TY - GEN
T1 - An Interactive Framework for Implementing Privacy-Preserving Federated Learning
T2 - 46th IEEE Symposium on Security and Privacy Workshops, SPW 2025
AU - Ahmadi, Kasra
AU - Behnia, Rouzbeh
AU - Ebrahimi, Reza
AU - Kermani, Mehran Mozaffari
AU - Birrell, Jeremiah
AU - Pacheco, Jason
AU - Yavuz, Attila A.
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - Federated learning (FL) enhances privacy by keeping user data on local devices. However, emerging attacks have demonstrated that the updates shared by users during training can reveal significant information about their data. Differential Privacy (D P) is considered the gold standard for safeguarding user data. However, DP guarantees are highly conservative, providing worst-case privacy guarantees. This can result in overestimating privacy needs, which may compromise the model's accuracy. Additionally, interpretations of these privacy guarantees have proven to be challenging in different contexts. This is further exacerbated when other factors, such as the number of training iterations, data distribution, and specific application requirements, can add further complexity to this problem. In this work, we proposed a framework that inte-grates a human entity as a privacy practitioner to determine an optimal trade-off between the model's privacy and utility. Our framework is the first to address the variable memory requirement of existing DP methods in FL settings, where resource-limited devices (e.g., cell phones) can participate. To support such settings, we adopt a recent DP method with fixed memory usage to ensure scalable private FL. We evaluated our proposed framework by fine-tuning a BERT-based LLM model using the GLUE dataset (a common approach in literature), leveraging the new accountant, and employing diverse data partitioning strategies to mimic real-world conditions. As a result, we achieved stable memory usage, with an average accuracy reduction of 1.33% for ϵ= 10 and 1.9% for ϵ= 6, when compared to the state-of-the-art DP accountant which does not support fixed memory usage.
AB - Federated learning (FL) enhances privacy by keeping user data on local devices. However, emerging attacks have demonstrated that the updates shared by users during training can reveal significant information about their data. Differential Privacy (D P) is considered the gold standard for safeguarding user data. However, DP guarantees are highly conservative, providing worst-case privacy guarantees. This can result in overestimating privacy needs, which may compromise the model's accuracy. Additionally, interpretations of these privacy guarantees have proven to be challenging in different contexts. This is further exacerbated when other factors, such as the number of training iterations, data distribution, and specific application requirements, can add further complexity to this problem. In this work, we proposed a framework that inte-grates a human entity as a privacy practitioner to determine an optimal trade-off between the model's privacy and utility. Our framework is the first to address the variable memory requirement of existing DP methods in FL settings, where resource-limited devices (e.g., cell phones) can participate. To support such settings, we adopt a recent DP method with fixed memory usage to ensure scalable private FL. We evaluated our proposed framework by fine-tuning a BERT-based LLM model using the GLUE dataset (a common approach in literature), leveraging the new accountant, and employing diverse data partitioning strategies to mimic real-world conditions. As a result, we achieved stable memory usage, with an average accuracy reduction of 1.33% for ϵ= 10 and 1.9% for ϵ= 6, when compared to the state-of-the-art DP accountant which does not support fixed memory usage.
KW - Differential Privacy
KW - Federated Learning
KW - Fine-Tuning
KW - LLM
KW - Privacy Cost
UR - https://www.scopus.com/pages/publications/105010823374
UR - https://www.scopus.com/pages/publications/105010823374#tab=citedBy
U2 - 10.1109/SPW67851.2025.00035
DO - 10.1109/SPW67851.2025.00035
M3 - Conference contribution
AN - SCOPUS:105010823374
T3 - Proceedings - 46th IEEE Symposium on Security and Privacy Workshops, SPW 2025
SP - 251
EP - 259
BT - Proceedings - 46th IEEE Symposium on Security and Privacy Workshops, SPW 2025
A2 - Blanton, Marina
A2 - Enck, William
A2 - Nita-Rotaru, Cristina
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 12 May 2025 through 15 May 2025
ER -