Study Uses Membership Inference Attacks to Gauge Privacy in Federated Learning for Satellite Images

Global: Leveraging Membership Inference Attacks for Privacy Measurement in Federated Learning for Remote Sensing Images

On January 8, 2026, researchers Anh‑Kiet Duong, Petra Gomez‑Krämer, Hoàng‑Ân Lê and Minh‑Tan Pham posted a preprint on arXiv that examines how membership inference attacks can serve as a quantitative privacy metric for federated learning systems applied to remote‑sensing image classification.

Background

Federated learning (FL) enables multiple parties to collaboratively train a machine‑learning model while keeping raw data on local devices, a design that is often promoted as privacy‑preserving for sensitive domains such as satellite imagery.

Membership Inference Attacks as a Metric

Membership inference attacks (MIAs) attempt to determine whether a particular data point was included in a model’s training set. The authors argue that the success rate of black‑box MIAs provides a concrete measure of privacy leakage that complements traditional accuracy metrics.

Methodology

The study evaluates three black‑box MIA techniques—standard entropy‑based attacks, a modified entropy variant, and a likelihood‑ratio attack—across several FL algorithms and communication strategies. Experiments use two publicly available scene‑classification datasets commonly employed in remote‑sensing research.

Key Findings

Results indicate that communication‑efficient FL approaches, which reduce the frequency of model updates, lower MIA success rates without sacrificing classification performance. Conversely, more frequent synchronization tends to increase vulnerability to inference attacks.

Implications for System Design

By demonstrating that MIAs can reliably expose privacy risks not captured by accuracy alone, the paper suggests that developers of FL pipelines for remote sensing should incorporate MIA‑based assessments during the design and testing phases.

Limitations and Future Work

The authors note that their experiments are limited to two datasets and a specific set of attack algorithms. They recommend expanding the evaluation to additional remote‑sensing benchmarks and exploring defensive techniques such as differential privacy.

Conclusion

Overall, the preprint positions membership inference attacks as a practical tool for measuring privacy leakage in federated learning, underscoring the need for systematic privacy evaluation in emerging AI applications.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.