Optimal Defenses Against Gradient Reconstruction Attacks
Yuxiao Chen, Gamze G\"ursoy, Qi Lei
TL;DR
This paper develops theoretically optimal defense strategies against gradient reconstruction attacks in federated learning, balancing data privacy and model utility.
Contribution
It derives a lower bound on reconstruction error and customizes defenses to optimize the privacy-utility trade-off.
Findings
Our methods outperform existing defenses in data protection.
The customized defenses achieve better utility than baseline methods.
Experimental validation confirms improved privacy-utility balance.
Abstract
Federated Learning (FL) is designed to prevent data leakage through collaborative model training without centralized data storage. However, it remains vulnerable to gradient reconstruction attacks that recover original training data from shared gradients. To optimize the trade-off between data leakage and utility loss, we first derive a theoretical lower bound of reconstruction error (among all attackers) for the two standard methods: adding noise, and gradient pruning. We then customize these two defenses to be parameter- and model-specific and achieve the optimal trade-off between our obtained reconstruction lower bound and model utility. Experimental results validate that our methods outperform Gradient Noise and Gradient Pruning by protecting the training data better while also achieving better utility.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsMelanoma and MAPK Pathways · Medical Imaging Techniques and Applications · Advanced X-ray and CT Imaging
MethodsPruning