SpooFL: Spoofing Federated Learning
Isaac Baglin, Xiatian Zhu, Simon Hadfield
TL;DR
SpooFL introduces a novel federated learning defense that uses synthetic, unrelated data to mislead attackers, effectively preventing data leakage without harming model performance.
Contribution
This paper presents the first spoofing-based defense in federated learning that employs external generative models to deceive attackers with irrelevant synthetic data.
Findings
SpooFL successfully misleads attackers into believing they have recovered true data.
The method prevents meaningful data leakage while maintaining model accuracy.
SpooFL outperforms existing defenses against deep leakage attacks.
Abstract
Traditional defenses against Deep Leakage (DL) attacks in Federated Learning (FL) primarily focus on obfuscation, introducing noise, transformations or encryption to degrade an attacker's ability to reconstruct private data. While effective to some extent, these methods often still leak high-level information such as class distributions or feature representations, and are frequently broken by increasingly powerful denoising attacks. We propose a fundamentally different perspective on FL defense: framing it as a spoofing problem.We introduce SpooFL (Figure 1), a spoofing-based defense that deceives attackers into believing they have recovered the true training data, while actually providing convincing but entirely synthetic samples from an unrelated task. Unlike prior synthetic-data defenses that share classes or distributions with the private data and thus still leak semantic…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Advanced Malware Detection Techniques