From Models to Network Topologies: A Topology Inference Attack in Decentralized Federated Learning

Federated Learning (FL) is widely recognized as a privacy-preserving Machine Learning paradigm due to its model-sharing mechanism that avoids direct data exchange. Nevertheless, model training leaves exploitable traces that can be used to infer sensitive information. In Decentralized FL (DFL), the topology, defining how participants are connected, plays a crucial role in shaping the model's privacy, robustness, and convergence. However, the topology introduces an unexplored vulnerability: attackers can exploit it to infer participant relationships and launch targeted attacks. This work uncovers the hidden risks of DFL topologies by proposing a novel Topology Inference Attack that infers the topology solely from model behavior. A taxonomy of topology inference attacks is introduced, categorizing them by the attacker's capabilities and knowledge. Practical attack strategies are designed for various scenarios, and experiments are conducted to identify key factors influencing attack success. The results demonstrate that analyzing only the model of each node can accurately infer the DFL topology, highlighting a critical privacy risk in DFL systems. These findings offer insights for improving privacy preservation in DFL environments.

Key Contributions

• Novel Topology Inference Attack (TIA) that infers DFL overlay network topology solely from model behavioral traces, without access to raw data or communication logs
• Taxonomy of topology inference attacks categorizing attacker capabilities and knowledge levels, with practical strategies for each scenario
• Experimental validation across multiple datasets and real-world DFL topologies, identifying key factors influencing attack success and offering insights for defensive design

🛡️ Threat Analysis

Details

Similar Papers