Publications
My research titled, A Foundational Paradigm of Federated Learning Allowing a True Data Privacy Guarantee, aims to close the gaps and address current challenges within FL related to its promise of privacy-preservation and sustaining high model performance. Publications written to achieve this goal can be viewed in the "Research" tab below. Any book chapters or other publications are also listed in their respective tab below.
Research
Active Data Reconstruction Attacks in Vertical Federated Learning
Abstract: Vertical Federated Learning (VFL) stands out as a promising approach to safeguard privacy in collaborative machine learning, allowing multiple entities to jointly train models on vertically partitioned datasets without revealing private information. While recent years have seen substantial research on privacy vulnerabilities and defense strategies for VFL, the focus has primarily been on passive scenarios where attackers adhere to the protocol. This perspective undermines the practical threats since the attackers can deviate from the protocol to improve their inference capabilities. To address this gap, our study introduces two innovative data reconstruction attacks designed to compromise data privacy in an active setting. Essentially, both attacks modify the gradients computed during the training phase of VFL to breach privacy. Our first attack uses an Active Inversion Network exploiting a small portion of known data in the training set to coerce the passive participants into training an auto-encoder for the reconstruction of their private data. The second attack, Active Generative Network, utilizes the knowledge of the training data distribution to guide the system into training a conditional generative network (C-GAN) for feature inferences. Our experiments confirm the efficacy of both attacks in inferring private features from real-world datasets.
https://ieeexplore.ieee.org/abstract/document/10386594
Privacy Analysis of Federated Learning via Dishonest Servers
Abstract: Federated Learning (FL) has gained popularity for its ability to improve model training while protecting user privacy. However, recent studies have shown that FL can be vulnerable to active reconstruction attacks by dishonest servers. Specifically, a dishonest server can obtain users’ private data in numerous ways via gradient inversion based on the core neural network concept of neuron activation. Addressing this style of attack is imperative to preserve user privacy and remains a major challenge due to its sophisticated nature. In this paper, we examine various active reconstruction attacks by a dishonest server and provide comprehensive evaluations to demonstrate their effectiveness and practicality, highlighting the risks associated with FL systems.
https://ieeexplore.ieee.org/abstract/document/10132138
Blockchain-based Secure Client Selection in Federated Learning
Abstract: Despite the great potential of Federated Learning (FL) in large-scale distributed learning, the current system is still subject to several privacy issues due to the fact that local models trained by clients are exposed to the central server. Consequently, secure aggregation protocols for FL have been developed to conceal the local models from the server. However, we show that, by manipulating the client selection process, the server can circumvent the secure aggregation to learn the local models of a victim client, indicating that secure aggregation alone is inadequate for privacy protection. To tackle this issue, we leverage blockchain technology to propose a verifiable client selection protocol. Owing to the immutability and transparency of blockchain, our proposed protocol enforces a random selection of clients, making the server unable to control the selection process at its discretion. We present security proofs showing that our protocol is secure against this attack. Additionally, we conduct several experiments on an Ethereum-like blockchain to demonstrate the feasibility and practicality of our solution.
Book Chapters
Detection of Fake News Through Heterogeneous Graph Interactions
Abstract: Fake news is one of the most prominent forms of disinformation. Unfortunately, today’s advanced social media platforms allow for the rapid transmission of fake news, which may negatively impact several aspects of human society. Despite the significant progress in detecting fake news, the focus of most current work lies in the detection based on content-based or user context-based methods. We believe that such methods suffer from two limitations: the lack of characterizing the news variation (fake news can appear in different forms via tweets, such as writing different tweets about the same news article) and news repetition (fake news is shared repeatedly via retweets); and the absence of the temporal engagement among different social interactions. Thus, we propose a novel detection framework, namely the Temporal graph Fake News Detection Framework (T-FND), that is effectively able to capture heterogeneous and repetitive characteristics of fake news behavior, resulting in better prediction performance. We empirically evaluate the effectiveness of our model on two real-world datasets, showing that our solution outperforms the state-of-the-art baseline methods.
https://link.springer.com/chapter/10.1007/978-3-031-37765-5_1
Advances in Blockchain Security
Abstract: Blockchain, the technology that underpins the great success of Bitcoin and various other cryptocurrencies, has incredibly emerged as a trending research topic in both academic institutes and industries associations in recent years. With great potential and benefits, the blockchain technology can stimulate a new decentralized platform for various applications such that the possibility of censorship, monopoly, and single point of failures can be eliminated. However, the blockchain is still in its early stage and not yet ready to realize that vision, since there are many security vulnerabilities that can be exploited to obstruct blockchain systems. In this chapter, we present fundamental challenges and recent advancements in the blockchain technology, especially in terms of security. In particular, we investigate the security threats of blockchain, effectively capturing the recent attacks, and review the security enhancement solutions for blockchain.
https://link.springer.com/chapter/10.1007/978-3-031-07535-3_11
Other
SpackNVD: A Vulnerability Audit Tool for Spack Packages
Abstract: Security models for Linux distro package security and interoperability have traditionally emphasized the use of more recent (more secure) versions at the occasional expense of execution reproducibility. A complementary approach (e.g., Lmod) allows access to multiple sysadmin-approved package versions. Another approach (e.g., Spack) enables a purely user space process for package selection without system administrator oversight. While maximizing reproducibility, there is no user feedback regarding potential security vulnerabilities. We introduce a general security model for package management and our implementation of SpackNVD, a security auditing tool for Spack. Users may query reported vulnerabilities for specific package versions and can prevent installation where the severity score exceeds a threshold. We emphasize this is a tool, not a solution: Spack users are not expected to be security professionals. However, this information may influence Spack concretizer decisions, and enable users to ask support staff about whether specific package versions are appropriate for use.