Analysing the Influence of Attack Configurations on the Reconstruction of Medical Images in Federated Learning
This work addresses privacy risks in medical federated learning by analyzing attack vulnerabilities, but it is incremental as it builds on existing Deep Leakage from Gradients methods.
The study tackled the problem of data reconstruction from gradients in federated learning for medical images, showing that attack configurations like initialization schemes and distance measures significantly increase convergence speed and quality, with optimal choices depending on image distribution and model architecture.
The idea of federated learning is to train deep neural network models collaboratively and share them with multiple participants without exposing their private training data to each other. This is highly attractive in the medical domain due to patients' privacy records. However, a recently proposed method called Deep Leakage from Gradients enables attackers to reconstruct data from shared gradients. This study shows how easy it is to reconstruct images for different data initialization schemes and distance measures. We show how data and model architecture influence the optimal choice of initialization scheme and distance measure configurations when working with single images. We demonstrate that the choice of initialization scheme and distance measure can significantly increase convergence speed and quality. Furthermore, we find that the optimal attack configuration depends largely on the nature of the target image distribution and the complexity of the model architecture.