Federated Learning (FL) has emerged as a leading paradigm for decentralized, privacy preserving machine learning training. However, recent research on gradient inversion attacks (GIAs) have shown that gradient updates in FL can leak information on private training samples. While existing surveys on GIAs have focused on the honest-but-curious server threat model, there is a dearth of research categorizing attacks under the realistic and far more privacy-infringing cases of malicious servers and clients. In this paper, we present a survey and novel taxonomy of GIAs that emphasize FL threat models, particularly that of malicious servers and clients. We first formally define GIAs and contrast conventional attacks with the malicious attacker. We then summarize existing honest-but-curious attack strategies, corresponding defenses, and evaluation metrics. Critically, we dive into attacks with malicious servers and clients to highlight how they break existing FL defenses, focusing specifically on reconstruction methods, target model architectures, target data, and evaluation metrics. Lastly, we discuss open problems and future research directions.

翻译：联邦学习（FL）已成为去中心化隐私保护机器学习训练的主要范式。然而，近期关于梯度反转攻击（GIA）的研究表明，FL中的梯度更新可能泄露私有训练样本的信息。现有GIA综述大多聚焦于诚实但好奇的服务器威胁模型，但在更具现实意义且更严重侵犯隐私的恶意服务器和客户端攻击场景下，相关分类研究仍显不足。本文提出一份强调FL威胁模型（特别是恶意服务器与客户端）的GIA综述与新分类体系。我们首先正式定义GIA，并对比传统攻击与恶意攻击者的差异；随后总结现有诚实但好奇攻击策略、对应防御方法及评估指标。关键地，我们深入探讨恶意服务器与客户端攻击，揭示其如何突破现有FL防御，重点分析重建方法、目标模型架构、目标数据及评估指标。最后，我们讨论开放问题与未来研究方向。