Search Results for author:
Found 9 papers, 7 papers with code
SPEAR:Exact Gradient Inversion of Batches in Federated Learning
In this work, we propose \emph{the first algorithm reconstructing whole batches with $b >1$ exactly}.
Hiding in Plain Sight: Disguising Data Stealing Attacks in Federated Learning
Malicious server (MS) attacks have enabled the scaling of data stealing in federated learning to large batch sizes and secure aggregation, settings previously considered private.
FARE: Provably Fair Representation Learning with Practical Certificates
To produce a practical certificate, we develop and apply a statistical procedure that computes a finite sample high-confidence upper bound on the unfairness of any downstream classifier trained on FARE embeddings.
TabLeak: Tabular Data Leakage in Federated Learning
A successful attack for tabular data must address two key challenges unique to the domain: (i) obtaining a solution to a high-variance mixed discrete-continuous optimization problem, and (ii) enabling human assessment of the reconstruction as unlike for image and text data, direct human inspection is not possible.
Data Leakage in Federated Averaging
On the popular FEMNIST dataset, we demonstrate that on average we successfully recover >45% of the client's images from realistic FedAvg updates computed on 10 local epochs of 10 batches each with 5 images, compared to only <10% using the baseline.
LAMP: Extracting Text from Gradients with Language Model Priors
Recent work shows that sensitive user data can be reconstructed from gradient updates, breaking the key privacy promise of federated learning.
Bayesian Framework for Gradient Leakage
We demonstrate that existing leakage attacks can be seen as approximations of this optimal adversary with different assumptions on the probability distributions of the input data and gradients.
Shared Certificates for Neural Network Verification
We perform an extensive experimental evaluation to demonstrate the effectiveness of shared certificates in reducing the verification cost on a range of datasets and attack specifications on image classifiers including the popular patch and geometric perturbations.
Provably Robust Adversarial Examples
We introduce the concept of provably robust adversarial examples for deep neural networks - connected input regions constructed from standard adversarial examples which are guaranteed to be robust to a set of real-world perturbations (such as changes in pixel intensity and geometric transformations).
