This is the code for paper 'Fortifying Federated Learning against Membership Inference Attacks via Client-level Input Perturbation'

• Python3.8
• Tensorflow 2.6.0
• Tensorflow Datasets
• Tensorflow Privacy 0.5.1
• Scikit-learn
• tqdm
• Numpy
• Pillow
• OpenCV

dataLoader.py provides the data.

modelUtil.py provides utilities.

target.py is implementation of baseline one client scenario (target for external adversary and adaptive adversary.)

CIP.py is implementation of one client scenario with our defense (target for external adversary and adaptive adversary.)

federatedTrain.py is implementation of baseline Federated Learning (FedAVG) (target for internal adversary.)

federatedCIP.py is implementation of FedAVG with our defense (target for internal adversary.)

Please refer to the following links for attacks/defenses evaluated in the paper:

• Diferential Privacy: code
• Adverserial Regularization: code
• MMD+Mix-up: paper
• Internal adversary: paper
• External adversary: code