Academic Journal
Unveiling Client Privacy Leakage from Public Dataset Usage in Federated Distillation
| Title: | Unveiling Client Privacy Leakage from Public Dataset Usage in Federated Distillation |
|---|---|
| Authors: | Shi, Haonan, Ouyang, Tu, Wang, An |
| Source: | Proceedings on Privacy Enhancing Technologies. 2025:201-215 |
| Publication Status: | Preprint |
| Publisher Information: | Privacy Enhancing Technologies Symposium Advisory Board, 2025. |
| Publication Year: | 2025 |
| Subject Terms: | FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Cryptography and Security (cs.CR), Machine Learning (cs.LG) |
| Description: | Federated Distillation (FD) has emerged as a popular federated training framework, enabling clients to collaboratively train models without sharing private data. Public Dataset-Assisted Federated Distillation (PDA-FD), which leverages public datasets for knowledge sharing, has become widely adopted. Although PDA-FD enhances privacy compared to traditional Federated Learning, we demonstrate that the use of public datasets still poses significant privacy risks to clients' private training data. This paper presents the first comprehensive privacy analysis of PDA-FD in the presence of an honest-but-curious server. We show that the server can exploit clients' inference results on public datasets to extract two critical types of private information: label distributions and membership information of the private training dataset. To quantify these vulnerabilities, we introduce two novel attacks specifically designed for the PDA-FD setting: a label distribution inference attack and innovative membership inference methods based on Likelihood Ratio Attack (LiRA). Through extensive evaluation of three representative PDA-FD frameworks (FedMD, DS-FL, and Cronus), our attacks achieve state-of-the-art performance, with label distribution attacks reaching minimal KL-divergence and membership inference attacks maintaining high True Positive Rates under low False Positive Rate constraints. Our findings reveal significant privacy risks in current PDA-FD frameworks and emphasize the need for more robust privacy protection mechanisms in collaborative learning systems. |
| Document Type: | Article |
| ISSN: | 2299-0984 |
| DOI: | 10.56553/popets-2025-0127 |
| DOI: | 10.48550/arxiv.2502.08001 |
| Access URL: | http://arxiv.org/abs/2502.08001 |
| Rights: | CC BY arXiv Non-Exclusive Distribution |
| Accession Number: | edsair.doi.dedup.....7271012fa4685a717d4b7bffa332e3cd |
| Database: | OpenAIRE |
| ISSN: | 22990984 |
|---|---|
| DOI: | 10.56553/popets-2025-0127 |