Optimal Defenses Against Gradient Reconstruction Attacks
This addresses security vulnerabilities in Federated Learning for privacy-sensitive applications, though it represents an incremental improvement over existing defense methods.
The paper tackles the problem of gradient reconstruction attacks in Federated Learning by deriving a theoretical lower bound for reconstruction error and customizing noise addition and gradient pruning defenses to optimize the trade-off between data leakage and model utility. Experimental results show their methods outperform standard defenses by better protecting training data while achieving improved utility.
Federated Learning (FL) is designed to prevent data leakage through collaborative model training without centralized data storage. However, it remains vulnerable to gradient reconstruction attacks that recover original training data from shared gradients. To optimize the trade-off between data leakage and utility loss, we first derive a theoretical lower bound of reconstruction error (among all attackers) for the two standard methods: adding noise, and gradient pruning. We then customize these two defenses to be parameter- and model-specific and achieve the optimal trade-off between our obtained reconstruction lower bound and model utility. Experimental results validate that our methods outperform Gradient Noise and Gradient Pruning by protecting the training data better while also achieving better utility.