Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning

Add code
Oct 19, 2022
Ruihan Wu, Xiangyu Chen, Chuan Guo, Kilian Q. Weinberger
Figure 1 for Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning
Figure 2 for Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning
Figure 3 for Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning
Figure 4 for Learning to Invert: Simple Adaptive Attacks for Gradient Inversion in Federated Learning

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Gradient inversion attack enables recovery of training samples from model updates in federated learning (FL) and constitutes a serious threat to data privacy. To mitigate this vulnerability, prior work proposed both principled defenses based on differential privacy, as well as heuristic defenses based on gradient compression as countermeasures. These defenses have so far been very effective, in particular those based on gradient compression that allow the model to maintain high accuracy while greatly reducing the attack's effectiveness. In this work, we argue that such findings do not accurately reflect the privacy risk in FL, and show that existing defenses can be broken by a simple adaptive attack that trains a model using auxiliary data to learn how to invert gradients on both vision and language tasks.

View paper onarxiv iconopen_review iconOpenReview

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon