Concealing Sensitive Samples against Gradient Leakage in Federated Learning

TL;DR

This paper introduces a novel defense mechanism in federated learning that synthesizes concealed samples to obfuscate gradients, effectively protecting sensitive data from gradient leakage attacks without compromising model performance.

Contribution

It proposes a new gradient obfuscation method using synthesized concealed samples, enhancing privacy in federated learning against model inversion attacks.

Findings

Effective protection against gradient leakage attacks.

Maintains federated learning performance.

Outperforms previous defense methods.

Abstract

Federated Learning (FL) is a distributed learning paradigm that enhances users privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance.