Gradient Leakage Attack Resilient Deep Learning

Gradient leakage attacks are considered one of the wickedest privacy threats in deep learning as attackers covertly spy gradient updates during iterative training without compromising model quality, and yet secretly reconstruct sensitive data using leaked gradients with high attack success rate. Although differential is a defacto standard for publishing models guarantee, we show that differentially private algorithms fixed parameters vulnerable against attacks. This paper investigates alternative approaches to resilient (DP). First, analyze existing implementation privacy, which use noise variance injects constant all layers parameters. Despite DP guarantee provided, method suffers from low accuracy Second, present approach by dynamic Unlike fixed-parameter strategies result variance, different parameter techniques introduce adaptive injection closely aligned trend training. Finally, describe four complementary metrics evaluate compare approaches. Extensive experiments on six benchmark datasets outperforms parameters, clipping aspects: compelling performance, strong resilience.