Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Client-Level Differential Privacy via Adaptive Intermediary in Federated Medical Imaging

Meirui Jiang, Yuan Zhong, Anjie Le, Xiaoxiao Li, Qi Dou

TL;DR

This work tackles the challenging privacy-utility trade-off in cross-silo federated learning for medical imaging under client-level differential privacy, where few hospitals impose heavy DP noise that can degrade performance. It introduces an adaptive intermediary strategy that splits each hospital into multiple sub-clients, increasing the effective number of updates and balancing noise reduction with training diversity; a pivotal concept is the intermediary ratio $\\lambda = \\xi/\\varphi$, guiding the optimal number of intermediaries via $v = \\sqrt{N\\xi/\\varphi}$ with a target near $1/N$. The authors provide feasibility proofs that DP guarantees are preserved under intermediary division and connect sample-level DP accumulation to client-level DP, including how noise scales over training rounds. Empirically, the method yields substantial improvements over several private server optimizers on intracranial hemorrhage classification and prostate MRI segmentation, particularly under stringent privacy budgets, and demonstrates robustness to varying client counts. The approach is lightweight, compatible with existing DP techniques, and offers practical benefits for privacy-preserving FL in real-world medical imaging deployments.

Abstract

Despite recent progress in enhancing the privacy of federated learning (FL) via differential privacy (DP), the trade-off of DP between privacy protection and performance is still underexplored for real-world medical scenario. In this paper, we propose to optimize the trade-off under the context of client-level DP, which focuses on privacy during communications. However, FL for medical imaging involves typically much fewer participants (hospitals) than other domains (e.g., mobile devices), thus ensuring clients be differentially private is much more challenging. To tackle this problem, we propose an adaptive intermediary strategy to improve performance without harming privacy. Specifically, we theoretically find splitting clients into sub-clients, which serve as intermediaries between hospitals and the server, can mitigate the noises introduced by DP without harming privacy. Our proposed approach is empirically evaluated on both classification and segmentation tasks using two public datasets, and its effectiveness is demonstrated with significant performance improvements and comprehensive analytical studies. Code is available at: https://github.com/med-air/Client-DP-FL.

Client-Level Differential Privacy via Adaptive Intermediary in Federated Medical Imaging

TL;DR

This work tackles the challenging privacy-utility trade-off in cross-silo federated learning for medical imaging under client-level differential privacy, where few hospitals impose heavy DP noise that can degrade performance. It introduces an adaptive intermediary strategy that splits each hospital into multiple sub-clients, increasing the effective number of updates and balancing noise reduction with training diversity; a pivotal concept is the intermediary ratio , guiding the optimal number of intermediaries via with a target near . The authors provide feasibility proofs that DP guarantees are preserved under intermediary division and connect sample-level DP accumulation to client-level DP, including how noise scales over training rounds. Empirically, the method yields substantial improvements over several private server optimizers on intracranial hemorrhage classification and prostate MRI segmentation, particularly under stringent privacy budgets, and demonstrates robustness to varying client counts. The approach is lightweight, compatible with existing DP techniques, and offers practical benefits for privacy-preserving FL in real-world medical imaging deployments.

Abstract

Despite recent progress in enhancing the privacy of federated learning (FL) via differential privacy (DP), the trade-off of DP between privacy protection and performance is still underexplored for real-world medical scenario. In this paper, we propose to optimize the trade-off under the context of client-level DP, which focuses on privacy during communications. However, FL for medical imaging involves typically much fewer participants (hospitals) than other domains (e.g., mobile devices), thus ensuring clients be differentially private is much more challenging. To tackle this problem, we propose an adaptive intermediary strategy to improve performance without harming privacy. Specifically, we theoretically find splitting clients into sub-clients, which serve as intermediaries between hospitals and the server, can mitigate the noises introduced by DP without harming privacy. Our proposed approach is empirically evaluated on both classification and segmentation tasks using two public datasets, and its effectiveness is demonstrated with significant performance improvements and comprehensive analytical studies. Code is available at: https://github.com/med-air/Client-DP-FL.
Paper Structure (24 sections, 9 theorems, 21 equations, 2 figures, 6 tables, 1 algorithm)

This paper contains 24 sections, 9 theorems, 21 equations, 2 figures, 6 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Method
  3. Preliminaries
  4. Adaptive Intermediary for Improving Client-Level DP
  5. Feasibility.
  6. Privacy-performance trade-off analysis.
  7. Cumulation of Sample-Level DP to Client-Level
  8. Experiment
  9. Experimental Setup
  10. Empirical Evaluation
  11. Analytical Studies
  12. Conclusion
  13. Notation Table
  14. On client and sub-client level privacy
  15. Relation between sample-level and client-level DP
  16. ...and 9 more sections

Key Result

theorem thmcountertheorem

If a randomized learning mechanism $\mathcal{M}:\mathcal{X}\rightarrow \mathcal{R}$ is $(\epsilon,\delta)-DP$, then its induced mechanism $\Tilde{\mathcal{M}}:\mathcal{Y}\rightarrow \mathcal{R}$ is also $(\epsilon,\delta)$-DP.

Figures (2)

  • Figure 1: (a) Overview of our intermediary strategy, which protects participating hospitals with superior privacy-performance trade-offs. The server aggregates local models from non-overlapping intermediaries with DP guarantees. (b) Continuously splitting intermediaries may not continuously improve performance, as it reduces gradient noises in a reciprocal manner, but also increases gradient diversity or heterogeneity linearly.
  • Figure 2: Analytical studies on prostate segmentation. (a) The distribution of normalized ratio $\lambda$ across communication rounds under different privacy levels. (b) The std of cosine similarities between $\Delta_i$ and the aggregated gradients in each round under different privacy levels. (c) Performance with different client numbers. (d) Intermediary variations across training rounds under different privacy regimes.

Theorems & Definitions (18)

  • definition thmcounterdefinition
  • theorem thmcountertheorem
  • definition B.1
  • definition B.2
  • definition B.3
  • theorem B.1
  • proof
  • theorem B.2
  • proof
  • theorem B.3
  • ...and 8 more