Federated learning (FL) is a decentralized model training framework that aims to merge isolated data islands while maintaining data privacy. However, recent studies have revealed that Generative Adversarial Network (GAN) based attacks can be employed in FL to learn the distribution of private datasets and reconstruct recognizable images. In this paper, we exploit defenses against GAN-based attacks in FL and propose a framework, Anti-GAN, to prevent attackers from learning the real distribution of the victim's data. The core idea of Anti-GAN is to manipulate the visual features of private training images to make them indistinguishable to human eyes even restored by attackers. Specifically, Anti-GAN projects the private dataset onto a GAN's generator and combines the generated fake images with the actual images to create the training dataset, which is then used for federated model training. The experimental results demonstrate that Anti-GAN is effective in preventing attackers from learning the distribution of private images while causing minimal harm to the accuracy of the federated model.

翻译：联邦学习（Federated Learning, FL）是一种去中心化的模型训练框架，旨在融合孤立的数据孤岛，同时保持数据隐私。然而，近期研究表明，基于生成对抗网络（Generative Adversarial Network, GAN）的攻击可在联邦学习中被用于学习私有数据集的分布并重建可识别的图像。本文针对联邦学习中基于GAN的攻击展开防御研究，提出一个名为Anti-GAN的框架，以防止攻击者学习受害者数据的真实分布。Anti-GAN的核心思想是通过操纵私有训练图像的视觉特征，使其即使被攻击者恢复，人眼也难以区分。具体而言，Anti-GAN将私有数据集投影到GAN的生成器上，并将生成的虚假图像与实际图像结合以构建训练数据集，随后用于联邦模型训练。实验结果表明，Anti-GAN能有效防止攻击者学习私有图像的分布，同时对联邦模型的准确性影响极小。