On Model Protection in Federated Learning against Eavesdropping Attacks

-- In this study, we investigate the protection offered by Federated Learning algorithms against eavesdropping adversaries. In our model, the adversary is capable of intercepting model updates transmitted from clients to the server, enabling it to create its own estimate of the model. Unlike previous research, which predominantly focuses on safeguarding client data, our work shifts attention to protecting the client model itself. Through a theoretical analysis, we examine how various factors--such as the probability of client selection, the structure of local objective functions, global aggregation at the server, and the eavesdropper's capabilities--impact the overall level of protection. We further validate our findings through numerical experiments, assessing the protection by evaluating the model accuracy achieved by the adversary. Finally, we compare our results with methods based on differential privacy, underscoring their limitations in this specific context. Traditionally, deep learning techniques require centralized data collection and processing that may be infeasible in collaborative scenarios, such as healthcare, credit scoring, vehicle fleet learning, internet-of-things, e-commerce, and natural language processing, due to the high scalability of modern networks, growing sensitive data privacy concerns, and legal regulations such as GDPR [1]-[3]. In these domains, data is often distributed among multiple parties of interest, with no single trusted authority. Federated Learning (FL) has emerged as a distributed collaborative learning paradigm, which allows coordination among multiple clients to perform training without sharing raw data. Instead, they participate in the learning process by training models locally and sharing only the model parameters with a central server. This server aggregates the updates and redistributes the improved model to all participants [4], [5]. Based on the distribution/partition of data among the clients, FL can be classified into horizontal (HFL), vertical (VFL), and transfer (TFL) federated learning [1], [6].