Kavli Affiliate: Feng Wang
| First 5 Authors: Feng Wang, Senem Velipasalar, M. Cenk Gursoy, ,
| Summary:
Federated learning (FL) aims at keeping client data local to preserve
privacy. Instead of gathering the data itself, the server only collects
aggregated gradient updates from clients. Following the popularity of FL, there
has been considerable amount of work, revealing the vulnerability of FL
approaches by reconstructing the input data from gradient updates. Yet, most
existing works assume an FL setting with unrealistically small batch size, and
have poor image quality when the batch size is large. Other works modify the
neural network architectures or parameters to the point of being suspicious,
and thus, can be detected by clients. Moreover, most of them can only
reconstruct one sample input from a large batch. To address these limitations,
we propose a novel and completely analytical approach, referred to as the
maximum knowledge orthogonality reconstruction (MKOR), to reconstruct clients’
input data. Our proposed method reconstructs a mathematically proven high
quality image from large batches. MKOR only requires the server to send
secretly modified parameters to clients and can efficiently and inconspicuously
reconstruct the input images from clients’ gradient updates. We evaluate MKOR’s
performance on the MNIST, CIFAR-100, and ImageNet dataset and compare it with
the state-of-the-art works. The results show that MKOR outperforms the existing
approaches, and draws attention to a pressing need for further research on the
privacy protection of FL so that comprehensive defense approaches can be
developed.
| Search Query: ArXiv Query: search_query=au:”Feng Wang”&id_list=&start=0&max_results=3