Protect Privacy from Gradient Leakage Attack in Federated Learning

Wang, Junxiao; Guo, Song; Xie, Xin; Qi, Heng

doi:10.1109/infocom48880.2022.9796841

Cited by 24 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It effectively mitigates data loss risks stemming from single-point failures and ensures data integrity, shielding against tampering with malicious intent [5][6][7][8][9][10]. Nonetheless, this approach remains vulnerable to gradient leakage attacks (GLA) due to the direct sharing of gradients [11,12]. In response, many privacy-preserving federated learning (PPFL) schemes have emerged to fortify gradient privacy [13][14][15].…”

Section: Introductionmentioning

confidence: 99%

FedSteg: Coverless Steganography‐Based Privacy‐Preserving Decentralized Federated Learning

Xu,

Lin

2024

IEEJ Transactions Elec Engng

View full text Add to dashboard Cite

Federated learning (FL) represents a novel privacy‐preserving learning paradigm that offers a practical solution for distributed privacy preservation. Although privacy‐preserving FL based on homomorphic encryption (HE‐PPFL) exhibits resistance to gradient leakage attacks while ensuring the accuracy of aggregation results, its widespread adoption in blockchain privacy preservation is hindered by the reliance on a trusted key generation center and secure transfer channels. Conversely, coverless steganography schemes effectively ensure the covert transmission of sensitive information across insecure channels. However, their incompatibility with HE‐PPFL arises from the lossy extraction process. To address these challenges, we present a decentralized federated learning privacy‐preserving framework based on the Lifted ElGamal threshold decryption cryptosystem. We introduce a reversible steganography method tailored to safeguard gradient privacy. Furthermore, we introduce a lightweight, secure blind aggregation algorithm founded on the Raft protocol, which serves to protect gradient privacy while substantially mitigating computational overhead. Finally, we provide rigorous theoretical proof of the security and correctness of our proposed scheme. Experimental results from four public data sets demonstrate that our proposed scheme achieves a 100% extraction accuracy without the need for lossless methods, while simultaneously reducing the computational cost of ciphertext gradient aggregation by at least three orders of magnitude. The FedSteg framework is publicly accessible at https://github.com/Xumeili/FedSteg. © 2024 Institute of Electrical Engineer of Japan and Wiley Periodicals LLC.

show abstract

Section: Introductionmentioning

confidence: 99%

FedSteg: Coverless Steganography‐Based Privacy‐Preserving Decentralized Federated Learning

Xu,

Lin

2024

IEEJ Transactions Elec Engng

View full text Add to dashboard Cite

show abstract

“…Since it has the potential to protect the private information, FL has been widely applied to a variety of application domains, such as healthcare [10,28], insurance industry [21], and Internet of Things (IoTs) [12,31,34]. Recent works have pointed out that FL is vulnerable to gradient leakage attacks (GLA) that try to reconstruct the training data from the publicly shared gradients with a central server [30,35]. To deal with this problem, one of commonly used defense strategies is differential privacy (DP) [11], which injects noise to the model parameters (weights or gradients) before they are uploaded to a central server [33].…”

Section: Introductionmentioning

confidence: 99%

Task-Agnostic Privacy-Preserving Representation Learning via Federated Learning

Yang

Chen

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Federated learning (FL) aims to collaboratively train the global model in a distributed manner by sharing the model parameters from local clients to a central server, thereby potentially protecting users' private information. Nevertheless, recent studies have illustrated that FL still suffers from information leakage as adversaries try to recover the training data by analyzing shared parameters from local clients. To deal with this issue, differential privacy (DP) is adopted to add noise to the gradients of local models before aggregation. It, however, results in the poor performance of gradient-based interpretability methods, since some weights capturing the salient region in feature map will be perturbed. To overcome this problem, we propose a simple yet effective adaptive differential privacy (ADP) mechanism that selectively adds noisy perturbations to the gradients of client models in FL. We also theoretically analyze the impact of gradient perturbation on the model interpretability. Finally, extensive experiments on both IID and Non-IID data demonstrate that the proposed ADP can achieve a good trade-off between privacy and interpretability in FL. Raw imageNo DP DP ADP GLA

show abstract