DRAGD: A Federated Unlearning Data Reconstruction Attack Based on Gradient Differences
This work addresses a critical privacy problem for users of federated unlearning systems, exposing a new attack vector that could compromise data security.
The paper tackles the privacy vulnerability in federated unlearning by introducing DRAGD and DRAGDP, attacks that exploit gradient differences to reconstruct deleted data, with experiments showing they significantly outperform existing methods in reconstruction accuracy.
Federated learning enables collaborative machine learning while preserving data privacy. However, the rise of federated unlearning, designed to allow clients to erase their data from the global model, introduces new privacy concerns. Specifically, the gradient exchanges during the unlearning process can leak sensitive information about deleted data. In this paper, we introduce DRAGD, a novel attack that exploits gradient discrepancies before and after unlearning to reconstruct forgotten data. We also present DRAGDP, an enhanced version of DRAGD that leverages publicly available prior data to improve reconstruction accuracy, particularly for complex datasets like facial images. Extensive experiments across multiple datasets demonstrate that DRAGD and DRAGDP significantly outperform existing methods in data reconstruction.Our work highlights a critical privacy vulnerability in federated unlearning and offers a practical solution, advancing the security of federated unlearning systems in real-world applications.