Abstract
As a new distributed computing framework that can protect data privacy, federated learning (FL) has attracted more and more attention in recent years. It receives gradients from users to train the global model and releases the trained global model to working users. Nonetheless, the gradient inversion (GI) attack reflects the risk of privacy leakage in federated learning. Attackers only need to use gradients through hundreds of thousands of simple iterations to obtain relatively accurate private data stored on users' local devices. For this, some works propose simple but effective strategies to obtain user data under a single-label dataset. However, these strategies induce a satisfactory visual effect of the inversion image at the expense of higher time costs. Due to the semantic limitation of a single label, the image obtained by gradient inversion may have semantic errors. We present a novel gradient inversion strategy based on canny edge detection (MGIC) in both the multi-label and single-label datasets. To reduce semantic errors caused by a single label, we add new convolution layers' blocks in the trained model to obtain the image's multi-label. Through multi-label representation, serious semantic errors in inversion images are reduced. Then, we analyze the impact of parameters on the difficulty of input image reconstruction and discuss how image multi-subjects affect the inversion performance. Our proposed strategy has better visual inversion image results than the most widely used ones, saving more than 78% of time costs in the ImageNet dataset.
Abstract (translated)
作为一个新兴的分布式计算框架,保护数据隐私的联邦学习(FL)近年来吸引了越来越多的关注。它从用户那里接收梯度以训练全局模型,然后将训练好的全局模型发布给工作用户。然而,梯度反向(GI)攻击反映了在联邦学习中隐私泄露的风险。攻击者只需通过成千上万个简单的迭代使用梯度来获取存储在用户本地设备上的相对准确的用户数据。为此,一些工作提出了简单的但有效的策略来在单标签数据集中获取用户数据。然而,这些策略在提高图像反向效果的同时,导致了更高的时间开销。由于单标签数据的语义限制,获得的图像可能存在语义错误。我们提出了一个基于Canny边缘检测(MGIC)的多标签和单标签数据集的新颖梯度反向策略。为了减少由单标签引起的语义错误,我们在训练模型中添加了新的卷积层片段以获取图像的多个标签。通过多标签表示,降低了反向图像中的严重语义错误。然后,我们分析了参数对输入图像重构难度的影响,并讨论了图像多学科户如何影响反向性能。我们提出的方法在ImageNet数据集上的图像反向图像结果优于最广泛使用的方法,节省了超过78%的时间开销。
URL
https://arxiv.org/abs/2403.08284
