Extracting Spatiotemporal Data from Gradients with Large Language Models

• URL: http://arxiv.org/abs/2410.16121v1
• Date: Mon, 21 Oct 2024 15:48:34 GMT
• Title: Extracting Spatiotemporal Data from Gradients with Large Language Models
• Authors: Lele Zheng, Yang Cao, Renhe Jiang, Kenjiro Taura, Yulong Shen, Sheng Li, Masatoshi Yoshikawa,
• Abstract summary: Recent updates that can be updated from gradient data break key privacy promise of federated learning. We propose an adaptive defense strategy to mitigate attacks in federated learning. We show that the proposed defense strategy can well preserve the utility of thetemporal-temporal federated learning with effective security protection.
• Score: 30.785476975412482
• License:
• Abstract: Recent works show that sensitive user data can be reconstructed from gradient updates, breaking the key privacy promise of federated learning. While success was demonstrated primarily on image data, these methods do not directly transfer to other domains, such as spatiotemporal data. To understand privacy risks in spatiotemporal federated learning, we first propose Spatiotemporal Gradient Inversion Attack (ST-GIA), a gradient attack algorithm tailored to spatiotemporal data that successfully reconstructs the original location from gradients. Furthermore, the absence of priors in attacks on spatiotemporal data has hindered the accurate reconstruction of real client data. To address this limitation, we propose ST-GIA+, which utilizes an auxiliary language model to guide the search for potential locations, thereby successfully reconstructing the original data from gradients. In addition, we design an adaptive defense strategy to mitigate gradient inversion attacks in spatiotemporal federated learning. By dynamically adjusting the perturbation levels, we can offer tailored protection for varying rounds of training data, thereby achieving a better trade-off between privacy and utility than current state-of-the-art methods. Through intensive experimental analysis on three real-world datasets, we reveal that the proposed defense strategy can well preserve the utility of spatiotemporal federated learning with effective security protection.

Related papers

• Enhancing Privacy of Spatiotemporal Federated Learning against Gradient Inversion Attacks [30.785476975412482]
  We propose Stemporal Gradient Inversion Attack (GIA), a gradient attack algorithm tailored totemporal data. We design an adaptive defense strategy to mitigate gradient inversion attacks intemporal federated learning. We reveal that the proposed defense strategy can well preserve the utility oftemporal federated learning with effective security protection.
  arXiv  Detail & Related papers  (2024-07-11T14:17:02Z)
• GI-SMN: Gradient Inversion Attack against Federated Learning without Prior Knowledge [4.839514405631815]
  Federated learning (FL) has emerged as a privacy-preserving machine learning approach. gradient inversion attacks can exploit the gradients of FL to recreate the original user data. We propose a novel Gradient Inversion attack based on Style Migration Network (GI-SMN)
  arXiv  Detail & Related papers  (2024-05-06T14:29:24Z)
• Ungeneralizable Examples [70.76487163068109]
  Current approaches to creating unlearnable data involve incorporating small, specially designed noises. We extend the concept of unlearnable data to conditional data learnability and introduce textbfUntextbfGeneralizable textbfExamples (UGEs) UGEs exhibit learnability for authorized users while maintaining unlearnability for potential hackers.
  arXiv  Detail & Related papers  (2024-04-22T09:29:14Z)
• Learn to Unlearn for Deep Neural Networks: Minimizing Unlearning Interference with Gradient Projection [56.292071534857946]
  Recent data-privacy laws have sparked interest in machine unlearning. Challenge is to discard information about the forget'' data without altering knowledge about remaining dataset. We adopt a projected-gradient based learning method, named as Projected-Gradient Unlearning (PGU) We provide empirically evidence to demonstrate that our unlearning method can produce models that behave similar to models retrained from scratch across various metrics even when the training dataset is no longer accessible.
  arXiv  Detail & Related papers  (2023-12-07T07:17:24Z)
• Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
  Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
  arXiv  Detail & Related papers  (2023-09-14T03:48:27Z)
• GIFD: A Generative Gradient Inversion Method with Feature Domain Optimization [52.55628139825667]
  Federated Learning (FL) has emerged as a promising distributed machine learning framework to preserve clients' privacy. Recent studies find that an attacker can invert the shared gradients and recover sensitive data against an FL system by leveraging pre-trained generative adversarial networks (GAN) as prior knowledge. We propose textbfGradient textbfInversion over textbfFeature textbfDomains (GIFD), which disassembles the GAN model and searches the feature domains of the intermediate layers.
  arXiv  Detail & Related papers  (2023-08-09T04:34:21Z)
• Temporal Gradient Inversion Attacks with Robust Optimization [18.166835997248658]
  Federated Learning (FL) has emerged as a promising approach for collaborative model training without sharing private data. Gradient Inversion Attacks (GIAs) have been proposed to reconstruct the private data retained by local clients from the exchanged gradients. While recovering private data, the data dimensions and the model complexity increase, which thwart data reconstruction by GIAs. We propose TGIAs-RO, which recovers private data without any prior knowledge by leveraging multiple temporal gradients.
  arXiv  Detail & Related papers  (2023-06-13T16:21:34Z)
• Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning [31.374376311614675]
  Gradient inversion attack enables recovery of training samples from model gradients in federated learning. We show that existing defenses can be broken by a simple adaptive attack.
  arXiv  Detail & Related papers  (2022-10-19T20:41:30Z)
• Defense Against Gradient Leakage Attacks via Learning to Obscure Data [48.67836599050032]
  Federated learning is considered as an effective privacy-preserving learning mechanism. In this paper, we propose a new defense method to protect the privacy of clients' data by learning to obscure data.
  arXiv  Detail & Related papers  (2022-06-01T21:03:28Z)
• Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
  Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
  arXiv  Detail & Related papers  (2022-02-14T18:33:12Z)
• Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis [23.07323180340961]
  We study the security boundary of data reconstruction from gradient via a microcosmic view on neural networks with rectified linear units (ReLUs) We construct a novel deterministic attack algorithm which substantially outperforms previous attacks for reconstructing training batches lying in the insecure boundary of a neural network.
  arXiv  Detail & Related papers  (2020-10-26T05:54:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.