Federated Learning under Attack: Improving Gradient Inversion for Batch of Images

TL;DR

This paper introduces DLG-FB, an improved gradient inversion attack for federated learning that leverages spatial correlations in image batches, significantly enhancing attack success rates and efficiency.

Contribution

It proposes DLG-FB, a novel method that improves gradient inversion attacks by exploiting spatial correlations in image data within federated learning.

Findings

Attack success rate increased by 19.18%.

Number of iterations per image reduced by 48.82%.

Demonstrates effectiveness of spatial correlation in gradient inversion.

Abstract

Federated Learning (FL) has emerged as a machine learning approach able to preserve the privacy of user's data. Applying FL, clients train machine learning models on a local dataset and a central server aggregates the learned parameters coming from the clients, training a global machine learning model without sharing user's data. However, the state-of-the-art shows several approaches to promote attacks on FL systems. For instance, inverting or leaking gradient attacks can find, with high precision, the local dataset used during the training phase of the FL. This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images. The performed evaluation shows an improvement of 19.18% and 48,82% in terms of attack success rate and the number of iterations per attacked image, respectively.