MOFDRNet: A Model for Data Leakage Attacks in Federated Learning

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Concurrency and Computation-Practice & Experience Pub Date : 2025-04-09 DOI:10.1002/cpe.70032

Yaru Zhao, Jianbiao Zhang, Yihao Cao, Xianqun Han

{"title":"MOFDRNet: A Model for Data Leakage Attacks in Federated Learning","authors":"Yaru Zhao, Jianbiao Zhang, Yihao Cao, Xianqun Han","doi":"10.1002/cpe.70032","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Federated Learning allows multiple clients to train local models and aggregate them on the server side. The client is invisible to the shared global model generated by the server, which provides an opportunity for malicious attackers to utilize the inherent vulnerability of federated learning to initiate data leakage attacks. Existing attack techniques are largely <i>client-based</i> and focus on <i>inferring model parameters directly</i>, but do not work for server-based attacks, mainly due to differences in their ability to generalize attacks. Yet few robust data leakage attacks toward federated learning vulnerability have been developed on the server side. To address the above problem, we propose MOFDRNet, a <i>Multi-Objective Fake Data Regression Network</i> model that integrates the loss function and multiple metrics strategies. The key idea is to deploy a malicious attack model on the server with the purpose of generating fake data and labels and continuously approximating the shared gradients between clients and the server, thereby recovering clients' private data. Experimental results demonstrate that the MOFDRNet model has significant advantages in implementing data leakage attacks. Finally, we also discuss the differential privacy defense approach in this study.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 9-11","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-04-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.70032","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning allows multiple clients to train local models and aggregate them on the server side. The client is invisible to the shared global model generated by the server, which provides an opportunity for malicious attackers to utilize the inherent vulnerability of federated learning to initiate data leakage attacks. Existing attack techniques are largely client-based and focus on inferring model parameters directly, but do not work for server-based attacks, mainly due to differences in their ability to generalize attacks. Yet few robust data leakage attacks toward federated learning vulnerability have been developed on the server side. To address the above problem, we propose MOFDRNet, a Multi-Objective Fake Data Regression Network model that integrates the loss function and multiple metrics strategies. The key idea is to deploy a malicious attack model on the server with the purpose of generating fake data and labels and continuously approximating the shared gradients between clients and the server, thereby recovering clients' private data. Experimental results demonstrate that the MOFDRNet model has significant advantages in implementing data leakage attacks. Finally, we also discuss the differential privacy defense approach in this study.

查看原文本刊更多论文

MOFDRNet：联邦学习中的数据泄漏攻击模型

联邦学习允许多个客户端训练本地模型并在服务器端聚合它们。客户机对服务器生成的共享全局模型是不可见的，这为恶意攻击者提供了利用联邦学习固有漏洞发起数据泄漏攻击的机会。现有的攻击技术在很大程度上是基于客户端的，并专注于直接推断模型参数，但不适用于基于服务器的攻击，这主要是由于它们泛化攻击的能力存在差异。然而，目前在服务器端针对联邦学习漏洞的健壮的数据泄露攻击还很少。为了解决上述问题，我们提出了MOFDRNet，一种集成了损失函数和多种度量策略的多目标假数据回归网络模型。其关键思想是在服务器上部署恶意攻击模型，目的是生成虚假数据和标签，不断逼近客户端和服务器之间的共享梯度，从而恢复客户端的私有数据。实验结果表明，MOFDRNet模型在实现数据泄漏攻击方面具有显著的优势。最后，我们还讨论了本研究的差异隐私防御方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation-Practice & Experience 工程技术-计算机：理论方法

CiteScore

5.00

自引率

10.00%

发文量

664

审稿时长

9.6 months

期刊介绍： Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of: Parallel and distributed computing; High-performance computing; Computational and data science; Artificial intelligence and machine learning; Big data applications, algorithms, and systems; Network science; Ontologies and semantics; Security and privacy; Cloud/edge/fog computing; Green computing; and Quantum computing.