Leak and Learn: An Attacker's Cookbook to Train Using Leaked Data from Federated Learning
arxiv(2024)
摘要
Federated learning is a decentralized learning paradigm introduced to
preserve privacy of client data. Despite this, prior work has shown that an
attacker at the server can still reconstruct the private training data using
only the client updates. These attacks are known as data reconstruction attacks
and fall into two major categories: gradient inversion (GI) and linear layer
leakage attacks (LLL). However, despite demonstrating the effectiveness of
these attacks in breaching privacy, prior work has not investigated the
usefulness of the reconstructed data for downstream tasks. In this work, we
explore data reconstruction attacks through the lens of training and improving
models with leaked data. We demonstrate the effectiveness of both GI and LLL
attacks in maliciously training models using the leaked data more accurately
than a benign federated learning strategy. Counter-intuitively, this bump in
training quality can occur despite limited reconstruction quality or a small
total number of leaked images. Finally, we show the limitations of these
attacks for downstream training, individually for GI attacks and for LLL
attacks.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要