CGGL: A client-side generative gradient leakage attack with double diffusion prior

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-05-21 DOI:10.1016/j.inffus.2025.103292

Bin Pu , Zhizhi Liu , Liwen Wu , Kai Xu , Bocheng Liang , Ziyang He , Benteng Ma , Lei Zhao

{"title":"CGGL: A client-side generative gradient leakage attack with double diffusion prior","authors":"Bin Pu , Zhizhi Liu , Liwen Wu , Kai Xu , Bocheng Liang , Ziyang He , Benteng Ma , Lei Zhao","doi":"10.1016/j.inffus.2025.103292","DOIUrl":null,"url":null,"abstract":"<div><div>Federated learning (FL) has emerged as a widely adopted privacy-preserving distributed framework that facilitates information fusion and model training across multiple clients without requiring direct data sharing with a central server. Despite its advantages, recent studies have revealed that FL is vulnerable to gradient inversion attacks, wherein adversaries can reconstruct clients’ private training data from shared gradients. These existing attacks often assumed typically unrealistic in practical FL deployments. In real-world scenarios, malicious clients are more likely to initiate such attacks. In this paper, we propose a novel Client-side Generative Gradient Leakage (CGGL) attack tailored for FL-based information fusion scenarios. Our approach targets gradient inversion attacks originating from clients and introduces an adaptive poisoning strategy. By utilizing poisoned gradients in the local updates, a malicious client can stealthily embed the target gradients into the aggregated global model updates, enabling the reconstruction of private data from the aggregated gradients. To enhance the effectiveness of the attack, we further develop a reconstruction framework based on a conditional diffusion model incorporating dual diffusion priors. This design significantly improves image reconstruction fidelity, particularly under larger batch sizes and on high-resolution datasets. We validate the proposed CGGL method through extensive experiments on both natural and medical imaging datasets. Results demonstrate that CGGL consistently outperforms existing client-side gradient inversion attacks, achieving pixel-level data reconstruction and revealing substantial privacy risks in FL-enabled information fusion systems—even in the presence of various defense mechanisms.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"123 ","pages":"Article 103292"},"PeriodicalIF":14.7000,"publicationDate":"2025-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525003653","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated learning (FL) has emerged as a widely adopted privacy-preserving distributed framework that facilitates information fusion and model training across multiple clients without requiring direct data sharing with a central server. Despite its advantages, recent studies have revealed that FL is vulnerable to gradient inversion attacks, wherein adversaries can reconstruct clients’ private training data from shared gradients. These existing attacks often assumed typically unrealistic in practical FL deployments. In real-world scenarios, malicious clients are more likely to initiate such attacks. In this paper, we propose a novel Client-side Generative Gradient Leakage (CGGL) attack tailored for FL-based information fusion scenarios. Our approach targets gradient inversion attacks originating from clients and introduces an adaptive poisoning strategy. By utilizing poisoned gradients in the local updates, a malicious client can stealthily embed the target gradients into the aggregated global model updates, enabling the reconstruction of private data from the aggregated gradients. To enhance the effectiveness of the attack, we further develop a reconstruction framework based on a conditional diffusion model incorporating dual diffusion priors. This design significantly improves image reconstruction fidelity, particularly under larger batch sizes and on high-resolution datasets. We validate the proposed CGGL method through extensive experiments on both natural and medical imaging datasets. Results demonstrate that CGGL consistently outperforms existing client-side gradient inversion attacks, achieving pixel-level data reconstruction and revealing substantial privacy risks in FL-enabled information fusion systems—even in the presence of various defense mechanisms.

查看原文本刊更多论文

CGGL：具有双重扩散先验的客户端生成梯度泄漏攻击

联邦学习（FL）已经成为一种广泛采用的保护隐私的分布式框架，它促进了跨多个客户机的信息融合和模型训练，而不需要与中央服务器直接共享数据。尽管具有优势，但最近的研究表明，FL容易受到梯度反转攻击，其中攻击者可以从共享梯度重建客户端的私有训练数据。这些现有的攻击在实际的FL部署中通常是不现实的。在实际场景中，恶意客户端更有可能发起此类攻击。在本文中，我们提出了一种针对基于fl的信息融合场景量身定制的新型客户端生成梯度泄漏（CGGL）攻击。我们的方法针对来自客户端的梯度反转攻击，并引入自适应中毒策略。恶意客户端利用局部更新中的有毒梯度，将目标梯度隐入聚合的全局模型更新中，从而从聚合的梯度中重构私有数据。为了提高攻击的有效性，我们进一步开发了一个基于包含双扩散先验的条件扩散模型的重建框架。这种设计显著提高了图像重建的保真度，特别是在更大的批量和高分辨率数据集下。我们通过在自然和医学成像数据集上的大量实验验证了所提出的CGGL方法。结果表明，CGGL始终优于现有的客户端梯度反转攻击，实现了像素级数据重建，并在支持fl的信息融合系统中揭示了大量隐私风险——即使存在各种防御机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.