R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks
<p dir="ltr">Federated learning has emerged as a prominent privacy-preserving technique for leveraging large-scale distributed datasets by sharing gradients instead of raw data. However, recent studies indicate that private training data can still be exposed through gradient inversio...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| مؤلفون آخرون: | , , , |
| منشور في: |
2025
|
| الموضوعات: | |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| _version_ | 1864513533157310464 |
|---|---|
| author | Tamer Ahmed Eltaras (22565414) |
| author2 | Qutaibah Malluhi (3158757) Alessandro Savino (679568) Stefano Di Carlo (679569) Adnan Qayyum (16875936) |
| author2_role | author author author author |
| author_facet | Tamer Ahmed Eltaras (22565414) Qutaibah Malluhi (3158757) Alessandro Savino (679568) Stefano Di Carlo (679569) Adnan Qayyum (16875936) |
| author_role | author |
| dc.creator.none.fl_str_mv | Tamer Ahmed Eltaras (22565414) Qutaibah Malluhi (3158757) Alessandro Savino (679568) Stefano Di Carlo (679569) Adnan Qayyum (16875936) |
| dc.date.none.fl_str_mv | 2025-06-23T09:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1007/s00607-025-01508-w |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/R-CONV_uncovering_privacy_vulnerabilities_through_analytical_gradient_inversion_attacks/30541541 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Gradient inversion attacks Data leakage Federated learning |
| dc.title.none.fl_str_mv | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p dir="ltr">Federated learning has emerged as a prominent privacy-preserving technique for leveraging large-scale distributed datasets by sharing gradients instead of raw data. However, recent studies indicate that private training data can still be exposed through gradient inversion attacks. While earlier analytical methods have demonstrated success in reconstructing input data from fully connected layers, their effectiveness significantly diminishes when applied to convolutional layers, high-dimensional inputs, and scenarios involving multiple training examples. This paper extends our previous work as reported (Eltaras in International Conference on Web Information Systems Engineering, Springer, Singapore, 2024) and proposes three advanced algorithms to broaden the applicability of gradient inversion attacks. The first algorithm presents a novel data leakage method that efficiently exploits convolutional layer gradients, demonstrating that even with non-fully invertible activation functions, such as ReLU, training samples can be analytically reconstructed directly from gradients without the need to reconstruct intermediate layer outputs. Building on this foundation, the second algorithm extends this analytical approach to support high-dimensional input data, substantially enhancing its utility across complex real-world datasets. The third algorithm introduces an innovative analytical method for reconstructing mini-batches, addressing a critical gap in current research that predominantly focuses on reconstructing only a single training example. Unlike previous studies that focused mainly on the weight constraints of convolutional layers, our approach emphasizes the pivotal role of gradient constraints, revealing that successful attacks can be executed with fewer than 5% of the constraints previously deemed necessary in certain layers.</p><h2>Other Information</h2><p dir="ltr">Published in: Computing<br>License: <a href="https://creativecommons.org/licenses/by/4.0" target="_blank">https://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1007/s00607-025-01508-w" target="_blank">https://dx.doi.org/10.1007/s00607-025-01508-w</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_f76df7b53806f3b1da85f8fccc0d0891 |
| identifier_str_mv | 10.1007/s00607-025-01508-w |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/30541541 |
| publishDate | 2025 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacksTamer Ahmed Eltaras (22565414)Qutaibah Malluhi (3158757)Alessandro Savino (679568)Stefano Di Carlo (679569)Adnan Qayyum (16875936)Information and computing sciencesArtificial intelligenceCybersecurity and privacyMachine learningGradient inversion attacksData leakageFederated learning<p dir="ltr">Federated learning has emerged as a prominent privacy-preserving technique for leveraging large-scale distributed datasets by sharing gradients instead of raw data. However, recent studies indicate that private training data can still be exposed through gradient inversion attacks. While earlier analytical methods have demonstrated success in reconstructing input data from fully connected layers, their effectiveness significantly diminishes when applied to convolutional layers, high-dimensional inputs, and scenarios involving multiple training examples. This paper extends our previous work as reported (Eltaras in International Conference on Web Information Systems Engineering, Springer, Singapore, 2024) and proposes three advanced algorithms to broaden the applicability of gradient inversion attacks. The first algorithm presents a novel data leakage method that efficiently exploits convolutional layer gradients, demonstrating that even with non-fully invertible activation functions, such as ReLU, training samples can be analytically reconstructed directly from gradients without the need to reconstruct intermediate layer outputs. Building on this foundation, the second algorithm extends this analytical approach to support high-dimensional input data, substantially enhancing its utility across complex real-world datasets. The third algorithm introduces an innovative analytical method for reconstructing mini-batches, addressing a critical gap in current research that predominantly focuses on reconstructing only a single training example. Unlike previous studies that focused mainly on the weight constraints of convolutional layers, our approach emphasizes the pivotal role of gradient constraints, revealing that successful attacks can be executed with fewer than 5% of the constraints previously deemed necessary in certain layers.</p><h2>Other Information</h2><p dir="ltr">Published in: Computing<br>License: <a href="https://creativecommons.org/licenses/by/4.0" target="_blank">https://creativecommons.org/licenses/by/4.0</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1007/s00607-025-01508-w" target="_blank">https://dx.doi.org/10.1007/s00607-025-01508-w</a></p>2025-06-23T09:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1007/s00607-025-01508-whttps://figshare.com/articles/journal_contribution/R-CONV_uncovering_privacy_vulnerabilities_through_analytical_gradient_inversion_attacks/30541541CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/305415412025-06-23T09:00:00Z |
| spellingShingle | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks Tamer Ahmed Eltaras (22565414) Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Gradient inversion attacks Data leakage Federated learning |
| status_str | publishedVersion |
| title | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| title_full | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| title_fullStr | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| title_full_unstemmed | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| title_short | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| title_sort | R-CONV++: uncovering privacy vulnerabilities through analytical gradient inversion attacks |
| topic | Information and computing sciences Artificial intelligence Cybersecurity and privacy Machine learning Gradient inversion attacks Data leakage Federated learning |