The paper discusses the vulnerability of Federated Learning (FL) protocols to active reconstruction attacks by dishonest servers. These attacks involve the malicious modification of global model parameters, allowing the server to obtain a copy of users’ private data. To counteract these attacks, the authors propose OASIS, a defense mechanism based on image augmentation. They examine the principle of gradient inversion that enables these attacks and identify the conditions for a robust defense. The evaluations demonstrate the efficacy of OASIS, suggesting its feasibility as a solution.
Publication date: 27 Nov 2023
Project Page: Not Provided
Paper: https://arxiv.org/pdf/2311.13739
Leave a comment
