Attacking Federated Time Series Forecasting Models

Meijer, C.J.

Attacking Federated Time Series Forecasting Models

Reconstructing Private Household Energy Data during Federated Learning with Gradient Inversion Attacks

Master thesis (2024)

Authors

C.J. Meijer Electrical Engineering, Mathematics and Computer Science

Contributors

Lydia Y. Chen Data-Intensive Systems - (mentor)

J. Huang Data-Intensive Systems - (mentor)

Faculty

Electrical Engineering, Mathematics and Computer Science, Electrical Engineering, Mathematics and Computer Science

Learning Forecasting Series Gradient Inversion Time Attack Federated

To reference this document use:

http://resolver.tudelft.nl/uuid:2737ad49-09d9-4f96-a8d4-661c9680504a

More Info

expand_more

Published Date

10-07-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Federated learning for time series forecasting enables clients with privacy-sensitive time series data to collaboratively learn accurate forecasting models, e.g., in energy load prediction.
Unfortunately, privacy risks in federated learning persist, as servers can potentially reconstruct clients' training data through gradient inversion attacks.
While gradient inversion attacks are demonstrated for image, text and tabular classification tasks, little is known for time series regression tasks.
In this paper, we first conduct an extensive empirical study on inverting time series data across 4 time series forecasting models and 4 datasets, identifying the unique challenges of reconstructing both observations and targets of time series data.
We then propose TS-Inverse, a novel gradient inversion attack that improves the inversion of time series data through (i) learning a gradient inversion model that outputs quantile predictions, (ii) a unique loss function incorporating periodicity and trend regularization, and (iii) regularization according to the quantile predictions. Our evaluations demonstrate a remarkable performance of TS-Inverse, achieving at least 2x-10x improvement in terms of sMAPE metric over existing gradient inversion attacks methods on time series data.

Files

Thesis_Document_Caspar_Meijer_... (pdf)

- Embargo expired in 20-12-2024

Unknown license