Researchers have developed FedCVESA, a novel attack method that can extract private training data from federated learning models. This white-box attack targets specific clients and encodes private data into model parameters, referred to as carrier parameters. To prevent this encoded data from being overwritten during the aggregation process, FedCVESA employs segmented aggregation, preserving the carrier parameters while standard averaging is applied to the rest. Experiments on datasets like MNIST and CIFAR-10 demonstrated that FedCVESA can successfully steal meaningful private training images while maintaining acceptable utility for the main task. AI
IMPACT This research highlights a significant privacy vulnerability in federated learning, potentially impacting the adoption of privacy-preserving AI techniques.
RANK_REASON The cluster contains a research paper detailing a new attack method on federated learning models. [lever_c_demoted from research: ic=1 ai=1.0]
- CIFAR-10
- Correlation Value Encoding Attack
- Dirichlet
- Fashion-MNIST
- FedCVESA
- federated learning
- MNIST
- Pearson product-moment correlation coefficient
- Taking Away Training Data
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →