Reconstruct Attack from Historical Updates Against Byzantine Robust Federated Learning

Federated Learning (FL) allows for distributed machine learning while preserving privacy by sharing models rather than raw data among participants, breaking down data silos. However, the FL global model is vulnerable to Byzantine attacks and leaves an opportunity for adversaries to disrupt the FL process. Most previous attack designs have largely ignored the significant overhead of constructing an attack, as well as the difficulty of achieving omniscience in real-world conditions, and have instead focused on breaking robust aggregation defenses. In this paper, we propose an energy-efficient non-omniscient attack scheme that can be executed on any device. Our scheme, the Historical Updates Reconstruction Attack (HURA), maximizes historical updates from both local and global sides. The experimental results demonstrate that HURA achieves uncompromising effectiveness in several Byzantine robust FL scenarios with significantly low overhead compared to similar attack schemes.