菜单

关于 🐙 GitHub
arXiv 提交日期: 2026-07-08
📄 Abstract - FedCVESA: Taking Away Training Data in Federated Learning via Correlation Value Encoding and Segmented Aggregation

Federated learning (FL) avoids explicit data exposure by keeping raw data on local clients, yet privacy risks remain in the training process and the learned model itself. Recently, centralized Taking Away Training Data (TATD) attacks have shown that malicious training could abuse the memorization capacity of deep models to store and later recover training data. However, this memorization-based threat has not been systematically studied under FL environments, where multi-client averaging could overwrite encoded training data. In this paper, we study a white-box TATD attack in which a malicious server selects n target clients from K participating clients and actively writes private training data into the global model during federated training. We propose FedCVESA, a federated variant of Correlation Value Encoding Attack (CVEA), by adding a Pearson-correlation regularizer to the loss function of target clients, so that private training data are gradually encoded into selected model parameters, referred to as carrier parameters. To reduce the overwriting of carrier parameters during server aggregation, we further propose segmented aggregation over dispersed carrier parameters, preserving selected carrier parameters while keeping standard averaging on the remaining parameters. Experiments on MNIST, Fashion-MNIST, and CIFAR-10 under Dirichlet non-IID partitions show that the proposed method can steal semantically meaningful private training images from the trained model while maintaining acceptable main-task utility in a controlled proof-of-concept setting. These results demonstrate that FL can become a parameter-level memorization channel for active TATD attack under the studied white-box malicious-server setting.

顶级标签: machine learning systems
详细标签: federated learning privacy attack data extraction correlation encoding segmented aggregation 或 搜索:

FedCVESA:通过相关值编码和分段聚合在联邦学习中去除训练数据 / FedCVESA: Taking Away Training Data in Federated Learning via Correlation Value Encoding and Segmented Aggregation


1️⃣ 一句话总结

本文提出一种名为FedCVESA的攻击方法,通过在联邦学习的全局模型中隐藏并恢复参与者的私有训练数据,即使经过多客户端聚合,仍能高效窃取图像,同时保持模型的主要性能。

源自 arXiv: 2607.07314