Table of Contents
Fetching ...

Securing Genomic Data Against Inference Attacks in Federated Learning Environments

Chetan Pathade, Shubham Patil

TL;DR

This work assesses privacy risks in federated learning applied to genomic data by simulating a 20,000-sample SNP dataset and evaluating three inference attacks: Membership Inference Attack, Gradient-Based MIA, and Label Inference Attack. Gradient-Based MIA achieves an F1-score of $0.87$ and precision of $0.79$, while standard MIA and LIA show nontrivial leakage (F1 around $0.62$ and $0.524$, respectively), demonstrating that model updates even without raw data sharing reveal private information. The results highlight that FL alone is insufficient for protecting genomic privacy and that high-dimensional SNP data amplify leakage through gradients and confidences. The authors propose a layered defense strategy—including differential privacy, secure aggregation, gradient obfuscation, and adversarial training—and advocate for developing privacy-preserving genomic FL with rigorous evaluation pipelines.

Abstract

Federated Learning (FL) offers a promising framework for collaboratively training machine learning models across decentralized genomic datasets without direct data sharing. While this approach preserves data locality, it remains susceptible to sophisticated inference attacks that can compromise individual privacy. In this study, we simulate a federated learning setup using synthetic genomic data and assess its vulnerability to three key attack vectors: Membership Inference Attack (MIA), Gradient-Based Membership Inference Attack, and Label Inference Attack (LIA). Our experiments reveal that Gradient-Based MIA achieves the highest effectiveness, with a precision of 0.79 and F1-score of 0.87, underscoring the risk posed by gradient exposure in federated updates. Additionally, we visualize comparative attack performance through radar plots and quantify model leakage across clients. The findings emphasize the inadequacy of naïve FL setups in safeguarding genomic privacy and motivate the development of more robust privacy-preserving mechanisms tailored to the unique sensitivity of genomic data.

Securing Genomic Data Against Inference Attacks in Federated Learning Environments

TL;DR

This work assesses privacy risks in federated learning applied to genomic data by simulating a 20,000-sample SNP dataset and evaluating three inference attacks: Membership Inference Attack, Gradient-Based MIA, and Label Inference Attack. Gradient-Based MIA achieves an F1-score of and precision of , while standard MIA and LIA show nontrivial leakage (F1 around and , respectively), demonstrating that model updates even without raw data sharing reveal private information. The results highlight that FL alone is insufficient for protecting genomic privacy and that high-dimensional SNP data amplify leakage through gradients and confidences. The authors propose a layered defense strategy—including differential privacy, secure aggregation, gradient obfuscation, and adversarial training—and advocate for developing privacy-preserving genomic FL with rigorous evaluation pipelines.

Abstract

Federated Learning (FL) offers a promising framework for collaboratively training machine learning models across decentralized genomic datasets without direct data sharing. While this approach preserves data locality, it remains susceptible to sophisticated inference attacks that can compromise individual privacy. In this study, we simulate a federated learning setup using synthetic genomic data and assess its vulnerability to three key attack vectors: Membership Inference Attack (MIA), Gradient-Based Membership Inference Attack, and Label Inference Attack (LIA). Our experiments reveal that Gradient-Based MIA achieves the highest effectiveness, with a precision of 0.79 and F1-score of 0.87, underscoring the risk posed by gradient exposure in federated updates. Additionally, we visualize comparative attack performance through radar plots and quantify model leakage across clients. The findings emphasize the inadequacy of naïve FL setups in safeguarding genomic privacy and motivate the development of more robust privacy-preserving mechanisms tailored to the unique sensitivity of genomic data.
Paper Structure (17 sections, 4 figures)

This paper contains 17 sections, 4 figures.

Figures (4)

  • Figure 1: Gradient Norm Distribution For Membership Inference
  • Figure 2: PCA Scatter Plot of SNPs By Label
  • Figure 3: Top 10 SNP Correlations With Label
  • Figure 6: Attack Performance Comparison