{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T05:59:40Z","timestamp":1760162380590,"version":"build-2065373602"},"reference-count":49,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T00:00:00Z","timestamp":1734480000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the Key Research and Development Program of Hubei Province","award":["2022BAA038","2023BAB074","2024BAB031","2022010702040061"],"award-info":[{"award-number":["2022BAA038","2023BAB074","2024BAB031","2022010702040061"]}]},{"name":"the special fund for Wuhan Artificial Intelligence Innovation","award":["2022BAA038","2023BAB074","2024BAB031","2022010702040061"],"award-info":[{"award-number":["2022BAA038","2023BAB074","2024BAB031","2022010702040061"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>In recent years, federated learning (FL) has gained significant attention for its ability to protect data privacy during distributed training. However, it also introduces new privacy leakage risks. Membership inference attacks (MIAs), which aim to determine whether a specific sample is part of the training dataset, pose a significant threat to federated learning. Existing research on membership inference attacks in federated learning has primarily focused on leveraging intrinsic model parameters or manipulating the training process. However, the widespread adoption of privacy-preserving frameworks in federated learning has significantly diminished the effectiveness of traditional attack methods. To overcome this limitation, this paper aims to explore an efficient Membership Inference Attack algorithm tailored for encrypted federated learning scenarios, providing new perspectives for optimizing privacy-preserving technologies. Specifically, this paper proposes a novel Membership Inference Attack algorithm based on multiple adversarial perturbation distances (MAPD_MIA) by leveraging the asymmetry in adversarial perturbation distributions near decision boundaries between member and non-member samples. By analyzing these asymmetric perturbation characteristics, the algorithm achieves accurate membership identification. Experimental results demonstrate that the proposed algorithm achieves accuracy rates of 63.0%, 68.7%, and 59.5%, and precision rates of 59.0%, 65.9%, and 55.8% on CIFAR10, CIFAR100, and MNIST datasets, respectively, outperforming three mainstream Membership Inference Attack methods. Furthermore, the algorithm exhibits robust attack performance against two common defense mechanisms, MemGuard and DP-SGD. This study provides new benchmarks and methodologies for evaluating membership privacy leakage risks in federated learning scenarios.<\/jats:p>","DOI":"10.3390\/sym16121677","type":"journal-article","created":{"date-parts":[[2024,12,18]],"date-time":"2024-12-18T08:56:32Z","timestamp":1734512192000},"page":"1677","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Leveraging Multiple Adversarial Perturbation Distances for Enhanced Membership Inference Attack in Federated Learning"],"prefix":"10.3390","volume":"16","author":[{"given":"Fan","family":"Xia","sequence":"first","affiliation":[{"name":"State Grid Hubei Information & Telecommunication Company, Wuhan 430048, China"}]},{"given":"Yuhao","family":"Liu","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Smart Internet Technology, School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan 430074, China"}]},{"given":"Bo","family":"Jin","sequence":"additional","affiliation":[{"name":"State Grid Hubei Information & Telecommunication Company, Wuhan 430048, China"}]},{"given":"Zheng","family":"Yu","sequence":"additional","affiliation":[{"name":"State Grid Hubei Information & Telecommunication Company, Wuhan 430048, China"}]},{"given":"Xingwei","family":"Cai","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Smart Internet Technology, School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan 430074, China"}]},{"given":"Hao","family":"Li","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Smart Internet Technology, School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan 430074, China"}]},{"given":"Zhiyong","family":"Zha","sequence":"additional","affiliation":[{"name":"State Grid Hubei Information & Telecommunication Company, Wuhan 430048, China"}]},{"given":"Dai","family":"Hou","sequence":"additional","affiliation":[{"name":"State Grid Hubei Information & Telecommunication Company, Wuhan 430048, China"}]},{"given":"Kai","family":"Peng","sequence":"additional","affiliation":[{"name":"Hubei Key Laboratory of Smart Internet Technology, School of Electronic Information and Communications, Huazhong University of Science and Technology, Wuhan 430074, China"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"181721","DOI":"10.1109\/ACCESS.2019.2958962","article-title":"A survey on deep learning empowered IoT applications","volume":"7","author":"Ma","year":"2019","journal-title":"IEEE Access"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"77725","DOI":"10.1109\/ACCESS.2018.2883953","article-title":"Tree-based contextual learning for online job or candidate recommendation with big data support in professional social networks","volume":"6","author":"Chen","year":"2018","journal-title":"IEEE Access"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"6024","DOI":"10.1109\/TNSE.2024.3436616","article-title":"Delay-Aware Optimization of Fine-Grained Microservice Deployment and Routing in Edge via Reinforcement Learning","volume":"11","author":"Peng","year":"2024","journal-title":"IEEE Trans. Netw. Sci. Eng."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"106854","DOI":"10.1016\/j.cie.2020.106854","article-title":"A review of applications in federated learning","volume":"149","author":"Li","year":"2020","journal-title":"Comput. Ind. Eng."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"7450","DOI":"10.1109\/JIOT.2019.2903341","article-title":"Privacy-preserving and residential context-aware online learning for IoT-enabled energy saving with big data support in smart home environment","volume":"6","author":"Zhou","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"12758","DOI":"10.1109\/TII.2024.3424347","article-title":"Collaborative Deployment and Routing of Industrial Microservices in Smart Factories","volume":"20","author":"Hu","year":"2024","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"2067","DOI":"10.1109\/TMC.2020.2970902","article-title":"SST: Software sonic thermometer on acoustic-enabled IoT devices","volume":"20","author":"Cai","year":"2020","journal-title":"IEEE Trans. Mob. Comput."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"2994","DOI":"10.1109\/TPDS.2023.3311767","article-title":"Joint Deployment and Request Routing for Microservice Call Graphs in Data Centers","volume":"34","author":"Hu","year":"2023","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"1781","DOI":"10.1109\/JIOT.2018.2878602","article-title":"Joint routing and scheduling for vehicle-assisted multidrone surveillance","volume":"6","author":"Hu","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"5297","DOI":"10.1109\/JIOT.2019.2900524","article-title":"Self-deployable indoor localization with acoustic-enabled IoT devices exploiting participatory sensing","volume":"6","author":"Cai","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"1817","DOI":"10.1109\/TII.2014.2327389","article-title":"Holistic scheduling of real-time applications in time-triggered in-vehicle networks","volume":"10","author":"Hu","year":"2014","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"9312","DOI":"10.1109\/JIOT.2023.3323704","article-title":"Multi-Drone Parcel Delivery via Public Vehicles: A Joint Optimization Approach","volume":"11","author":"Deng","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"10483","DOI":"10.1109\/JIOT.2019.2939397","article-title":"Routing and scheduling for hybrid truck-drone collaborative parcel delivery with independent and truck-carried drones","volume":"6","author":"Wang","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"1016","DOI":"10.1109\/TSC.2024.3349408","article-title":"Joint Optimization of Service Deployment and Request Routing for Microservices in Mobile Edge Computing","volume":"17","author":"Peng","year":"2024","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Hu, M., Wang, H., Xu, X., He, J., Hu, Y., Deng, T., and Peng, K. (2024). Joint Optimization of Microservice Deployment and Routing in Edge via Multi-Objective Deep Reinforcement Learning. IEEE Trans. Netw. Serv. Manag., Early Access.","DOI":"10.1109\/TNSM.2024.3443872"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"619","DOI":"10.1016\/j.future.2020.10.007","article-title":"A survey on security and privacy of federated learning","volume":"115","author":"Mothukuri","year":"2021","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3523273","article-title":"Membership Inference Attacks on Machine Learning: A Survey","volume":"54","author":"Hu","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Ouyang, K., Yu, J., Cao, X., and Liao, Z. (2023). Towards Reliable Federated Learning Using Blockchain-Based Reverse Auctions and Reputation Incentives. Symmetry, 15.","DOI":"10.3390\/sym15122179"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Chen, L., Liu, X., Wang, A., Zhai, W., and Cheng, X. (2024). FLSAD: Defending Backdoor Attacks in Federated Learning via Self-Attention Distillation. Symmetry, 16.","DOI":"10.3390\/sym16111497"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Chen, J., Jordan, M.I., and Wainwright, M.J. (2020, January 18\u201321). Hopskipjumpattack: A query-efficient decision-based attack. Proceedings of the 2020 IEEE Symposium on Security and privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00045"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., and Shmatikov, V. (2017, January 22\u201326). Membership inference attacks against machine learning models. Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA.","DOI":"10.1109\/SP.2017.41"},{"key":"ref_22","unstructured":"Zari, O., Xu, C., and Neglia, G. (2021). Efficient passive membership inference attack in federated learning. arXiv."},{"key":"ref_23","first-page":"103201","article-title":"CS-MIA: Membership inference attack based on prediction confidence series in federated learning","volume":"67","author":"Gu","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"103535","DOI":"10.1016\/j.cose.2023.103535","article-title":"Enhance membership inference attacks in federated learning","volume":"136","author":"He","year":"2024","journal-title":"Comput. Secur."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Zhang, J., Zhang, J., Chen, J., and Yu, S. (2020, January 7\u201311). Gan enhanced membership inference: A passive local attack in federated learning. Proceedings of the ICC 2020-2020 IEEE International Conference on Communications (ICC), Dublin, Ireland.","DOI":"10.1109\/ICC40277.2020.9148790"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Xie, Y., Chen, B., Zhang, J., and Li, W. (2022, January 4\u20136). ALGANs: Enhancing membership inference attacks in federated learning with GANs and active learning. Proceedings of the 2022 IEEE International Symposium on Product Compliance Engineering-Asia (ISPCE-ASIA), Guangzhou, China.","DOI":"10.1109\/ISPCE-ASIA57917.2022.9971068"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Nasr, M., Shokri, R., and Houmansadr, A. (2019, January 19\u201323). Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00065"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Melis, L., Song, C., De Cristofaro, E., and Shmatikov, V. (2019, January 19\u201323). Exploiting unintended feature leakage in collaborative learning. Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00029"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Pasquini, D., Francati, D., and Ateniese, G. (2022, January 7\u201311). Eluding secure aggregation in federated learning via model inconsistency. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA.","DOI":"10.1145\/3548606.3560557"},{"key":"ref_30","unstructured":"Nguyen, T., Lai, P., Tran, K., Phan, N., and Thai, M.T. (2023). Active membership inference attack under local differential privacy in federated learning. arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Hu, H., Salcic, Z., Sun, L., Dobbie, G., and Zhang, X. (2021, January 7\u201310). Source inference attacks in federated learning. Proceedings of the 2021 IEEE International Conference on Data Mining (ICDM), Auckland, New Zealand.","DOI":"10.1109\/ICDM51629.2021.00129"},{"key":"ref_32","unstructured":"Suri, A., Kanani, P., Marathe, V.J., and Peterson, D.W. (2022). Subject membership inference attacks in federated learning. arXiv."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Wang, Z., Mi, B., and Chen, K. (2023, January 3\u20135). Member Inference Attacks in Federated Contrastive Learning. Proceedings of the International Conference on Artificial Intelligence Security and Privacy, Guangzhou, China.","DOI":"10.1007\/978-981-99-9785-5_4"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Chen, J., Zhang, J., Zhao, Y., Han, H., Zhu, K., and Chen, B. (2020, January 3\u20136). Beyond model-level membership privacy leakage: An adversarial approach in federated learning. Proceedings of the 2020 29th International Conference on Computer Communications and Networks (ICCCN), Honolulu, HI, USA.","DOI":"10.1109\/ICCCN49398.2020.9209744"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Yuan, W., Yang, C., Nguyen, Q.V.H., Cui, L., He, T., and Yin, H. (May, January 30). Interaction-level membership inference attack against federated recommender systems. Proceedings of the ACM Web Conference 2023, Austin, TX, USA.","DOI":"10.1145\/3543507.3583359"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"4996","DOI":"10.1109\/TIFS.2023.3303718","article-title":"TEAR: Exploring temporal evolution of adversarial robustness for membership inference attacks against federated learning","volume":"18","author":"Liu","year":"2023","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Li, Z., and Zhang, Y. (2021, January 15\u201319). Membership leakage in label-only exposures. Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea.","DOI":"10.1145\/3460120.3484575"},{"key":"ref_38","unstructured":"Choquette-Choo, C.A., Tramer, F., Carlini, N., and Papernot, N. (2021, January 18\u201324). Label-only membership inference attacks. Proceedings of the International Conference on Machine Learning, PMLR, Virtual."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Liu, Y., Zhao, Z., Backes, M., and Zhang, Y. (2022, January 7\u201311). Membership inference attacks by exploiting loss trajectory. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, CA, USA.","DOI":"10.1145\/3548606.3560684"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Xu, J., and Tan, C. (2023). Membership inference attack with relative decision boundary distance. arXiv.","DOI":"10.1007\/978-3-031-75757-0_6"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Carlini, N., Chien, S., Nasr, M., Song, S., Terzis, A., and Tramer, F. (2022, January 22\u201326). Membership inference attacks from first principles. Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833649"},{"key":"ref_42","unstructured":"Watson, L., Guo, C., Cormode, G., and Sablayrolles, A. (2021). On the importance of difficulty calibration in membership inference attacks. arXiv."},{"key":"ref_43","unstructured":"Rezaei, S., and Liu, X. (2022). An efficient subpopulation-based membership inference attack. arXiv."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Somepalli, G., Fowl, L., Bansal, A., Yeh-Chiang, P., Dar, Y., Baraniuk, R., Goldblum, M., and Goldstein, T. (2022, January 18\u201324). Can neural nets learn the same model twice? investigating reproducibility and double descent from the decision boundary perspective. Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA.","DOI":"10.1109\/CVPR52688.2022.01333"},{"key":"ref_45","unstructured":"Goodfellow, I.J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv."},{"key":"ref_46","first-page":"507","article-title":"Why do tree-based models still outperform deep learning on typical tabular data?","volume":"35","author":"Grinsztajn","year":"2022","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Yeom, S., Giacomelli, I., Fredrikson, M., and Jha, S. (2018, January 9\u201312). Privacy risk in machine learning: Analyzing the connection to overfitting. Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK.","DOI":"10.1109\/CSF.2018.00027"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Jia, J., Salem, A., Backes, M., Zhang, Y., and Gong, N.Z. (2019, January 11\u201315). Memguard: Defending against black-box membership inference attacks via adversarial examples. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3363201"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Abadi, M., Chu, A., Goodfellow, I., McMahan, H.B., Mironov, I., Talwar, K., and Zhang, L. (2016, January 24\u201328). Deep learning with differential privacy. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria.","DOI":"10.1145\/2976749.2978318"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/16\/12\/1677\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:54:40Z","timestamp":1760115280000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/16\/12\/1677"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,18]]},"references-count":49,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["sym16121677"],"URL":"https:\/\/doi.org\/10.3390\/sym16121677","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2024,12,18]]}}}