GI-PIP: Do We Require Impractical Auxiliary Dataset for Gradient Inversion Attacks?

arXiv:2401.11748v3 Announce Type: replace-cross
Abstract: Deep gradient inversion attacks expose a serious threat to Federated Learning (FL) by accurately recovering private data from shared gradients. However, the state-of-the-art heavily relies on impractical assumptions to access excessive auxiliary data, which violates the basic data partitioning principle of FL. In this paper, a novel method, Gradient Inversion Attack using Practical Image Prior (GI-PIP), is proposed under a revised threat model. GI-PIP exploits anomaly detection models to capture the underlying distribution from fewer …

abstract art arxiv assumptions attacks basic cs.ai cs.cr cs.lg data data partitioning dataset federated learning gradient however partitioning pip private data state threat type