Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Private Data Leakage in Federated Human Activity Recognition for Wearable Healthcare Devices

Kongyang Chen, Dongping Zhang, Sijia Guan, Bing Mi, Jiaxing Shen, Guoqing Wang

TL;DR

This paper addresses privacy leakage in Federated HAR for wearable devices by formalizing a curious-server Membership Inference Attack (MIA) that exploits inter-client HAR data heterogeneity. It introduces data sets $D_{member}$, $D_{nonmember}$, and $D_{mix}$ and trains an attack model on prediction vectors $\hat{p}(y|x)$ produced by client models, achieving up to $92\%$ accuracy across five HAR datasets. The study evaluates how defenses like $L_2$ regularization and Dropout affect attack success and finds limited mitigation, with defense efficacy being dataset- and model-dependent. Overall, the results reveal substantial privacy risks in federated HAR and provide a new perspective on safeguarding data in wearable-health FL systems.

Abstract

Wearable data serves various health monitoring purposes, such as determining activity states based on user behavior and providing tailored exercise recommendations. However, the individual data perception and computational capabilities of wearable devices are limited, often necessitating the joint training of models across multiple devices. Federated Human Activity Recognition (HAR) presents a viable research avenue, allowing for global model training without the need to upload users' local activity data. Nonetheless, recent studies have revealed significant privacy concerns persisting within federated learning frameworks. To address this gap, we focus on investigating privacy leakage issues within federated user behavior recognition modeling across multiple wearable devices. Our proposed system entails a federated learning architecture comprising $N$ wearable device users and a parameter server, which may exhibit curiosity in extracting sensitive user information from model parameters. Consequently, we consider a membership inference attack based on a malicious server, leveraging differences in model generalization across client data. Experimentation conducted on five publicly available HAR datasets demonstrates an accuracy rate of 92\% for malicious server-based membership inference. Our study provides preliminary evidence of substantial privacy risks associated with federated training across multiple wearable devices, offering a novel research perspective within this domain.

Private Data Leakage in Federated Human Activity Recognition for Wearable Healthcare Devices

TL;DR

This paper addresses privacy leakage in Federated HAR for wearable devices by formalizing a curious-server Membership Inference Attack (MIA) that exploits inter-client HAR data heterogeneity. It introduces data sets , , and and trains an attack model on prediction vectors produced by client models, achieving up to accuracy across five HAR datasets. The study evaluates how defenses like regularization and Dropout affect attack success and finds limited mitigation, with defense efficacy being dataset- and model-dependent. Overall, the results reveal substantial privacy risks in federated HAR and provide a new perspective on safeguarding data in wearable-health FL systems.

Abstract

Wearable data serves various health monitoring purposes, such as determining activity states based on user behavior and providing tailored exercise recommendations. However, the individual data perception and computational capabilities of wearable devices are limited, often necessitating the joint training of models across multiple devices. Federated Human Activity Recognition (HAR) presents a viable research avenue, allowing for global model training without the need to upload users' local activity data. Nonetheless, recent studies have revealed significant privacy concerns persisting within federated learning frameworks. To address this gap, we focus on investigating privacy leakage issues within federated user behavior recognition modeling across multiple wearable devices. Our proposed system entails a federated learning architecture comprising wearable device users and a parameter server, which may exhibit curiosity in extracting sensitive user information from model parameters. Consequently, we consider a membership inference attack based on a malicious server, leveraging differences in model generalization across client data. Experimentation conducted on five publicly available HAR datasets demonstrates an accuracy rate of 92\% for malicious server-based membership inference. Our study provides preliminary evidence of substantial privacy risks associated with federated training across multiple wearable devices, offering a novel research perspective within this domain.
Paper Structure (19 sections, 7 equations, 6 figures, 4 tables, 1 algorithm)

This paper contains 19 sections, 7 equations, 6 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Motivation
  3. Wearable Private Data Leakage in Federated Human Activity Recognition
  4. Federated HAR
  5. Wearable Private Data Leakage in Federated HAR
  6. Membership Inference Attacks for Private Data Leakage
  7. Experiment Results
  8. HAR datasets
  9. Experimental Settings
  10. HAR Model Performance
  11. Attack model performance
  12. UCI HAR
  13. WISDM
  14. HAR70+
  15. HARTH
  16. ...and 4 more sections

Figures (6)

  • Figure 1: The walking data of two subjects in the HARTH dataset.
  • Figure 2: The model trained from subject 1 in the HARTH dataset.
  • Figure 3: The general framework of data leakage in Federated HAR.
  • Figure 4: The process of the attacker training and utilizing the attack model to differentiate data after saving the uploaded model from the target client.
  • Figure 5: Average loss function curve of the 2$\times$ Conv model during training.
  • ...and 1 more figures