作者：Cheng Gu, Lei Shi, Binbin Liu, Hailong Tang, Juan Xu

发表刊物：WASA 2025

年份：June 2025

摘要：Clustered Federated Learning (CFL) effectively addresses the challenge of data heterogeneity in Federated Learning (FL), where clients often hold Non-IID (Non-Independent and Non-Identically Distributed) data, typically limited to a few categories. However, the updates of the cluster models in CFL inadvertently expose additional information, rendering it vulnerable to Category Inference Attack (CIA), where the attacker exploits this exposure to infer sensitive category information from these updates. In our experiments on the image classification datasets, the attacker consistently achieves the F1-score exceeding 90%across various scenarios, highlighting CFL’s vulnerability to CIA and the urgent need for robust privacy protections. To defend against this attack, we propose an adaptive local differential privacy (LDP) strategy for CFL, named AFC-CFL (Adaptive Fisher Information and Dynamic Clipping Threshold in CFL). AFC-CFL adopts adaptive Fisher information to adjust the privacy budget and dynamically modifies the clipping threshold during model training, mitigating the noise’s effect on model performance while ensuring strong privacy protection. Experiments demonstrate that AFC-CFL significantly reduces the impact of noise on model accuracy, achieving a maximum accuracy improvement of 32.8%compared to common LDP method. Additionally, AFC-CFL reduces the attacker’s F1-score by up to 24.3%, achieving a superior trade-off between model performance and privacy protection, making it highly suitable for deployment in privacy-sensitive CFL scenarios.

参考文献拷贝字段：Cheng Gu, Lei Shi, Binbin Liu, Hailong Tang, Juan Xu. Adaptive Privacy Defense Against Category Inference Attack in Clustered Federated Learning: Balancing Security and Model Performance [C]. The 19th International Conference on Wireless Artificial Intelligent Computing Systems and Applications (WASA), Tokyo, Japan, June 24-26, 2025: 245-255