Privacy-Aware Representation Decoupling in Federated Recommendation against Attribute Inference Attacks
Authors: Xuhao Zhao, Yanmin Zhu, Wenze Ma, Qihao Luo, Chenhao Zhai, Chunyang Wang, Jiadi
Yu, Feilong Tang
Abstract
Federated recommender systems (FedRec) aim to preserve user privacy by keeping sensitive data on client devices and sharing only model parameters with a central server. However, FedRec is still vulnerable to attribute inference attacks (AIA), where server-side adversaries exploit uploaded parameters to infer users' private attributes. Existing approaches face a suboptimal privacy-performance trade-off. Privacy-focused methods mask attribute-related features in representations to protect sensitive information, but degrade recommendation accuracy. In contrast, performance-focused methods preserve accuracy by retaining these features but risk privacy leakage through uploaded representations. To balance privacy and performance, we propose PARD, a privacy-aware representation decoupling framework that explicitly decouples representations into privacy-relevant and privacy-irrelevant components. Only the privacy-irrelevant part is uploaded to the server, and the privacy-relevant part is retained locally. We introduce mutual information (MI) objectives to realize the decoupling: (1) minimizing MI between privacy-irrelevant representations and sensitive attributes to suppress leakage, and (2) maximizing MI for privacy-relevant representations to retain personalized preference signals. Since exact MI computation is intractable, we derive variational bounds and estimate them using privacy estimators under adversarial and cooperative training paradigms. Experimental results demonstrate that PARD outperforms state-of-the-art methods in both recommendation accuracy and privacy preservation.