Federated learning is a privacy-preserving distributed framework that facilitates information fusion and sharing among different clients, enabling the training of a global model without exposing raw data. However, the gradient inversion attack that can reconstruct the training data via gradients has posed a significant threat. Prior attack approaches have demonstrated the efficacy of gradient inversion on low-resolution datasets with small batch sizes, which is impractical in real scenarios. To tackle this issue, this paper proposes an innovative and practical gradient inversion method, namely Deep Generative Gradient Inversion (DGGI), which employs the prior knowledge of diffusion models to enhance reconstruction performance on high-resolution datasets and larger batch sizes. Furthermore, a novel group consistency regularization term that constrains the distance between reconstruction and alignment images has been developed to address the issue of spatial variations caused by pre-trained diffusion model. Experiments conducted on both natural and medical image datasets demonstrate that our DGGI method outperforms state-of-the-art baselines in image reconstruction metrics. Furthermore, our approach achieves pixel-level reconstruction and causes leakage of privacy information, even at larger batch sizes or under various defenses, which can aid in the exploration of latent security concerns within information fusion models.

中文翻译：

---

DGGI：使用扩散模型的深度生成梯度反演


联邦学习是一种保护隐私的分布式框架，有助于不同客户端之间的信息融合和共享，从而能够在不暴露原始数据的情况下训练全局模型。然而，可以通过梯度重建训练数据的梯度反转攻击已经构成了重大威胁。先前的攻击方法已经证明了梯度反演在小批量的低分辨率数据集上的有效性，这在实际场景中是不切实际的。为了解决这个问题，本文提出了一种创新且实用的梯度反演方法，即深度生成梯度反演（DGGI），它利用扩散模型的先验知识来增强高分辨率数据集和更大批量大小的重建性能。此外，还开发了一种新颖的组一致性正则化项，用于限制重建图像和对齐图像之间的距离，以解决由预训练扩散模型引起的空间变化问题。在自然和医学图像数据集上进行的实验表明，我们的 DGGI 方法在图像重建指标方面优于最先进的基线。此外，我们的方法实现了像素级重建，并导致隐私信息泄漏，即使在较大的批量大小或各种防御下也是如此，这可以帮助探索信息融合模型中潜在的安全问题。