Federated Learning (FL) has garnered significant attention for its potential to protect user privacy while enhancing model training efficiency. However, recent research has demonstrated that FL protocols can be easily compromised by active reconstruction attacks executed by dishonest servers. These attacks involve the malicious modification of global model parameters, allowing the server to obtain a verbatim copy of users' private data by inverting their gradient updates. Tackling this class of attack remains a crucial challenge due to the strong threat model. In this paper, we propose OASIS, a defense mechanism based on image augmentation that effectively counteracts active reconstruction attacks while preserving model performance. We first uncover the core principle of gradient inversion that enables these attacks and theoretically identify the main conditions by which the defense can be robust regardless of the attack strategies. We then construct OASIS with image augmentation showing that it can undermine the attack principle. Comprehensive evaluations demonstrate the efficacy of OASIS highlighting its feasibility as a solution.

翻译：联邦学习因其在提升模型训练效率的同时保护用户隐私的潜力而受到广泛关注。然而，近期研究表明，联邦学习协议易受不诚实服务器发起的主动重建攻击的破坏。这类攻击通过恶意修改全局模型参数，使服务器能够通过逆向梯度更新获取用户隐私数据的逐字副本。由于威胁模型强度高，应对此类攻击仍是一项关键挑战。本文提出OASIS——一种基于图像增强的防御机制，可在保持模型性能的同时有效对抗主动重建攻击。我们首先揭示了实现这些攻击的梯度反演核心原理，并从理论上确定了防御机制可独立于攻击策略保持鲁棒性的主要条件。随后我们构建了基于图像增强的OASIS方法，证明其能够破坏攻击原理。综合评估结果表明了OASIS的有效性，突显其作为解决方案的可行性。