Federated Learning (FL) has emerged as a machine learning approach able to preserve the privacy of user's data. Applying FL, clients train machine learning models on a local dataset and a central server aggregates the learned parameters coming from the clients, training a global machine learning model without sharing user's data. However, the state-of-the-art shows several approaches to promote attacks on FL systems. For instance, inverting or leaking gradient attacks can find, with high precision, the local dataset used during the training phase of the FL. This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images. The performed evaluation shows an improvement of 19.18% and 48,82% in terms of attack success rate and the number of iterations per attacked image, respectively.

本研究解决了联邦学习中梯度反演攻击对用户数据隐私的威胁。提出了一种新方法“基于反馈融合的梯度深度泄漏”（DLG-FB），利用图像批次的空间相关性来提升攻击效果。研究结果表明，该方法在攻击成功率和每张被攻击图像的迭代次数上分别提高了19.18%和48.82%。

攻击下的联邦学习：改善图像批次的梯度反演