Mr Chamath Palihawadana c.palihawadana@rgu.ac.uk
Research Assistant
Mitigating gradient inversion attacks in federated learning with frequency transformation.
Palihawadana, Chamath; Wiratunga, Nirmalie; Kalutarage, Harsha; Wijekoon, Anjana
Authors
Professor Nirmalie Wiratunga n.wiratunga@rgu.ac.uk
Associate Dean for Research
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Associate Professor
Anjana Wijekoon
Contributors
Sokratis Katsikas
Editor
Abstract
Centralised machine learning approaches have raised concerns regarding the privacy of client data. To address this issue, privacy-preserving techniques such as Federated Learning (FL) have emerged, where only updated gradients are communicated instead of the raw client data. However, recent advances in security research have revealed vulnerabilities in this approach, demonstrating that gradients can be targeted and reconstructed, compromising the privacy of local instances. Such attacks, known as gradient inversion attacks, include techniques like deep leakage gradients (DLG). In this work, we explore the implications of gradient inversion attacks in FL and propose a novel defence mechanism, called Pruned Frequency-based Gradient Defence (pFGD), to mitigate these risks. Our defence strategy combines frequency transformation using techniques such as Discrete Cosine Transform (DCT) and employs pruning on the gradients to enhance privacy preservation. In this study, we perform a series of experiments on the MNIST dataset to evaluate the effectiveness of pFGD in defending against gradient inversion attacks. Our results clearly demonstrate the resilience and robustness of pFGD to gradient inversion attacks. The findings stress the need for strong privacy techniques to counter attacks and protect client data.
Citation
PALIHAWADANA, C., WIRATUNGA, N., KALUTARAGE, H. and WIJEKOON, A. 2024. Mitigating gradient inversion attacks in federated learning with frequency transformation. In Katsikas, S. et al. (eds.) Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), 25-29 September 2023, The Hague, Netherlands. Lecture notes in computer science, 14399. Cham: Springer [online], part II, pages 750-760. Available from: https://doi.org/10.1007/978-3-031-54129-2_44
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops) |
| Start Date | Sep 25, 2023 |
| End Date | Sep 29, 2023 |
| Acceptance Date | Aug 14, 2023 |
| Online Publication Date | Mar 12, 2024 |
| Publication Date | Dec 31, 2024 |
| Deposit Date | Apr 5, 2024 |
| Publicly Available Date | Mar 13, 2025 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Pages | 750-760 |
| Series Title | Lecture notes in computer science |
| Series Number | 14399 |
| Series ISSN | 0302-9743; 1611-3349 |
| Book Title | Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), part II |
| ISBN | 9783031541285 |
| DOI | https://doi.org/10.1007/978-3-031-54129-2_44 |
| Keywords | Gradient inversion attacks; Federated learning; Frequency transformation |
| Public URL | https://rgu-repository.worktribe.com/output/2294139 |
Files
This file is under embargo until Mar 13, 2025 due to copyright reasons.
Contact publications@rgu.ac.uk to request a copy for personal use.
You might also like
FedSim: similarity guided model aggregation for federated learning.
(2021)
Journal Article
Clood CBR: towards microservices oriented case-based reasoning.
(2020)
Presentation / Conference Contribution
Counterfactual explanations for student outcome prediction with Moodle footprints.
(2021)
Presentation / Conference Contribution
DisCERN: discovering counterfactual explanations using relevance features from neighbourhoods.
(2021)
Presentation / Conference Contribution
Actionable feature discovery in counterfactuals using feature relevance explainers.
(2021)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search