Federated Learning (FL) is a distributed learning paradigm that enables multiple clients to collaborate on building a machine learning model without sharing their private data. Although FL is considered privacy-preserved by design, recent data reconstruction attacks demonstrate that an attacker can recover clients' training data based on the parameters shared in FL. However, most existing methods fail to attack the most widely used horizontal Federated Averaging (FedAvg) scenario, where clients share model parameters after multiple local training steps. To tackle this issue, we propose an interpolation-based approximation method, which makes attacking FedAvg scenarios feasible by generating the intermediate model updates of the clients' local training processes. Then, we design a layer-wise weighted loss function to improve the data quality of reconstruction. We assign different weights to model updates in different layers concerning the neural network structure, with the weights tuned by Bayesian optimization. Finally, experimental results validate the superiority of our proposed approximate and weighted attack (AWA) method over the other state-of-the-art methods, as demonstrated by the substantial improvement in different evaluation metrics for image data reconstructions.

翻译：联邦学习（Federated Learning, FL）是一种分布式学习范式，允许多个客户端在不共享私有数据的情况下协作构建机器学习模型。尽管FL在设计上被视为保护隐私，但近期数据重建攻击表明，攻击者能基于FL中共享的参数恢复客户端的训练数据。然而，现有方法大多无法攻击最广泛使用的水平联邦平均（Federated Averaging, FedAvg）场景——其中客户端在多次本地训练步骤后共享模型参数。为解决此问题，我们提出一种基于插值的近似方法，通过生成客户端本地训练过程的中间模型更新，使攻击FedAvg场景成为可能。随后，我们设计了一种逐层加权损失函数，以提升重建数据质量。该方法针对神经网络结构，为不同层级的模型更新分配不同权重，并通过贝叶斯优化调整权重。最后，实验结果验证了我们提出的近似加权攻击（Approximate and Weighted Attack, AWA）方法相较于其他最新方法的优越性，在图像数据重建的多种评估指标上均表现出显著提升。