Building Gradient Bridges: Label Leakage from Restricted Gradient Sharing in Federated Learning

• URL: http://arxiv.org/abs/2412.12640v1
• Date: Tue, 17 Dec 2024 08:03:38 GMT
• Title: Building Gradient Bridges: Label Leakage from Restricted Gradient Sharing in Federated Learning
• Authors: Rui Zhang, Ka-Ho Chow, Ping Li,
• Abstract summary: Gradient Bridge (GDBR) recovers the label distribution of training data from the limited gradient information shared in federated learning (FL) experiments show that GDBR can accurately recover more than 80% of labels in various FL settings.
• Score: 21.799571403101904
• License:
• Abstract: The growing concern over data privacy, the benefits of utilizing data from diverse sources for model training, and the proliferation of networked devices with enhanced computational capabilities have all contributed to the rise of federated learning (FL). The clients in FL collaborate to train a global model by uploading gradients computed on their private datasets without collecting raw data. However, a new attack surface has emerged from gradient sharing, where adversaries can restore the label distribution of a victim's private data by analyzing the obtained gradients. To mitigate this privacy leakage, existing lightweight defenses restrict the sharing of gradients, such as encrypting the final-layer gradients or locally updating the parameters within. In this paper, we introduce a novel attack called Gradient Bridge (GDBR) that recovers the label distribution of training data from the limited gradient information shared in FL. GDBR explores the relationship between the layer-wise gradients, tracks the flow of gradients, and analytically derives the batch training labels. Extensive experiments show that GDBR can accurately recover more than 80% of labels in various FL settings. GDBR highlights the inadequacy of restricted gradient sharing-based defenses and calls for the design of effective defense schemes in FL.

Related papers

• CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling [63.07948989346385]
  Federated learning collaboratively trains a neural network on a global server. Each local client receives the current global model weights and sends back parameter updates (gradients) based on its local private data. Existing gradient inversion attacks can exploit this vulnerability to recover private training instances from a client's gradient vectors. We present a novel defense tailored for large neural network models.
  arXiv  Detail & Related papers  (2025-01-27T01:06:23Z)
• Federated Learning under Attack: Improving Gradient Inversion for Batch of Images [1.5749416770494706]
  Federated Learning (FL) has emerged as a machine learning approach able to preserve the privacy of user's data. Deep Leakage from Gradients with Feedback Blending (DLG-FB) is able to improve the inverting gradient attack.
  arXiv  Detail & Related papers  (2024-09-26T12:02:36Z)
• Breaking Secure Aggregation: Label Leakage from Aggregated Gradients in Federated Learning [11.18348760596715]
  Federated Learning exhibits privacy vulnerabilities under gradient inversion attacks (GIAs) We propose a stealthy label inference attack to bypass Secure Aggregation (SA) and recover individual clients' private labels. Our attack achieves large-scale label recovery with 100% accuracy on various datasets and model architectures.
  arXiv  Detail & Related papers  (2024-06-22T04:42:18Z)
• Understanding Deep Gradient Leakage via Inversion Influence Functions [53.1839233598743]
  Deep Gradient Leakage (DGL) is a highly effective attack that recovers private training images from gradient vectors. We propose a novel Inversion Influence Function (I$2$F) that establishes a closed-form connection between the recovered images and the private gradients. We empirically demonstrate that I$2$F effectively approximated the DGL generally on different model architectures, datasets, attack implementations, and perturbation-based defenses.
  arXiv  Detail & Related papers  (2023-09-22T17:26:24Z)
• GIFD: A Generative Gradient Inversion Method with Feature Domain Optimization [52.55628139825667]
  Federated Learning (FL) has emerged as a promising distributed machine learning framework to preserve clients' privacy. Recent studies find that an attacker can invert the shared gradients and recover sensitive data against an FL system by leveraging pre-trained generative adversarial networks (GAN) as prior knowledge. We propose textbfGradient textbfInversion over textbfFeature textbfDomains (GIFD), which disassembles the GAN model and searches the feature domains of the intermediate layers.
  arXiv  Detail & Related papers  (2023-08-09T04:34:21Z)
• Auditing Privacy Defenses in Federated Learning via Generative Gradient Leakage [9.83989883339971]
  Federated Learning (FL) framework brings privacy benefits to distributed learning systems. Recent studies have revealed that private information can still be leaked through shared information. We propose a new type of leakage, i.e., Generative Gradient Leakage (GGL)
  arXiv  Detail & Related papers  (2022-03-29T15:59:59Z)
• Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
  Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
  arXiv  Detail & Related papers  (2022-02-14T18:33:12Z)
• CAFE: Catastrophic Data Leakage in Vertical Federated Learning [65.56360219908142]
  Recent studies show that private training data can be leaked through the gradients sharing mechanism deployed in distributed machine learning systems. We propose an advanced data leakage attack with theoretical justification to efficiently recover batch data from the shared aggregated gradients.
  arXiv  Detail & Related papers  (2021-10-26T23:22:58Z)
• Gradient Imitation Reinforcement Learning for Low Resource Relation Extraction [52.63803634033647]
  Low-resource relation Extraction (LRE) aims to extract relation facts from limited labeled corpora when human annotation is scarce. We develop a Gradient Imitation Reinforcement Learning method to encourage pseudo label data to imitate the gradient descent direction on labeled data. We also propose a framework called GradLRE, which handles two major scenarios in low-resource relation extraction.
  arXiv  Detail & Related papers  (2021-09-14T03:51:15Z)
• Quantifying Information Leakage from Gradients [8.175697239083474]
  Sharing deep neural networks' gradients instead of training data could facilitate data privacy in collaborative learning. In practice however, gradients can disclose both private latent attributes and original data. Mathematical metrics are needed to quantify both original and latent information leakages from gradients computed over the training data.
  arXiv  Detail & Related papers  (2021-05-28T15:47:44Z)
• User Label Leakage from Gradients in Federated Learning [12.239472997714804]
  Federated learning enables multiple users to build a joint model by sharing their model updates (gradients) We propose Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users' training data from their shared gradients.
  arXiv  Detail & Related papers  (2021-05-19T19:21:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.