Refiner: Data Refining against Gradient Leakage Attacks in Federated Learning

Recent works highlight the vulnerability of Federated Learning (FL) systems to gradient leakage attacks, where attackers reconstruct clients' data from shared gradients, undermining FL's privacy guarantees. However, existing defenses show limited resilience against sophisticated attacks. This paper introduces a novel defensive paradigm that departs from conventional gradient perturbation approaches and instead focuses on the construction of robust data. Our theoretical analysis indicates such data, which exhibits low semantic similarity to the clients' raw data while maintaining good gradient alignment to clients' raw data, is able to effectively obfuscate attackers and yet maintain model performance. We refer to such data as robust data, and to generate it, we design Refiner that jointly optimizes two metrics for privacy protection and performance maintenance. The utility metric promotes the gradient consistency of key parameters between robust data and clients' data, while the privacy metric guides the generation of robust data towards enlarging the semantic gap with clients' data. Extensive empirical evaluations on multiple benchmark datasets demonstrate the superior performance of Refiner at defending against state-of-the-art attacks.