Mr Chamath Palihawadana c.palihawadana@rgu.ac.uk
Research Assistant
Mitigating gradient inversion attacks in federated learning with frequency transformation.
Palihawadana, Chamath; Wiratunga, Nirmalie; Kalutarage, Harsha; Wijekoon, Anjana
Authors
Professor Nirmalie Wiratunga n.wiratunga@rgu.ac.uk
Associate Dean for Research
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Senior Lecturer
Dr Anjana Wijekoon a.wijekoon1@rgu.ac.uk
Research Fellow B
Contributors
Sokratis Katsikas
Editor
Habtamu Abie
Editor
Silvio Ranise
Editor
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Editor
Abstract
Centralised machine learning approaches have raised concerns regarding the privacy of client data. To address this issue, privacy-preserving techniques such as Federated Learning (FL) have emerged, where only updated gradients are communicated instead of the raw client data. However, recent advances in security research have revealed vulnerabilities in this approach, demonstrating that gradients can be targeted and reconstructed, compromising the privacy of local instances. Such attacks, known as gradient inversion attacks, include techniques like deep leakage gradients (DLG). In this work, we explore the implications of gradient inversion attacks in FL and propose a novel defence mechanism, called Pruned Frequency-based Gradient Defence (pFGD), to mitigate these risks. Our defence strategy combines frequency transformation using techniques such as Discrete Cosine Transform (DCT) and employs pruning on the gradients to enhance privacy preservation. In this study, we perform a series of experiments on the MNIST dataset to evaluate the effectiveness of pFGD in defending against gradient inversion attacks. Our results clearly demonstrate the resilience and robustness of pFGD to gradient inversion attacks. The findings stress the need for strong privacy techniques to counter attacks and protect client data.
Citation
PALIHAWADANA, C., WIRATUNGA, N., KALUTARAGE, H. and WIJEKOON, A. 2024. Mitigating gradient inversion attacks in federated learning with frequency transformation. In Katsikas, S. et al. (eds.) Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), 25-29 September 2023, The Hague, Netherlands. Lecture notes in computer science, 14399. Cham: Springer [online], part II, pages 750-760. Available from: https://doi.org/10.1007/978-3-031-54129-2_44
| Conference Name | International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops) |
|---|---|
| Conference Location | The Hague, The Netherlands |
| Start Date | Sep 25, 2023 |
| End Date | Sep 29, 2023 |
| Acceptance Date | Mar 20, 2023 |
| Online Publication Date | Mar 12, 2024 |
| Publication Date | Dec 31, 2024 |
| Deposit Date | Apr 5, 2024 |
| Publicly Available Date | Mar 13, 2025 |
| Publisher | Springer |
| Pages | 750-760 |
| Series Title | Lecture notes in computer science (LNCS) |
| Series Number | 14399 |
| Series ISSN | 0302-9743; 1611-3349 |
| Book Title | Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), part II |
| ISBN | 9783031541285 |
| DOI | https://doi.org/10.1007/978-3-031-54129-2_44 |
| Keywords | Gradient inversion attacks; Federated learning; Frequency transformation |
| Public URL | https://rgu-repository.worktribe.com/output/2294139 |
Files
This file is under embargo until Mar 13, 2025 due to copyright reasons.
Contact publications@rgu.ac.uk to request a copy for personal use.
You might also like
iSee: intelligent sharing of explanation experience of users for users.
(2023)
Conference Proceeding
iSee: demonstration video. [video recording]
(2023)
Digital Artefact
Adapting semantic similarity methods for case-based reasoning in the Cloud.
(2022)
Conference Proceeding
How close is too close? Role of feature attributions in discovering counterfactual explanations.
(2022)
Conference Proceeding
DisCERN: discovering counterfactual explanations using relevance features from neighbourhoods.
(2021)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search