Zhuohang Li, Andrew Lowy, Jing Liu, Toshiaki Koike-Akino, Bradley Malin, Kieran Parsons, Ye Wang
{"title":"利用扩散先验探索用户级梯度反演","authors":"Zhuohang Li, Andrew Lowy, Jing Liu, Toshiaki Koike-Akino, Bradley Malin, Kieran Parsons, Ye Wang","doi":"arxiv-2409.07291","DOIUrl":null,"url":null,"abstract":"We explore user-level gradient inversion as a new attack surface in\ndistributed learning. We first investigate existing attacks on their ability to\nmake inferences about private information beyond training data reconstruction.\nMotivated by the low reconstruction quality of existing methods, we propose a\nnovel gradient inversion attack that applies a denoising diffusion model as a\nstrong image prior in order to enhance recovery in the large batch setting.\nUnlike traditional attacks, which aim to reconstruct individual samples and\nsuffer at large batch and image sizes, our approach instead aims to recover a\nrepresentative image that captures the sensitive shared semantic information\ncorresponding to the underlying user. Our experiments with face images\ndemonstrate the ability of our methods to recover realistic facial images along\nwith private user attributes.","PeriodicalId":501340,"journal":{"name":"arXiv - STAT - Machine Learning","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploring User-level Gradient Inversion with a Diffusion Prior\",\"authors\":\"Zhuohang Li, Andrew Lowy, Jing Liu, Toshiaki Koike-Akino, Bradley Malin, Kieran Parsons, Ye Wang\",\"doi\":\"arxiv-2409.07291\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We explore user-level gradient inversion as a new attack surface in\\ndistributed learning. We first investigate existing attacks on their ability to\\nmake inferences about private information beyond training data reconstruction.\\nMotivated by the low reconstruction quality of existing methods, we propose a\\nnovel gradient inversion attack that applies a denoising diffusion model as a\\nstrong image prior in order to enhance recovery in the large batch setting.\\nUnlike traditional attacks, which aim to reconstruct individual samples and\\nsuffer at large batch and image sizes, our approach instead aims to recover a\\nrepresentative image that captures the sensitive shared semantic information\\ncorresponding to the underlying user. Our experiments with face images\\ndemonstrate the ability of our methods to recover realistic facial images along\\nwith private user attributes.\",\"PeriodicalId\":501340,\"journal\":{\"name\":\"arXiv - STAT - Machine Learning\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - STAT - Machine Learning\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.07291\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - STAT - Machine Learning","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07291","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploring User-level Gradient Inversion with a Diffusion Prior
We explore user-level gradient inversion as a new attack surface in
distributed learning. We first investigate existing attacks on their ability to
make inferences about private information beyond training data reconstruction.
Motivated by the low reconstruction quality of existing methods, we propose a
novel gradient inversion attack that applies a denoising diffusion model as a
strong image prior in order to enhance recovery in the large batch setting.
Unlike traditional attacks, which aim to reconstruct individual samples and
suffer at large batch and image sizes, our approach instead aims to recover a
representative image that captures the sensitive shared semantic information
corresponding to the underlying user. Our experiments with face images
demonstrate the ability of our methods to recover realistic facial images along
with private user attributes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
