Maximum Knowledge Orthogonality Reconstruction with Gradients in Federated Learning

Federated learning (FL) aims at keeping client data local to preserve privacy. Instead of gathering the data itself, the server only collects aggregated gradient updates from clients. Following the popularity of FL, there has been considerable amount of work revealing the vulnerability of FL approac...

Full description

Saved in:
Bibliographic Details
Published in2024 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV) pp. 3872 - 3881
Main Authors Wang, Feng, Velipasalar, Senem, Gursoy, M. Cenk
Format Conference Proceeding
LanguageEnglish
Published IEEE 03.01.2024
Subjects
accountable
adversarial attack and defense methods
Adversarial learning
Algorithms
Computational modeling
Data privacy
ethical computer vision
Explainable
fair
Federated learning
Neural networks
Pressing
Privacy
privacy-preserving
Reconstruction algorithms
Online AccessGet full text

Cover

More Information
Summary:Federated learning (FL) aims at keeping client data local to preserve privacy. Instead of gathering the data itself, the server only collects aggregated gradient updates from clients. Following the popularity of FL, there has been considerable amount of work revealing the vulnerability of FL approaches by reconstructing the input data from gradient updates. Yet, most existing works assume an FL setting with unrealistically small batch size, and have poor image quality when the batch size is large. Other works modify the neural network architectures or parameters to the point of being suspicious, and thus, can be detected by clients. Moreover, most of them can only reconstruct one sample input from a large batch. To address these limitations, we propose a novel and analytical approach, referred to as the maximum knowledge orthogonality reconstruction (MKOR), to reconstruct clients' data. Our proposed method reconstructs a mathematically proven high-quality image from large batches. MKOR only requires the server to send secretly modified parameters to clients and can efficiently and inconspicuously reconstruct images from clients' gradient updates. We evaluate MKOR's performance on MNIST, CIFAR-100, and ImageNet datasets and compare it with the state-of-the-art baselines. The results show that MKOR outperforms the existing approaches, and draw attention to a pressing need for further research on the privacy protection of FL so that comprehensive defense approaches can be developed. The code is available at: https://github.com/wfwf10/MKOR.
ISSN:2642-9381
DOI:10.1109/WACV57701.2024.00384