Related papers: Hear No Evil: Detecting Gradient Leakage by Malicious Servers in Federated Learning

Hear No Evil: Detecting Gradient Leakage by Malicious Servers in Federated Learning

URL: http://arxiv.org/abs/2506.20651v1
Date: Wed, 25 Jun 2025 17:49:26 GMT
Title: Hear No Evil: Detecting Gradient Leakage by Malicious Servers in Federated Learning
Authors: Fei Wang, Baochun Li,
Abstract summary: gradient updates in federated learning can unintentionally reveal sensitive information about a client's local data.<n>This paper provides the first comprehensive analysis of malicious gradient leakage attacks and the model manipulation techniques that enable them.<n>We propose a simple, lightweight, and broadly applicable client-side detection mechanism that flags suspicious model updates before local training begins.
Score: 35.64232606410778
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Recent work has shown that gradient updates in federated learning (FL) can unintentionally reveal sensitive information about a client's local data. This risk becomes significantly greater when a malicious server manipulates the global model to provoke information-rich updates from clients. In this paper, we adopt a defender's perspective to provide the first comprehensive analysis of malicious gradient leakage attacks and the model manipulation techniques that enable them. Our investigation reveals a core trade-off: these attacks cannot be both highly effective in reconstructing private data and sufficiently stealthy to evade detection -- especially in realistic FL settings that incorporate common normalization techniques and federated averaging. Building on this insight, we argue that malicious gradient leakage attacks, while theoretically concerning, are inherently limited in practice and often detectable through basic monitoring. As a complementary contribution, we propose a simple, lightweight, and broadly applicable client-side detection mechanism that flags suspicious model updates before local training begins, despite the fact that such detection may not be strictly necessary in realistic FL settings. This mechanism further underscores the feasibility of defending against these attacks with minimal overhead, offering a deployable safeguard for privacy-conscious federated learning systems.

Related papers

SABRE-FL: Selective and Accurate Backdoor Rejection for Federated Prompt Learning [1.3312007032203859]
We present the first study of backdoor attacks in Federated Prompt Learning.<n>We show that when malicious clients inject visually imperceptible, learnable noise triggers into input images, the global prompt learner becomes vulnerable to targeted misclassification.<n>Motivated by this vulnerability, we propose SABRE-FL, a lightweight, modular defense that filters poisoned prompt updates using an embedding-space anomaly detector trained offline on out-of-distribution data.
arXiv Detail & Related papers (2025-06-25T23:15:20Z)
Byzantine Outside, Curious Inside: Reconstructing Data Through Malicious Updates [36.2911560725828]
Federated learning (FL) enables decentralized machine learning without sharing raw data.<n>Privacy leakage is possible under commonly adopted FL protocols.<n>We introduce a novel threat model in FL, named the maliciously curious client.
arXiv Detail & Related papers (2025-06-13T02:23:41Z)
Robust Anti-Backdoor Instruction Tuning in LVLMs [53.766434746801366]
We introduce a lightweight, certified-agnostic defense framework for large visual language models (LVLMs)<n>Our framework finetunes only adapter modules and text embedding layers under instruction tuning.<n>Experiments against seven attacks on Flickr30k and MSCOCO demonstrate that ours reduces their attack success rate to nearly zero.
arXiv Detail & Related papers (2025-06-04T01:23:35Z)
Toward Malicious Clients Detection in Federated Learning [24.72033419379761]
Federated learning (FL) enables multiple clients to collaboratively train a global machine learning model without sharing their raw data.<n>In this paper, we propose a novel algorithm, SafeFL, specifically designed to accurately identify malicious clients in FL.
arXiv Detail & Related papers (2025-05-14T03:36:36Z)
Kick Bad Guys Out! Conditionally Activated Anomaly Detection in Federated Learning with Zero-Knowledge Proof Verification [22.078088272837068]
Federated Learning (FL) systems are vulnerable to adversarial attacks, such as model poisoning and backdoor attacks.<n>We propose a novel anomaly detection method designed specifically for practical FL scenarios.<n>Our approach employs a two-stage, conditionally activated detection mechanism.
arXiv Detail & Related papers (2023-10-06T07:09:05Z)
Client-side Gradient Inversion Against Federated Learning from Poisoning [59.74484221875662]
Federated Learning (FL) enables distributed participants to train a global model without sharing data directly to a central server. Recent studies have revealed that FL is vulnerable to gradient inversion attack (GIA), which aims to reconstruct the original training samples. We propose Client-side poisoning Gradient Inversion (CGI), which is a novel attack method that can be launched from clients.
arXiv Detail & Related papers (2023-09-14T03:48:27Z)
Mitigating Cross-client GANs-based Attack in Federated Learning [78.06700142712353]
Multi distributed multimedia clients can resort to federated learning (FL) to jointly learn a global shared model. FL suffers from the cross-client generative adversarial networks (GANs)-based (C-GANs) attack. We propose Fed-EDKD technique to improve the current popular FL schemes to resist C-GANs attack.
arXiv Detail & Related papers (2023-07-25T08:15:55Z)
FedDefender: Client-Side Attack-Tolerant Federated Learning [60.576073964874]
Federated learning enables learning from decentralized data sources without compromising privacy. It is vulnerable to model poisoning attacks, where malicious clients interfere with the training process. We propose a new defense mechanism that focuses on the client-side, called FedDefender, to help benign clients train robust local models.
arXiv Detail & Related papers (2023-07-18T08:00:41Z)
Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
arXiv Detail & Related papers (2022-02-14T18:33:12Z)
RoFL: Attestable Robustness for Secure Federated Learning [59.63865074749391]
Federated Learning allows a large number of clients to train a joint model without the need to share their private data. To ensure the confidentiality of the client updates, Federated Learning systems employ secure aggregation. We present RoFL, a secure Federated Learning system that improves robustness against malicious clients.
arXiv Detail & Related papers (2021-07-07T15:42:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.