FedEM: A Privacy-Preserving Framework for Concurrent Utility Preservation in Federated Learning
Mingcong Xu, Xiaojin Zhang, Wei Chen, Hai Jin
TL;DR
FedEM targets gradient leakage in Federated Learning by introducing controlled local data perturbations within bounds, reformulating the FL objective as a constrained minimax-like problem to reduce information leakage. The method updates perturbations $\delta_k$ at the client level while maintaining model utility, solving $\min_{\theta}\min_{\delta_k} \sum_{k=1}^K \frac{m_k}{m} \mathbb{E}_{(x_k,y_k) \sim T_k}[ L( f_\theta( t(x_k + \delta_k) ), y_k) ]$ with $\rho_u^{\min} \leq ||\delta_k|| \leq \rho_u^{\max}$. Empirical results on MNIST, Fashion-MNIST, and CIFAR-10 show FedEM outperforms local DP methods in privacy protection for similar utility and exhibits a favorable privacy-utility balance under varying perturbation settings and iterations. The work advances practical privacy improvements for FL, with potential extensions to combine FedEM with encryption-based techniques and to apply it to real-world, sensitive domains like healthcare and finance.
Abstract
Federated Learning (FL) enables collaborative training of models across distributed clients without sharing local data, addressing privacy concerns in decentralized systems. However, the gradient-sharing process exposes private data to potential leakage, compromising FL's privacy guarantees in real-world applications. To address this issue, we propose Federated Error Minimization (FedEM), a novel algorithm that incorporates controlled perturbations through adaptive noise injection. This mechanism effectively mitigates gradient leakage attacks while maintaining model performance. Experimental results on benchmark datasets demonstrate that FedEM significantly reduces privacy risks and preserves model accuracy, achieving a robust balance between privacy protection and utility preservation.