A Theoretical Insight into Attack and Defense of Gradient Leakage in
Transformer
- URL: http://arxiv.org/abs/2311.13624v1
- Date: Wed, 22 Nov 2023 09:58:01 GMT
- Title: A Theoretical Insight into Attack and Defense of Gradient Leakage in
Transformer
- Authors: Chenyang Li, Zhao Song, Weixin Wang, Chiwun Yang
- Abstract summary: The Deep Leakage from Gradient (DLG) attack has emerged as a prevalent and highly effective method for extracting sensitive training data by inspecting exchanged gradients.
This research presents a comprehensive analysis of the gradient leakage method when applied specifically to transformer-based models.
- Score: 11.770915202449517
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: The Deep Leakage from Gradient (DLG) attack has emerged as a prevalent and
highly effective method for extracting sensitive training data by inspecting
exchanged gradients. This approach poses a substantial threat to the privacy of
individuals and organizations alike. This research presents a comprehensive
analysis of the gradient leakage method when applied specifically to
transformer-based models. Through meticulous examination, we showcase the
capability to accurately recover data solely from gradients and rigorously
investigate the conditions under which gradient attacks can be executed,
providing compelling evidence. Furthermore, we reevaluate the approach of
introducing additional noise on gradients as a protective measure against
gradient attacks. To address this, we outline a theoretical proof that analyzes
the associated privacy costs within the framework of differential privacy.
Additionally, we affirm the convergence of the Stochastic Gradient Descent
(SGD) algorithm under perturbed gradients. The primary objective of this study
is to augment the understanding of gradient leakage attack and defense
strategies while actively contributing to the development of privacy-preserving
techniques specifically tailored for transformer-based models. By shedding
light on the vulnerabilities and countermeasures associated with gradient
leakage, this research aims to foster advancements in safeguarding sensitive
data and upholding privacy in the context of transformer-based models.
Related papers
- CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling [63.07948989346385]
Federated learning collaboratively trains a neural network on a global server.
Each local client receives the current global model weights and sends back parameter updates (gradients) based on its local private data.
Existing gradient inversion attacks can exploit this vulnerability to recover private training instances from a client's gradient vectors.
We present a novel defense tailored for large neural network models.
arXiv Detail & Related papers (2025-01-27T01:06:23Z) - Gradients Stand-in for Defending Deep Leakage in Federated Learning [0.0]
This study introduces a novel, efficacious method aimed at safeguarding against gradient leakage, namely, AdaDefense"
This proposed approach not only effectively prevents gradient leakage, but also ensures that the overall performance of the model remains largely unaffected.
arXiv Detail & Related papers (2024-10-11T11:44:13Z) - BadGD: A unified data-centric framework to identify gradient descent vulnerabilities [10.996626204702189]
BadGD sets a new standard for understanding and mitigating adversarial manipulations.
This research underscores the severe threats posed by such data-centric attacks and highlights the urgent need for robust defenses in machine learning.
arXiv Detail & Related papers (2024-05-24T23:39:45Z) - Lazy Layers to Make Fine-Tuned Diffusion Models More Traceable [70.77600345240867]
A novel arbitrary-in-arbitrary-out (AIAO) strategy makes watermarks resilient to fine-tuning-based removal.
Unlike the existing methods of designing a backdoor for the input/output space of diffusion models, in our method, we propose to embed the backdoor into the feature space of sampled subpaths.
Our empirical studies on the MS-COCO, AFHQ, LSUN, CUB-200, and DreamBooth datasets confirm the robustness of AIAO.
arXiv Detail & Related papers (2024-05-01T12:03:39Z) - Understanding Deep Gradient Leakage via Inversion Influence Functions [53.1839233598743]
Deep Gradient Leakage (DGL) is a highly effective attack that recovers private training images from gradient vectors.
We propose a novel Inversion Influence Function (I$2$F) that establishes a closed-form connection between the recovered images and the private gradients.
We empirically demonstrate that I$2$F effectively approximated the DGL generally on different model architectures, datasets, attack implementations, and perturbation-based defenses.
arXiv Detail & Related papers (2023-09-22T17:26:24Z) - Securing Distributed SGD against Gradient Leakage Threats [13.979995939926154]
This paper presents a holistic approach to gradient leakage resilient distributed gradient Descent (SGD)
We analyze two types of strategies for privacy-enhanced federated learning: (i) gradient pruning with random selection or low-rank filtering and (ii) gradient perturbation with additive random noise or differential privacy noise.
We present a gradient leakage resilient approach to securing distributed SGD in federated learning, with differential privacy controlled noise as the tool.
arXiv Detail & Related papers (2023-05-10T21:39:27Z) - Refiner: Data Refining against Gradient Leakage Attacks in Federated
Learning [28.76786159247595]
gradient leakage attacks exploit clients' uploaded gradients to reconstruct their sensitive data.
In this paper, we explore a novel defensive paradigm that departs from conventional gradient perturbation approaches.
We design Refiner that jointly optimize two metrics for privacy protection and performance maintenance.
arXiv Detail & Related papers (2022-12-05T05:36:15Z) - Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in
Federated Learning [31.374376311614675]
Gradient inversion attack enables recovery of training samples from model gradients in federated learning.
We show that existing defenses can be broken by a simple adaptive attack.
arXiv Detail & Related papers (2022-10-19T20:41:30Z) - Defense Against Gradient Leakage Attacks via Learning to Obscure Data [48.67836599050032]
Federated learning is considered as an effective privacy-preserving learning mechanism.
In this paper, we propose a new defense method to protect the privacy of clients' data by learning to obscure data.
arXiv Detail & Related papers (2022-06-01T21:03:28Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based
Prior [50.393092185611536]
We consider the black-box adversarial setting, where the adversary needs to craft adversarial examples without access to the gradients of a target model.
Previous methods attempted to approximate the true gradient either by using the transfer gradient of a surrogate white-box model or based on the feedback of model queries.
We propose two prior-guided random gradient-free (PRGF) algorithms based on biased sampling and gradient averaging.
arXiv Detail & Related papers (2022-03-13T04:06:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.