Federated Learning (FL) is a distributed learning paradigm that enhances users privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance.

翻译：联邦学习（FL）是一种分布式学习范式，通过消除客户端向服务器共享原始私有数据的必要性来增强用户隐私。尽管取得了成功，但近期研究揭示了FL对模型逆向攻击的脆弱性——攻击者可通过窃听共享的梯度信息重构用户私有数据。我们假设此类攻击成功的关键因素在于随机优化过程中批次内每个数据梯度之间的低纠缠性，这为攻击者利用该漏洞重构敏感数据创造了条件。基于这一发现，我们提出了一种简单而有效的防御策略，通过隐藏样本来混淆敏感数据的梯度。具体而言，我们提出合成在梯度级别模仿敏感数据、但在视觉上与真实敏感数据不同的隐藏样本。与现有技术相比，实证评估表明所提技术在提供最强保护的同时，能够保持联邦学习的性能。