Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and Taxonomy

• URL: http://arxiv.org/abs/2405.10376v1
• Date: Thu, 16 May 2024 18:15:38 GMT
• Title: Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and Taxonomy
• Authors: Yichuan Shi, Olivera Kotevska, Viktor Reshniak, Abhishek Singh, Ramesh Raskar,
• Abstract summary: Federated Learning (FL) has emerged as a leading paradigm for decentralized, privacy preserving machine learning training. Recent research on gradient inversion attacks (GIAs) have shown that gradient updates in FL can leak information on private training samples. We present a survey and novel taxonomy of GIAs that emphasize FL threat models, particularly that of malicious servers and clients.
• Score: 10.962424750173332
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Federated Learning (FL) has emerged as a leading paradigm for decentralized, privacy preserving machine learning training. However, recent research on gradient inversion attacks (GIAs) have shown that gradient updates in FL can leak information on private training samples. While existing surveys on GIAs have focused on the honest-but-curious server threat model, there is a dearth of research categorizing attacks under the realistic and far more privacy-infringing cases of malicious servers and clients. In this paper, we present a survey and novel taxonomy of GIAs that emphasize FL threat models, particularly that of malicious servers and clients. We first formally define GIAs and contrast conventional attacks with the malicious attacker. We then summarize existing honest-but-curious attack strategies, corresponding defenses, and evaluation metrics. Critically, we dive into attacks with malicious servers and clients to highlight how they break existing FL defenses, focusing specifically on reconstruction methods, target model architectures, target data, and evaluation metrics. Lastly, we discuss open problems and future research directions.

Related papers

• FEDLAD: Federated Evaluation of Deep Leakage Attacks and Defenses [50.921333548391345]
  Federated Learning is a privacy preserving decentralized machine learning paradigm. Recent research has revealed that private ground truth data can be recovered through a gradient technique known as Deep Leakage. This paper introduces the FEDLAD Framework (Federated Evaluation of Deep Leakage Attacks and Defenses), a comprehensive benchmark for evaluating Deep Leakage attacks and defenses.
  arXiv  Detail & Related papers  (2024-11-05T11:42:26Z)
• Privacy Leakage on DNNs: A Survey of Model Inversion Attacks and Defenses [40.77270226912783]
  Model Inversion (MI) attacks disclose private information about the training dataset by abusing access to the trained models. Despite the rapid advances in the field, we lack a comprehensive and systematic overview of existing MI attacks and defenses. We elaborately analyze and compare numerous recent attacks and defenses on Deep Neural Networks (DNNs) across multiple modalities and learning tasks.
  arXiv  Detail & Related papers  (2024-02-06T14:06:23Z)
• Data and Model Poisoning Backdoor Attacks on Wireless Federated Learning, and the Defense Mechanisms: A Comprehensive Survey [28.88186038735176]
  Federated Learning (FL) has been increasingly considered for applications to wireless communication networks (WCNs) In general, non-independent and identically distributed (non-IID) data of WCNs raises concerns about robustness. This survey provides a comprehensive review of the latest backdoor attacks and defense mechanisms.
  arXiv  Detail & Related papers  (2023-12-14T05:52:29Z)
• A Survey on Vulnerability of Federated Learning: A Learning Algorithm Perspective [8.941193384980147]
  We focus on threat models targeting the learning process of FL systems. Defense strategies have evolved from using a singular metric to excluding malicious clients. Recent endeavors subtly alter the least significant weights in local models to bypass defense measures.
  arXiv  Detail & Related papers  (2023-11-27T18:32:08Z)
• OASIS: Offsetting Active Reconstruction Attacks in Federated Learning [14.644814818768172]
  Federated Learning (FL) has garnered significant attention for its potential to protect user privacy. Recent research has demonstrated that FL protocols can be easily compromised by active reconstruction attacks. We propose a defense mechanism based on image augmentation that effectively counteracts active reconstruction attacks.
  arXiv  Detail & Related papers  (2023-11-23T00:05:17Z)
• Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
  Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
  arXiv  Detail & Related papers  (2023-09-14T03:48:27Z)
• Towards Attack-tolerant Federated Learning via Critical Parameter Analysis [85.41873993551332]
  Federated learning systems are susceptible to poisoning attacks when malicious clients send false updates to the central server. This paper proposes a new defense strategy, FedCPA (Federated learning with Critical Analysis) Our attack-tolerant aggregation method is based on the observation that benign local models have similar sets of top-k and bottom-k critical parameters, whereas poisoned local models do not.
  arXiv  Detail & Related papers  (2023-08-18T05:37:55Z)
• FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
  Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
  arXiv  Detail & Related papers  (2023-07-18T08:00:41Z)
• Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations [55.2480439325792]
  Federated Learning (FL) facilitates decentralized machine learning model training, preserving data privacy, lowering communication costs, and boosting model performance through diversified data sources. FL faces vulnerabilities such as poisoning attacks, undermining model integrity with both untargeted performance degradation and targeted backdoor attacks. We define a new notion of strong adaptive adversaries, capable of adapting to multiple objectives simultaneously. MESAS is the first defense robust against strong adaptive adversaries, effective in real-world data scenarios, with an average overhead of just 24.37 seconds.
  arXiv  Detail & Related papers  (2023-06-06T11:44:42Z)
• A Survey on Gradient Inversion: Attacks, Defenses and Future Directions [81.46745643749513]
  We present a comprehensive survey on GradInv, aiming to summarize the cutting-edge research and broaden the horizons for different domains. Firstly, we propose a taxonomy of GradInv attacks by characterizing existing attacks into two paradigms: iteration- and recursion-based attacks. Second, we summarize emerging defense strategies against GradInv attacks. We find these approaches focus on three perspectives covering data obscuration, model improvement and gradient protection.
  arXiv  Detail & Related papers  (2022-06-15T03:52:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.