TR2023-149
Exploring User-level Gradient Inversion with a Diffusion Prior
-
- "Exploring User-level Gradient Inversion with a Diffusion Prior", International Workshop on Federated Learning in the Age of Foundation Models in Conjunction with NeurIPS, December 2023.BibTeX TR2023-149 PDF
- @inproceedings{Li2023dec,
- author = {Li, Zhuohang and Lowy, Andrew and Liu, Jing and Koike-Akino, Toshiaki and Malin, Bradley and Parsons, Kieran and Wang, Ye},
- title = {Exploring User-level Gradient Inversion with a Diffusion Prior},
- booktitle = {International Workshop on Federated Learning in the Age of Foundation Models in Conjunction with NeurIPS},
- year = 2023,
- month = dec,
- url = {https://www.merl.com/publications/TR2023-149}
- }
,
- "Exploring User-level Gradient Inversion with a Diffusion Prior", International Workshop on Federated Learning in the Age of Foundation Models in Conjunction with NeurIPS, December 2023.
-
MERL Contacts:
-
Research Areas:
Abstract:
We explore user-level gradient inversion as a new attack surface in distributed learning. We first investigate existing attacks on their ability to make inferences about private information info beyond training data reconstruction. Motivated by the low reconstruction quality of existing methods, we propose a novel gradient inversion attack that applies a denoising diffusion model as a strong image prior in order to enhance recovery in the large batch setting. Unlike traditional attacks, which aim to reconstruct individual samples and suffer at large batch and image sizes, our approach instead aims to recover a representative image that captures the sensitive shared semantic information corresponding to the underlying user. Our experiments with face images demonstrate the ability of our methods to recover realistic facial images along with private user attributes.
Related Publication
- @article{Li2024sep,
- author = {Li, Zhuohang and Lowy, Andrew and Liu, Jing and Koike-Akino, Toshiaki and Malin, Bradley and Parsons, Kieran and Wang, Ye}},
- title = {Exploring User-level Gradient Inversion with a Diffusion Prior},
- journal = {arXiv},
- year = 2024,
- month = sep,
- url = {https://arxiv.org/abs/2409.07291}
- }