Boosting Gradient Leakage Attacks: Data Reconstruction in Realistic FL Settings

• URL: http://arxiv.org/abs/2506.08435v1
• Date: Tue, 10 Jun 2025 04:17:06 GMT
• Title: Boosting Gradient Leakage Attacks: Data Reconstruction in Realistic FL Settings
• Authors: Mingyuan Fan, Fuyi Wang, Cen Chen, Jianying Zhou,
• Abstract summary: Federated learning (FL) enables collaborative model training among multiple clients without the need to expose raw data.<n>The ability to safeguard privacy, at the heart of FL, has recently been a hot-button debate topic.<n>This paper empirically demonstrates that clients' data can still be effectively reconstructed, even within realistic FL environments.
• Score: 17.038652036429454
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Federated learning (FL) enables collaborative model training among multiple clients without the need to expose raw data. Its ability to safeguard privacy, at the heart of FL, has recently been a hot-button debate topic. To elaborate, several studies have introduced a type of attacks known as gradient leakage attacks (GLAs), which exploit the gradients shared during training to reconstruct clients' raw data. On the flip side, some literature, however, contends no substantial privacy risk in practical FL environments due to the effectiveness of such GLAs being limited to overly relaxed conditions, such as small batch sizes and knowledge of clients' data distributions. This paper bridges this critical gap by empirically demonstrating that clients' data can still be effectively reconstructed, even within realistic FL environments. Upon revisiting GLAs, we recognize that their performance failures stem from their inability to handle the gradient matching problem. To alleviate the performance bottlenecks identified above, we develop FedLeak, which introduces two novel techniques, partial gradient matching and gradient regularization. Moreover, to evaluate the performance of FedLeak in real-world FL environments, we formulate a practical evaluation protocol grounded in a thorough review of extensive FL literature and industry practices. Under this protocol, FedLeak can still achieve high-fidelity data reconstruction, thereby underscoring the significant vulnerability in FL systems and the urgent need for more effective defense methods.

Related papers

• Building Gradient Bridges: Label Leakage from Restricted Gradient Sharing in Federated Learning [21.799571403101904]
  Gradient Bridge (GDBR) recovers the label distribution of training data from the limited gradient information shared in federated learning (FL)<n> experiments show that GDBR can accurately recover more than 80% of labels in various FL settings.
  arXiv  Detail & Related papers  (2024-12-17T08:03:38Z)
• Just a Simple Transformation is Enough for Data Protection in Vertical Federated Learning [83.90283731845867]
  We consider feature reconstruction attacks, a common risk targeting input data compromise.<n>We show that Federated-based models are resistant to state-of-the-art feature reconstruction attacks.
  arXiv  Detail & Related papers  (2024-12-16T12:02:12Z)
• Formal Logic-guided Robust Federated Learning against Poisoning Attacks [6.997975378492098]
  Federated Learning (FL) offers a promising solution to the privacy concerns associated with centralized Machine Learning (ML) FL is vulnerable to various security threats, including poisoning attacks, where adversarial clients manipulate the training data or model updates to degrade overall model performance. We present a defense mechanism designed to mitigate poisoning attacks in federated learning for time-series tasks.
  arXiv  Detail & Related papers  (2024-11-05T16:23:19Z)
• Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
  Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
  arXiv  Detail & Related papers  (2023-09-14T03:48:27Z)
• PS-FedGAN: An Efficient Federated Learning Framework Based on Partially Shared Generative Adversarial Networks For Data Privacy [56.347786940414935]
  Federated Learning (FL) has emerged as an effective learning paradigm for distributed computation. This work proposes a novel FL framework that requires only partial GAN model sharing. Named as PS-FedGAN, this new framework enhances the GAN releasing and training mechanism to address heterogeneous data distributions.
  arXiv  Detail & Related papers  (2023-05-19T05:39:40Z)
• Refiner: Data Refining against Gradient Leakage Attacks in Federated Learning [24.931028228974323]
  gradient leakage attacks exploit clients' uploaded gradients to reconstruct their sensitive data.<n>In this paper, we explore a novel defensive paradigm that departs from conventional gradient perturbation approaches.<n>We design Refiner that jointly optimize two metrics for privacy protection and performance maintenance.
  arXiv  Detail & Related papers  (2022-12-05T05:36:15Z)
• Concealing Sensitive Samples against Gradient Leakage in Federated Learning [41.43099791763444]
  Federated Learning (FL) is a distributed learning paradigm that enhances users privacy by eliminating the need for clients to share raw, private data with the server. Recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users private data via eavesdropping on the shared gradient information. We present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples.
  arXiv  Detail & Related papers  (2022-09-13T04:19:35Z)
• Acceleration of Federated Learning with Alleviated Forgetting in Local Training [61.231021417674235]
  Federated learning (FL) enables distributed optimization of machine learning models while protecting privacy. We propose FedReg, an algorithm to accelerate FL with alleviated knowledge forgetting in the local training stage. Our experiments demonstrate that FedReg not only significantly improves the convergence rate of FL, especially when the neural network architecture is deep.
  arXiv  Detail & Related papers  (2022-03-05T02:31:32Z)
• Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
  Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
  arXiv  Detail & Related papers  (2022-02-14T18:33:12Z)
• Local Learning Matters: Rethinking Data Heterogeneity in Federated Learning [61.488646649045215]
  Federated learning (FL) is a promising strategy for performing privacy-preserving, distributed learning with a network of clients (i.e., edge devices)
  arXiv  Detail & Related papers  (2021-11-28T19:03:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.