacy and Security in Large-Scale Infrastructures and Director of the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online (REPHRAIN). His research interests are in security of cyber-physical systems, software security and human factors. He leads projects as part of the UK Research Institute on Trustworthy Interconnected Cyber-Physical Systems (RITICS), UK Research Institute on Sociotechnical Cyber Security (RISCS), the Digital Security by Design Hub+ (Discribe) and the PETRAS National Centre of Excellence in Cyber Security of IoT.
Keynote Lecture
Ahmad-Reza Sadeghi
Technical University of Darmstadt
Germany
Brief Bio
Available soon.