A New Federated Learning Framework Against Gradient Inversion Attacks

Authors

  • Pengxin Guo School of Computing and Data Science, The University of Hong Kong
  • Shuang Zeng Department of Mathematics, The University of Hong Kong
  • Wenhao Chen School of Computing and Data Science, The University of Hong Kong
  • Xiaodan Zhang College of Computer Science, Beijing University of Technology
  • Weihong Ren School of Mechanical Engineering and Automation, Harbin Institute of Technology, Shenzhen
  • Yuyin Zhou Department of Computer Science and Engineering, UC Santa Cruz
  • Liangqiong Qu School of Computing and Data Science, The University of Hong Kong

DOI:

https://doi.org/10.1609/aaai.v39i16.33865

Abstract

Federated Learning (FL) aims to protect data privacy by enabling clients to collectively train machine learning models without sharing their raw data. However, recent studies demonstrate that information exchanged during FL is subject to Gradient Inversion Attacks (GIA) and, consequently, a variety of privacy-preserving methods have been integrated into FL to thwart such attacks, such as Secure Multi-party Computing (SMC), Homomorphic Encryption (HE), and Differential Privacy (DP). Despite their ability to protect data privacy, these approaches inherently involve substantial privacy-utility trade-offs. By revisiting the key to privacy exposure in FL under GIA, which lies in the frequent sharing of model gradients that contain private data, we take a new perspective by designing a novel privacy preserve FL framework that effectively ``breaks the direct connection'' between the shared parameters and the local private data to defend against GIA. Specifically, we propose a Hypernetwork Federated Learning (HyperFL) framework that utilizes hypernetworks to generate the parameters of the local model and only the hypernetwork parameters are uploaded to the server for aggregation. Theoretical analyses demonstrate the convergence rate of the proposed HyperFL, while extensive experimental results show the privacy-preserving capability and comparable performance of HyperFL.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Guo, P., Zeng, S., Chen, W., Zhang, X., Ren, W., Zhou, Y., & Qu, L. (2025). A New Federated Learning Framework Against Gradient Inversion Attacks. Proceedings of the AAAI Conference on Artificial Intelligence, 39(16), 16969-16977. https://doi.org/10.1609/aaai.v39i16.33865

Issue

Vol. 39 No. 16: AAAI-25 Technical Tracks 16

Section

AAAI Technical Track on Machine Learning II