TY - GEN
T1 - Refiner
T2 - 34th USENIX Security Symposium, USENIX Security 2025
AU - Fan, Mingyuan
AU - Chen, Cen
AU - Wang, Chengyu
AU - Li, Xiaodan
AU - Zhou, Wenmeng
N1 - Publisher Copyright:
© 2025 by The USENIX Association All Rights Reserved.
PY - 2025
Y1 - 2025
N2 - Recent works highlight the vulnerability of Federated Learning (FL) systems to gradient leakage attacks, where attackers reconstruct clients’ data from shared gradients, undermining FL’s privacy guarantees. However, existing defenses show limited resilience against sophisticated attacks. This paper introduces a novel defensive paradigm that departs from conventional gradient perturbation approaches and instead focuses on the construction of robust data. Our theoretical analysis indicates such data, which exhibits low semantic similarity to the clients’ raw data while maintaining good gradient alignment to clients’ raw data, is able to effectively obfuscate attackers and yet maintain model performance. We refer to such data as robust data, and to generate it, we design Refiner that jointly optimizes two metrics for privacy protection and performance maintenance. The utility metric promotes the gradient consistency of key parameters between robust data and clients’ data, while the privacy metric guides the generation of robust data towards enlarging the semantic gap with clients’ data. Extensive empirical evaluations on multiple benchmark datasets demonstrate the superior performance of Refiner at defending against state-of-the-art attacks.
AB - Recent works highlight the vulnerability of Federated Learning (FL) systems to gradient leakage attacks, where attackers reconstruct clients’ data from shared gradients, undermining FL’s privacy guarantees. However, existing defenses show limited resilience against sophisticated attacks. This paper introduces a novel defensive paradigm that departs from conventional gradient perturbation approaches and instead focuses on the construction of robust data. Our theoretical analysis indicates such data, which exhibits low semantic similarity to the clients’ raw data while maintaining good gradient alignment to clients’ raw data, is able to effectively obfuscate attackers and yet maintain model performance. We refer to such data as robust data, and to generate it, we design Refiner that jointly optimizes two metrics for privacy protection and performance maintenance. The utility metric promotes the gradient consistency of key parameters between robust data and clients’ data, while the privacy metric guides the generation of robust data towards enlarging the semantic gap with clients’ data. Extensive empirical evaluations on multiple benchmark datasets demonstrate the superior performance of Refiner at defending against state-of-the-art attacks.
UR - https://www.scopus.com/pages/publications/105021384245
M3 - 会议稿件
AN - SCOPUS:105021384245
T3 - Proceedings of the 34th USENIX Security Symposium
SP - 3005
EP - 3024
BT - Proceedings of the 34th USENIX Security Symposium
PB - USENIX Association
Y2 - 13 August 2025 through 15 August 2025
ER -