MASTER Assignment
Membership Inference Attacks on Federated Horizontal Gradient Boosted Decision Trees
Type : Master M-CS
Period: July, 2023 - Dec, 2023
Student : Meerhof, J.J. (Jaap, Student M-CS)
Date Final project: December 14, 2023
Supervisors:
Abstract:
Federated Learning is often presented as a privacy preserving measure, as the raw unprocessed data is not transferred to other parties. The privacy claims of Federated Learning have been called into question after successful privacy breaching attacks on the model or protocol. By attacking the model or entire federated protocol itself Membership Inference Attacks could retrieve if an individual was present in a dataset. These attacks are especially dangerous in the medical domain; where sensitive data require privacy guarantees. Attacking Federated Learning Gradient Boosted Decision Trees algorithms is a field mostly left unexplored, therefore this paper investigates the Horizontal Federated Learning protocol “FederBoost” with XGBoost's regularisation parameters. FederBoost is investigated by attacking with two different methods that use extra information acquired during the Federated Learning process. This is all done to asses to what extent Gradient Boosted Decision Trees preserve privacy when using Federated Learning with and without heavy encryption methods. One of the two methods that used the leaked federated information was successful and improved the accuracy of the Membership Inference Attack in certain conditions, thus showing the danger of sharing gradients and hessians during training.