Loading [MathJax]/extensions/MathZoom.js
Breaching FedMD: Image Recovery via Paired-Logits Inversion Attack | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2023 IEEE/CVF Conference on C...

Breaching FedMD: Image Recovery via Paired-Logits Inversion Attack

PDF
Hideaki Takahashi; Jingjing Liu; Yang Liu
All Authors

Abstract:

Federated Learning with Model Distillation (FedMD) is a nascent collaborative learning paradigm, where only output logits of public datasets are transmitted as distilled ...Show More

Metadata

Abstract:

Federated Learning with Model Distillation (FedMD) is a nascent collaborative learning paradigm, where only output logits of public datasets are transmitted as distilled knowledge, instead of passing on private model parameters that are susceptible to gradient inversion attacks, a known privacy risk in federated learning. In this paper, we found that even though sharing output logits of public datasets is safer than directly sharing gradients, there still exists a sub-stantial risk of data exposure caused by carefully designed malicious attacks. Our study shows that a malicious server can inject a PLI (Paired-Logits Inversion) attack against FedMD and its variants by training an inversion neural network that exploits the confidence gap between the server and client models. Experiments on multiple facial recognition datasets validate that under FedMD-like schemes, by using paired server-client logits of public datasets only, the malicious server is able to reconstruct private images on all tested benchmarks with a high success rate.
Published in: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
Date of Conference: 17-24 June 2023
Date Added to IEEE Xplore: 22 August 2023
ISBN Information:

ISSN Information:

DOI: 10.1109/CVPR52729.2023.01174
Conference Location: Vancouver, BC, Canada

Funding Agency:

Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.

Contents

1 Introduction

Federated Learning (FL) [28] is a distributed learning paradigm, where each party sends the gradients or parameters of its locally trained model to a centralized server that learns a global model with the aggregated gradients/parameters. While this process allows clients to hide their private datasets, a malicious server can still manage to reconstruct private data (only visible to individual client) from the shared gradients/parameter, exposing serious privacy risks [30], [43], [49].

Keywords assist with retrieval of results and provide a means to discovering other relevant content. Learn more.

Contact IEEE to Subscribe
More Like This
Learning face recognition from limited training data using deep neural networks

2016 23rd International Conference on Pattern Recognition (ICPR)

Published: 2016

MLP neural network using modified constructive training algorithm: Application to face recognition

International Image Processing, Applications and Systems Conference

Published: 2014

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.