Timezone: »

Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification
Yuxin Wen · Jonas Geiping · Liam Fowl · Micah Goldblum · Tom Goldstein

Tue Jul 19 03:30 PM -- 05:30 PM (PDT) @ Hall E #926

Federated learning (FL) has rapidly risen in popularity due to its promise of privacy and efficiency. Previous works have exposed privacy vulnerabilities in the FL pipeline by recovering user data from gradient updates. However, existing attacks fail to address realistic settings because they either 1) require toy settings with very small batch sizes, or 2) require unrealistic and conspicuous architecture modifications. We introduce a new strategy that dramatically elevates existing attacks to operate on batches of arbitrarily large size, and without architectural modifications. Our model-agnostic strategy only requires modifications to the model parameters sent to the user, which is a realistic threat model in many scenarios. We demonstrate the strategy in challenging large-scale settings, obtaining high-fidelity data extraction in both cross-device and cross-silo federated learning. Code is available at https://github.com/JonasGeiping/breaching.

Author Information

Yuxin Wen (University of Maryland)
Jonas Geiping (University of Maryland, College Park)
Liam Fowl (University of Maryland)
Micah Goldblum (New York University)
Tom Goldstein (University of Maryland)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors