Federated Learning (FL) is designed to prevent data leakage through collaborative model training without centralized data storage. However, it remains vulnerable to gradient reconstruction attacks that recover original training data from shared gradients. To optimize the trade-off between data leakage and utility loss, we first derive a theoretical lower bound of reconstruction error (among all attackers) for the two standard methods: adding noise, and gradient pruning. We then customize these two defenses to be parameter- and model-specific and achieve the optimal trade-off between our obtained reconstruction lower bound and model utility. Experimental results validate that our methods outperform Gradient Noise and Gradient Pruning by protecting the training data better while also achieving better utility.

翻译：联邦学习（Federated Learning，FL）旨在通过无需集中式数据存储的协作模型训练来防止数据泄露。然而，它仍然容易受到梯度重构攻击，此类攻击可从共享的梯度中恢复原始训练数据。为了在数据泄露与效用损失之间实现最优权衡，我们首先针对两种标准防御方法——添加噪声与梯度剪枝——推导了（针对所有攻击者的）重构误差的理论下界。随后，我们将这两种防御方法定制为参数特定与模型特定的方案，并在我们获得的重构下界与模型效用之间实现了最优权衡。实验结果验证了我们的方法在更好地保护训练数据的同时，也实现了更优的模型效用，其性能优于标准的梯度噪声添加与梯度剪枝方法。