Evaluating differential privacy on language processing federated learning

Bachelor thesis (2024)

Authors

Q.M.F. Van Opstal Electrical Engineering, Mathematics and Computer Science

Contributors

J. Huang Data-Intensive Systems - EEMCS (supervisor 1)
Lydia Y. Chen Data-Intensive Systems - EEMCS (supervisor 1)
Marco Zuniga Networked Systems - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2024 Quinten Van Opstal
More Info
expand_more

Published Date

02-02-2024

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Federated learning provides a lot of opportunities, especially with the built-in privacy considerations. There is however one attack that might compromise the utility of federated learning: backdoor attacks [14]. There are already some existing defenses, like flame [13] but they are computationally expensive [14]. This paper evaluates a version of differential privacy, where the Gaussian noise added to the aggravated model of the clipped updates is smaller than usually. This is often referred to as weak differential privacy or weakDP. This paper evaluates weakDP with different parameters to find if weakDP can be used as a defense for a language processing federated learning classifier against a backdoor attack.