Saved in:
Bibliographic Details
Main Authors: Zhu, Hangyu, Huang, Liyuan, Xie, Zhenping
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2409.19301
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913522346098688
author Zhu, Hangyu
Huang, Liyuan
Xie, Zhenping
author_facet Zhu, Hangyu
Huang, Liyuan
Xie, Zhenping
contents Federated learning (FL) is an emerging distributed machine learning paradigm proposed for privacy preservation. Unlike traditional centralized learning approaches, FL enables multiple users to collaboratively train a shared global model without disclosing their own data, thereby significantly reducing the potential risk of privacy leakage. However, recent studies have indicated that FL cannot entirely guarantee privacy protection, and attackers may still be able to extract users' private data through the communicated model gradients. Although numerous privacy attack FL algorithms have been developed, most are designed to reconstruct private data from a single step of calculated gradients. It remains uncertain whether these methods are effective in realistic federated environments or if they have other limitations. In this paper, we aim to help researchers better understand and evaluate the effectiveness of privacy attacks on FL. We analyze and discuss recent research papers on this topic and conduct experiments in a real FL environment to compare the performance of various attack methods. Our experimental results reveal that none of the existing state-of-the-art privacy attack algorithms can effectively breach private client data in realistic FL settings, even in the absence of defense strategies. This suggests that privacy attacks in FL are more challenging than initially anticipated.
format Preprint
id arxiv_https___arxiv_org_abs_2409_19301
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Privacy Attack in Federated Learning is Not Easy: An Experimental Study
Zhu, Hangyu
Huang, Liyuan
Xie, Zhenping
Cryptography and Security
Artificial Intelligence
Federated learning (FL) is an emerging distributed machine learning paradigm proposed for privacy preservation. Unlike traditional centralized learning approaches, FL enables multiple users to collaboratively train a shared global model without disclosing their own data, thereby significantly reducing the potential risk of privacy leakage. However, recent studies have indicated that FL cannot entirely guarantee privacy protection, and attackers may still be able to extract users' private data through the communicated model gradients. Although numerous privacy attack FL algorithms have been developed, most are designed to reconstruct private data from a single step of calculated gradients. It remains uncertain whether these methods are effective in realistic federated environments or if they have other limitations. In this paper, we aim to help researchers better understand and evaluate the effectiveness of privacy attacks on FL. We analyze and discuss recent research papers on this topic and conduct experiments in a real FL environment to compare the performance of various attack methods. Our experimental results reveal that none of the existing state-of-the-art privacy attack algorithms can effectively breach private client data in realistic FL settings, even in the absence of defense strategies. This suggests that privacy attacks in FL are more challenging than initially anticipated.
title Privacy Attack in Federated Learning is Not Easy: An Experimental Study
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2409.19301