Timezone: »

 
Oral
Evaluating Gradient Inversion Attacks and Defenses in Federated Learning
Yangsibo Huang · Samyak Gupta · Zhao Song · Kai Li · Sanjeev Arora

Fri Dec 10 04:00 PM -- 04:15 PM (PST) @
in Oral Session 5: Fairness and Privacy »

Gradient inversion attack (or input recovery from gradient) is an emerging threat to the security and privacy preservation of Federated learning, whereby malicious eavesdroppers or participants in the protocol can recover (partially) the clients' private data. This paper evaluates existing attacks and defenses. We find that some attacks make strong assumptions about the setup. Relaxing such assumptions can substantially weaken these attacks. We then evaluate the benefits of three proposed defense mechanisms against gradient inversion attacks. We show the trade-offs of privacy leakage and data utility of these defense methods, and find that combining them in an appropriate manner makes the attack less effective, even under the original strong assumptions. We also estimate the computation cost of end-to-end recovery of a single image under each evaluated defense. Our findings suggest that the state-of-the-art attacks can currently be defended against with minor data utility loss, as summarized in a list of potential strategies.

Keywords: Privacy · Federated Learning

Author Information

Yangsibo Huang (Princeton University)
Samyak Gupta (Princeton University)
Zhao Song (Adobe Systems)
Kai Li (None)
Sanjeev Arora (Princeton University)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors