Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FedSDP: Explainable Differential Privacy in Federated Learning via Shapley Values

Yunbo Li, Jiaping Gui, Yue Wu

TL;DR

FedSDP tackles privacy leakage in federated learning by tying noise injection to the contribution of private attributes in training. It introduces PE to compute private-data contributions using Shapley values and NI to adjust Gaussian noise per client based on a privacy contribution ratio, yielding interpretable and dynamic privacy protection. The paper provides a convergence analysis under standard assumptions and demonstrates, through extensive experiments, that FedSDP outperforms state-of-the-art DP defenses in accuracy while maintaining robust protection against private-data reconstruction attacks. This approach offers a practical, explainable mechanism for balancing privacy and model utility in real-world FL deployments.

Abstract

Federated learning (FL) enables participants to store data locally while collaborating in training, yet it remains vulnerable to privacy attacks, such as data reconstruction. Existing differential privacy (DP) technologies inject noise dynamically into the training process to mitigate the impact of excessive noise. However, this dynamic scheduling is often grounded in factors indirectly related to privacy, making it difficult to clearly explain the intricate relationship between dynamic noise adjustments and privacy requirements. To address this issue, we propose FedSDP, a novel and explainable DP-based privacy protection mechanism that guides noise injection based on privacy contribution. Specifically, FedSDP leverages Shapley values to assess the contribution of private attributes to local model training and dynamically adjusts the amount of noise injected accordingly. By providing theoretical insights into the injection of varying scales of noise into local training, FedSDP enhances interpretability. Extensive experiments demonstrate that FedSDP can achieve a superior balance between privacy preservation and model performance, surpassing state-of-the-art (SOTA) solutions.

FedSDP: Explainable Differential Privacy in Federated Learning via Shapley Values

TL;DR

FedSDP tackles privacy leakage in federated learning by tying noise injection to the contribution of private attributes in training. It introduces PE to compute private-data contributions using Shapley values and NI to adjust Gaussian noise per client based on a privacy contribution ratio, yielding interpretable and dynamic privacy protection. The paper provides a convergence analysis under standard assumptions and demonstrates, through extensive experiments, that FedSDP outperforms state-of-the-art DP defenses in accuracy while maintaining robust protection against private-data reconstruction attacks. This approach offers a practical, explainable mechanism for balancing privacy and model utility in real-world FL deployments.

Abstract

Federated learning (FL) enables participants to store data locally while collaborating in training, yet it remains vulnerable to privacy attacks, such as data reconstruction. Existing differential privacy (DP) technologies inject noise dynamically into the training process to mitigate the impact of excessive noise. However, this dynamic scheduling is often grounded in factors indirectly related to privacy, making it difficult to clearly explain the intricate relationship between dynamic noise adjustments and privacy requirements. To address this issue, we propose FedSDP, a novel and explainable DP-based privacy protection mechanism that guides noise injection based on privacy contribution. Specifically, FedSDP leverages Shapley values to assess the contribution of private attributes to local model training and dynamically adjusts the amount of noise injected accordingly. By providing theoretical insights into the injection of varying scales of noise into local training, FedSDP enhances interpretability. Extensive experiments demonstrate that FedSDP can achieve a superior balance between privacy preservation and model performance, surpassing state-of-the-art (SOTA) solutions.

Paper Structure

This paper contains 13 sections, 7 equations, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background and Problem Formulation
  3. Federated Learning
  4. Threat Model
  5. Methodology
  6. System Overview
  7. Convergence Analysis
  8. Evaluation
  9. Experimental Setup
  10. Experiment Results
  11. Performance Comparison
  12. Defense Performance
  13. Summary

Figures (4)

  • Figure 1: A visual representation of the varying privacy contribution rates among clients, where ResNet-18 is trained on CIFAR-10 without any privacy protection mechanisms applied.
  • Figure 2: Schematic overview of FedSDP.
  • Figure 3: The amount of injected noise during training under a privacy budget of 0.2.
  • Figure 4: The defensive capabilities of different privacy defense strategies against private data reconstruction attacks, where each label column represents an independent experiment. The images in the first row represent the private labels.