Random Gradient Masking as a Defensive Measure to Deep Leakage in Federated Learning
This addresses privacy vulnerabilities in Federated Learning for clients, though it is incremental as it builds on existing defensive methods.
The paper tackles the problem of Deep Leakage from Gradients (DLG) attacks in Federated Learning by empirically evaluating four defensive methods—Masking, Clipping, Pruning, and Noising—finding that Masking and Clipping effectively defend against DLG with minimal performance degradation.
Federated Learning(FL), in theory, preserves privacy of individual clients' data while producing quality machine learning models. However, attacks such as Deep Leakage from Gradients(DLG) severely question the practicality of FL. In this paper, we empirically evaluate the efficacy of four defensive methods against DLG: Masking, Clipping, Pruning, and Noising. Masking, while only previously studied as a way to compress information during parameter transfer, shows surprisingly robust defensive utility when compared to the other three established methods. Our experimentation is two-fold. We first evaluate the minimum hyperparameter threshold for each method across MNIST, CIFAR-10, and lfw datasets. Then, we train FL clients with each method and their minimum threshold values to investigate the trade-off between DLG defense and training performance. Results reveal that Masking and Clipping show near to none degradation in performance while obfuscating enough information to effectively defend against DLG.