<p>Electroencephalography (EEG) records electrical brain activity from the scalp and is widely used in brain–computer interface (BCI) systems for communication, and assistive technologies. EEG is widely used in motor-imagery (MI) based BCIs, where neural recordings contain highly individual and potentially sensitive information. In this regard, federated learning (FL) is a prominent privacy-enhancing approach which enables collaborative model training without centralising raw signals. However, recent work has shown that FL models still leak private information through membership inference attacks (MIAs). Most existing studies examine only single attack type, so it remains unclear how multiple MIAs together expose different layers of privacy risk in FL-based EEG systems. To address this gap, this study develops a federated MI-EEG classification framework and evaluates privacy leakage across four complementary MIAs: record-level, feature-level, gradient-level, and client-identity inference. Two neural networks were trained using per-subject FL, and differential privacy (DP) with epsilon (ε) ∈ {1, 5, 10} was applied to client updates. Results showed that standard FL alone provides limited intrinsic protection, while adding DP substantially reduces attack success particularly for gradient and identity-level attacks. Strong privacy settings (ε = 1) offered the greatest leakage reduction but degraded classification accuracy, whereas a moderate privacy budget (ε = 5) achieved the most favourable privacy–utility balance. Overall, the findings demonstrate that FL alone is insufficient as a privacy safeguard for EEG-BCI systems. Explicit privacy mechanisms such as DP are required to mitigate multi-level leakage, supporting the design of trustworthy and secure neural-learning technologies.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Evaluating multi-level membership inference risk in federated EEG learning

  • Taslima Khanam,
  • Siuly Siuly,
  • Kate Wang,
  • Frank Whittaker,
  • Hua Wang

摘要

Electroencephalography (EEG) records electrical brain activity from the scalp and is widely used in brain–computer interface (BCI) systems for communication, and assistive technologies. EEG is widely used in motor-imagery (MI) based BCIs, where neural recordings contain highly individual and potentially sensitive information. In this regard, federated learning (FL) is a prominent privacy-enhancing approach which enables collaborative model training without centralising raw signals. However, recent work has shown that FL models still leak private information through membership inference attacks (MIAs). Most existing studies examine only single attack type, so it remains unclear how multiple MIAs together expose different layers of privacy risk in FL-based EEG systems. To address this gap, this study develops a federated MI-EEG classification framework and evaluates privacy leakage across four complementary MIAs: record-level, feature-level, gradient-level, and client-identity inference. Two neural networks were trained using per-subject FL, and differential privacy (DP) with epsilon (ε) ∈ {1, 5, 10} was applied to client updates. Results showed that standard FL alone provides limited intrinsic protection, while adding DP substantially reduces attack success particularly for gradient and identity-level attacks. Strong privacy settings (ε = 1) offered the greatest leakage reduction but degraded classification accuracy, whereas a moderate privacy budget (ε = 5) achieved the most favourable privacy–utility balance. Overall, the findings demonstrate that FL alone is insufficient as a privacy safeguard for EEG-BCI systems. Explicit privacy mechanisms such as DP are required to mitigate multi-level leakage, supporting the design of trustworthy and secure neural-learning technologies.