Differential Privacy: Gradient Leakage Attacks in Federated Learning Environments
Miguel Fernandez-de-Retana, Unai Zulaika, Rub\'en S\'anchez-Corcuera, Aitor Almeida
TL;DR
This paper evaluates differential privacy mechanisms, DP-SGD and PDP-SGD, as defenses against gradient leakage attacks in federated learning, revealing trade-offs between privacy protection and model utility.
Contribution
It provides an empirical comparison of DP-SGD and PDP-SGD in defending against gradient leakage attacks in federated learning environments.
Findings
DP-SGD significantly reduces gradient leakage risk with moderate utility loss.
PDP-SGD maintains high utility but is ineffective against reconstruction attacks.
Empirical evaluation highlights the practical limitations of privacy mechanisms in distributed learning.
Abstract
Federated Learning (FL) allows for the training of Machine Learning models in a collaborative manner without the need to share sensitive data. However, it remains vulnerable to Gradient Leakage Attacks (GLAs), which can reveal private information from the shared model updates. In this work, we investigate the effectiveness of Differential Privacy (DP) mechanisms - specifically, DP-SGD and a variant based on explicit regularization (PDP-SGD) - as defenses against GLAs. To this end, we evaluate the performance of several computer vision models trained under varying privacy levels on a simple classification task, and then analyze the quality of private data reconstructions obtained from the intercepted gradients in a simulated FL environment. Our results demonstrate that DP-SGD significantly mitigates the risk of gradient leakage attacks, albeit with a moderate trade-off in model utility.…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.