TY - GEN
T1 - Guardian
T2 - 17th ACM International Conference on Web Search and Data Mining, WSDM 2024
AU - Fan, Mingyuan
AU - Liu, Yang
AU - Chen, Cen
AU - Wang, Chengyu
AU - Qiu, Minghui
AU - Zhou, Wenmeng
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/3/4
Y1 - 2024/3/4
N2 - Federated learning is a privacy-focused learning paradigm, which trains a global model with gradients uploaded from multiple participants, circumventing explicit exposure of private data. However, previous research of gradient leakage attacks suggests that gradients alone are sufficient to reconstruct private data, rendering the privacy protection mechanism of federated learning unreliable. Existing defenses commonly craft transformed gradients based on ground-truth gradients to obfuscate the attacks, but often are less capable of maintaining good model performance together with satisfactory privacy protection. In this paper, we propose a novel yet effective defense framework named guarding against gradient leakage (Guardian) that produces transformed gradients by jointly optimizing two theoretically-derived metrics associated with gradients for performance maintenance and privacy protection. In this way, the transformed gradients produced via Guardian can achieve minimal privacy leakage in theory with the given performance maintenance level. Moreover, we design an ingenious initialization strategy for faster generation of transformed gradients to enhance the practicality of Guardian in real-world applications, while demonstrating theoretical convergence of Guardian to the performance of the global model. Extensive experiments on various tasks show that, without sacrificing much accuracy, Guardian can effectively defend state-of-the-art gradient leakage attacks, compared with the slight effects of baseline defense approaches.
AB - Federated learning is a privacy-focused learning paradigm, which trains a global model with gradients uploaded from multiple participants, circumventing explicit exposure of private data. However, previous research of gradient leakage attacks suggests that gradients alone are sufficient to reconstruct private data, rendering the privacy protection mechanism of federated learning unreliable. Existing defenses commonly craft transformed gradients based on ground-truth gradients to obfuscate the attacks, but often are less capable of maintaining good model performance together with satisfactory privacy protection. In this paper, we propose a novel yet effective defense framework named guarding against gradient leakage (Guardian) that produces transformed gradients by jointly optimizing two theoretically-derived metrics associated with gradients for performance maintenance and privacy protection. In this way, the transformed gradients produced via Guardian can achieve minimal privacy leakage in theory with the given performance maintenance level. Moreover, we design an ingenious initialization strategy for faster generation of transformed gradients to enhance the practicality of Guardian in real-world applications, while demonstrating theoretical convergence of Guardian to the performance of the global model. Extensive experiments on various tasks show that, without sacrificing much accuracy, Guardian can effectively defend state-of-the-art gradient leakage attacks, compared with the slight effects of baseline defense approaches.
KW - federated learning
KW - gradient leakage defense
KW - privacy protection
UR - https://www.scopus.com/pages/publications/85191758161
U2 - 10.1145/3616855.3635758
DO - 10.1145/3616855.3635758
M3 - 会议稿件
AN - SCOPUS:85191758161
T3 - WSDM 2024 - Proceedings of the 17th ACM International Conference on Web Search and Data Mining
SP - 190
EP - 198
BT - WSDM 2024 - Proceedings of the 17th ACM International Conference on Web Search and Data Mining
PB - Association for Computing Machinery, Inc
Y2 - 4 March 2024 through 8 March 2024
ER -