E-GAP: Evolutionary Gradient Attack on Privacy

IF 4 3区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computers & Electrical Engineering Pub Date : 2025-05-01 DOI:10.1016/j.compeleceng.2025.110399

Yuvraj Singh Chaudhry, Rammohan Mallipeddi

{"title":"E-GAP: Evolutionary Gradient Attack on Privacy","authors":"Yuvraj Singh Chaudhry, Rammohan Mallipeddi","doi":"10.1016/j.compeleceng.2025.110399","DOIUrl":null,"url":null,"abstract":"<div><div>Collaborative learning, particularly in Federated Learning, has revolutionized the industry by enabling models to be trained collectively by a group while preserving participants’ data privacy. Such networks operate by sharing only local updates with a global model, preventing direct exposure of raw data. However, vulnerabilities such as optimization-based gradient attacks have demonstrated the potential to reconstruct raw data from shared updates, exposing critical privacy risks and questioning the robustness of these frameworks. In this paper, we propose a privacy attack referred to as Evolutionary Gradient Attack on Privacy (E-GAP), an enhancement of the Recursive Gradient Attack on Privacy (R-GAP). E-GAP integrates Differential Evolution (DE) which belongs to the class of evolutionary algorithms, to optimize reconstructed gradients, diverging from traditional gradient descent approaches that rely on mean squared error (MSE). Since evolutionary approach allows us to examine the non-uniqueness of gradient weights, E-GAP not only improves reconstruction efficacy but also offers more profound insights into how these weights facilitate data reconstruction in weight-sharing networks. This study presents advances to an existing privacy attack, highlighting the inherent vulnerabilities of Federated Learning, and sheds light on the urgent need to reassess privacy safeguards in such frameworks. The implementation of E-GAP is publicly available at <span><span>https://github.com/yuvrajchaudhry/egap</span><svg><path></path></svg></span>.</div></div>","PeriodicalId":50630,"journal":{"name":"Computers & Electrical Engineering","volume":"124 ","pages":"Article 110399"},"PeriodicalIF":4.0000,"publicationDate":"2025-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Electrical Engineering","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0045790625003428","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Collaborative learning, particularly in Federated Learning, has revolutionized the industry by enabling models to be trained collectively by a group while preserving participants’ data privacy. Such networks operate by sharing only local updates with a global model, preventing direct exposure of raw data. However, vulnerabilities such as optimization-based gradient attacks have demonstrated the potential to reconstruct raw data from shared updates, exposing critical privacy risks and questioning the robustness of these frameworks. In this paper, we propose a privacy attack referred to as Evolutionary Gradient Attack on Privacy (E-GAP), an enhancement of the Recursive Gradient Attack on Privacy (R-GAP). E-GAP integrates Differential Evolution (DE) which belongs to the class of evolutionary algorithms, to optimize reconstructed gradients, diverging from traditional gradient descent approaches that rely on mean squared error (MSE). Since evolutionary approach allows us to examine the non-uniqueness of gradient weights, E-GAP not only improves reconstruction efficacy but also offers more profound insights into how these weights facilitate data reconstruction in weight-sharing networks. This study presents advances to an existing privacy attack, highlighting the inherent vulnerabilities of Federated Learning, and sheds light on the urgent need to reassess privacy safeguards in such frameworks. The implementation of E-GAP is publicly available at https://github.com/yuvrajchaudhry/egap.

查看原文本刊更多论文

E-GAP：隐私的进化梯度攻击

协作学习，特别是在联邦学习中，通过使模型能够由一组人集体训练，同时保护参与者的数据隐私，已经彻底改变了这个行业。这样的网络通过只与全局模型共享本地更新来运行，从而防止了原始数据的直接暴露。然而，基于优化的梯度攻击等漏洞已经证明了从共享更新中重建原始数据的潜力，暴露了关键的隐私风险，并质疑这些框架的稳健性。在本文中，我们提出了一种隐私攻击称为进化梯度攻击隐私（E-GAP），它是对递归梯度攻击隐私（R-GAP）的改进。E-GAP集成了进化算法中的差分进化（DE）来优化重构梯度，与传统的依赖均方误差（MSE）的梯度下降方法不同。由于进化方法允许我们检查梯度权值的非唯一性，E-GAP不仅提高了重建效率，而且为权重共享网络中这些权值如何促进数据重建提供了更深刻的见解。本研究介绍了现有隐私攻击的进展，突出了联邦学习的固有漏洞，并阐明了在此类框架中重新评估隐私保护的迫切需要。E-GAP的实施可在https://github.com/yuvrajchaudhry/egap上公开获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Electrical Engineering 工程技术-工程：电子与电气

CiteScore

9.20

自引率

7.00%

发文量

661

审稿时长

47 days

期刊介绍： The impact of computers has nowhere been more revolutionary than in electrical engineering. The design, analysis, and operation of electrical and electronic systems are now dominated by computers, a transformation that has been motivated by the natural ease of interface between computers and electrical systems, and the promise of spectacular improvements in speed and efficiency. Published since 1973, Computers & Electrical Engineering provides rapid publication of topical research into the integration of computer technology and computational techniques with electrical and electronic systems. The journal publishes papers featuring novel implementations of computers and computational techniques in areas like signal and image processing, high-performance computing, parallel processing, and communications. Special attention will be paid to papers describing innovative architectures, algorithms, and software tools.