TY - JOUR
T1 - EncGradInversion
T2 - Image Encoding and Gradient Inversion-Based Batch Attack in Federated Learning
AU - Dao, Thi Nga
AU - Lee, Hyungjune
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2024
Y1 - 2024
N2 - The gradient attack problem has recently been studied to increase the awareness of people on privacy risks in federated learning. However, this attack is constrained under specific conditions such as small image batch sizes and low image resolutions. To address this challenge, we introduce a new three-phase image recovery architecture called EncGradInversion, which harnesses the power of image encoding and the shared gradient inversion. In the first phase, we attempt to extract the representation for all of the images using the gradient at the last layer. Then, in the second phase, the extracted encoding of a specific image is leveraged for reconstructing the image by matching the representation of dummy and approximated images. This allows a parallel algorithm to accelerate the image recovery. In the last phase, the reconstructed images are fine-tuned using the shared gradient of the whole network. In the second and third phases, we formulate an optimization problem to minimize the discrepancy between the shared and reconstructed gradients, while preserving the smoothness and natural appearance of the reconstructed images. Evaluated on various datasets and deep learning models, EncGradInversion shows its superiority to recover the original training images with resolutions as high as 1024×1024 and with the batch size of 512. Furthermore, the proposed architecture outperforms existing counterparts with a factor of up to 9.8 and 6.04, in terms of structural similarity performance and attack time.
AB - The gradient attack problem has recently been studied to increase the awareness of people on privacy risks in federated learning. However, this attack is constrained under specific conditions such as small image batch sizes and low image resolutions. To address this challenge, we introduce a new three-phase image recovery architecture called EncGradInversion, which harnesses the power of image encoding and the shared gradient inversion. In the first phase, we attempt to extract the representation for all of the images using the gradient at the last layer. Then, in the second phase, the extracted encoding of a specific image is leveraged for reconstructing the image by matching the representation of dummy and approximated images. This allows a parallel algorithm to accelerate the image recovery. In the last phase, the reconstructed images are fine-tuned using the shared gradient of the whole network. In the second and third phases, we formulate an optimization problem to minimize the discrepancy between the shared and reconstructed gradients, while preserving the smoothness and natural appearance of the reconstructed images. Evaluated on various datasets and deep learning models, EncGradInversion shows its superiority to recover the original training images with resolutions as high as 1024×1024 and with the batch size of 512. Furthermore, the proposed architecture outperforms existing counterparts with a factor of up to 9.8 and 6.04, in terms of structural similarity performance and attack time.
KW - Federated Learning
KW - Gradient Inversion
KW - Gradient Leakage Attack
KW - Image Recovery
UR - http://www.scopus.com/inward/record.url?scp=85207401443&partnerID=8YFLogxK
U2 - 10.1109/JIOT.2024.3483850
DO - 10.1109/JIOT.2024.3483850
M3 - Article
AN - SCOPUS:85207401443
SN - 2327-4662
JO - IEEE Internet of Things Journal
JF - IEEE Internet of Things Journal
ER -