Gradients Stand-in for Defending Deep Leakage in Federated Learning

TL;DR

This paper proposes AdaDefense, a novel method using local stand-in gradients to prevent gradient leakage in federated learning, maintaining model performance and enhancing privacy.

Contribution

It introduces a new gradient stand-in approach for federated learning that effectively prevents leakage without sacrificing model accuracy.

Findings

Prevents gradient leakage effectively.

Maintains model performance comparable to standard methods.

Validated through extensive benchmark experiments.

Abstract

Federated Learning (FL) has become a cornerstone of privacy protection, shifting the paradigm towards localizing sensitive data while only sending model gradients to a central server. This strategy is designed to reinforce privacy protections and minimize the vulnerabilities inherent in centralized data storage systems. Despite its innovative approach, recent empirical studies have highlighted potential weaknesses in FL, notably regarding the exchange of gradients. In response, this study introduces a novel, efficacious method aimed at safeguarding against gradient leakage, namely, ``AdaDefense". Following the idea that model convergence can be achieved by using different types of optimization methods, we suggest using a local stand-in rather than the actual local gradient for global gradient aggregation on the central server. This proposed approach not only effectively prevents gradient leakage, but also ensures that the overall performance of the model remains largely unaffected. Delving into the theoretical dimensions, we explore how gradients may inadvertently leak private information and present a theoretical framework supporting the efficacy of our proposed method. Extensive empirical tests, supported by popular benchmark experiments, validate that our approach maintains model integrity and is robust against gradient leakage, marking an important step in our pursuit of safe and efficient FL.