DRAGD: A Federated Unlearning Data Reconstruction Attack Based on Gradient Differences

• URL: http://arxiv.org/abs/2507.09602v1
• Date: Sun, 13 Jul 2025 12:16:43 GMT
• Title: DRAGD: A Federated Unlearning Data Reconstruction Attack Based on Gradient Differences
• Authors: Bocheng Ju, Junchao Fan, Jiaqi Liu, Xiaolin Chang,
• Abstract summary: Federated unlearning enables machine learning while preserving data privacy.<n>The gradient exchanges during the unlearning process can leak sensitive information about deleted data.<n>We introduce DRAGD, a novel attack that exploits gradient discrepancies before and after unlearning to reconstruct forgotten data.<n>We also present DRAGDP, an enhanced version of DRAGD that leverages publicly available prior data to improve reconstruction accuracy.
• Score: 13.513041254208186
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Federated learning enables collaborative machine learning while preserving data privacy. However, the rise of federated unlearning, designed to allow clients to erase their data from the global model, introduces new privacy concerns. Specifically, the gradient exchanges during the unlearning process can leak sensitive information about deleted data. In this paper, we introduce DRAGD, a novel attack that exploits gradient discrepancies before and after unlearning to reconstruct forgotten data. We also present DRAGDP, an enhanced version of DRAGD that leverages publicly available prior data to improve reconstruction accuracy, particularly for complex datasets like facial images. Extensive experiments across multiple datasets demonstrate that DRAGD and DRAGDP significantly outperform existing methods in data reconstruction.Our work highlights a critical privacy vulnerability in federated unlearning and offers a practical solution, advancing the security of federated unlearning systems in real-world applications.

Related papers

• Cutting Through Privacy: A Hyperplane-Based Data Reconstruction Attack in Federated Learning [10.145100498980346]
  Federated Learning (FL) enables collaborative training of machine learning models across distributed clients without sharing raw data.<n>Recent studies have revealed critical vulnerabilities in FL, showing that a malicious central server can manipulate model updates to reconstruct clients' private data.<n>We introduce a novel data reconstruction attack that overcomes these limitations.
  arXiv  Detail & Related papers  (2025-05-15T13:16:32Z)
• Extracting Spatiotemporal Data from Gradients with Large Language Models [30.785476975412482]
  Recent updates that can be updated from gradient data break key privacy promise of federated learning. We propose an adaptive defense strategy to mitigate attacks in federated learning. We show that the proposed defense strategy can well preserve the utility of thetemporal-temporal federated learning with effective security protection.
  arXiv  Detail & Related papers  (2024-10-21T15:48:34Z)
• Learn while Unlearn: An Iterative Unlearning Framework for Generative Language Models [52.03511469562013]
  We introduce the Iterative Contrastive Unlearning (ICU) framework, which consists of three core components.<n>A Knowledge Unlearning Induction module targets specific knowledge for removal using an unlearning loss.<n>A Contrastive Learning Enhancement module preserves the model's expressive capabilities against the pure unlearning goal.<n>An Iterative Unlearning Refinement module dynamically adjusts the unlearning process through ongoing evaluation and updates.
  arXiv  Detail & Related papers  (2024-07-25T07:09:35Z)
• QBI: Quantile-Based Bias Initialization for Efficient Private Data Reconstruction in Federated Learning [0.5497663232622965]
  Federated learning enables the training of machine learning models on distributed data without compromising user privacy. Recent research has shown that the central entity can perfectly reconstruct private data from shared model updates.
  arXiv  Detail & Related papers  (2024-06-26T20:19:32Z)
• Ungeneralizable Examples [70.76487163068109]
  Current approaches to creating unlearnable data involve incorporating small, specially designed noises. We extend the concept of unlearnable data to conditional data learnability and introduce textbfUntextbfGeneralizable textbfExamples (UGEs) UGEs exhibit learnability for authorized users while maintaining unlearnability for potential hackers.
  arXiv  Detail & Related papers  (2024-04-22T09:29:14Z)
• Learn to Unlearn for Deep Neural Networks: Minimizing Unlearning Interference with Gradient Projection [56.292071534857946]
  Recent data-privacy laws have sparked interest in machine unlearning. Challenge is to discard information about the forget'' data without altering knowledge about remaining dataset. We adopt a projected-gradient based learning method, named as Projected-Gradient Unlearning (PGU) We provide empirically evidence to demonstrate that our unlearning method can produce models that behave similar to models retrained from scratch across various metrics even when the training dataset is no longer accessible.
  arXiv  Detail & Related papers  (2023-12-07T07:17:24Z)
• Unlearn What You Want to Forget: Efficient Unlearning for LLMs [92.51670143929056]
  Large language models (LLMs) have achieved significant progress from pre-training on and memorizing a wide range of textual data. This process might suffer from privacy issues and violations of data protection regulations. We propose an efficient unlearning framework that could efficiently update LLMs without having to retrain the whole model after data removals.
  arXiv  Detail & Related papers  (2023-10-31T03:35:59Z)
• Auditing Privacy Defenses in Federated Learning via Generative Gradient Leakage [9.83989883339971]
  Federated Learning (FL) framework brings privacy benefits to distributed learning systems. Recent studies have revealed that private information can still be leaked through shared information. We propose a new type of leakage, i.e., Generative Gradient Leakage (GGL)
  arXiv  Detail & Related papers  (2022-03-29T15:59:59Z)
• Do Gradient Inversion Attacks Make Federated Learning Unsafe? [70.0231254112197]
  Federated learning (FL) allows the collaborative training of AI models without needing to share raw data. Recent works on the inversion of deep neural networks from model gradients raised concerns about the security of FL in preventing the leakage of training data. In this work, we show that these attacks presented in the literature are impractical in real FL use-cases and provide a new baseline attack.
  arXiv  Detail & Related papers  (2022-02-14T18:33:12Z)
• Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models [56.0250919557652]
  Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency. Previous attacks on user privacy have been limited in scope and do not scale to gradient updates aggregated over even a handful of data points. We introduce a new threat model based on minimal but malicious modifications of the shared model architecture.
  arXiv  Detail & Related papers  (2021-10-25T15:52:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.