← Back to papers
2019 NIPS NeurIPS 2019

Deep Leakage from Gradients

Abstract

Passing gradient is a widely used scheme in modern multi-node learning system (e.g, distributed training, collaborative learning). In a long time, people used to believe that gradients are safe to share: i.e, the training set will not be leaked by gradient sharing. However, in this paper, we show that we can obtain the private training set from the publicly shared gradients. The leaking only takes few gradient steps to process and can obtain the original training set instead of look-alike alternatives. We name this leakage as \textit{deep leakage from gradient} and practically validate the effectiveness of our algorithm on both computer vision and natural language processing tasks. We empirically show that our attack is much stronger than previous approaches and thereby and raise people's awareness to rethink the gradients' safety. We also discuss some possible strategies to defend this deep leakage.

🌉 Interdisciplinary Bridge — Deep Learning and Machine Learning and Security & Privacy
🧭 Keyword Pioneer — privacy attack
🐣 Hot Topic Early Bird — privacy attack
🐝 Cross-Pollinator — Artificial Intelligence, Computer Science, Computer Vision, Data Science & Analytics, Deep Learning, Healthcare & Medicine, Interdisciplinary, Knowledge & Reasoning, Machine Learning, Mathematics & Optimization, Natural Language Processing, Reinforcement Learning, Robotics, Security & Privacy, Speech & Audio

Authors

Ligeng Zhu , Zhijian Liu , Song Han

Topics

Machine Learning > Application Areas > Privacy Security & Privacy > Privacy Deep Learning > Learning Types > Adversarial Learning

Keywords

privacy attack distributed training data privacy gradient leakage
Download PDF

Related papers

Two Generator Game: Learning to Sample via Linear Goodness-of-Fit Test 2019
Metalearned Neural Memory 2019
Model Similarity Mitigates Test Set Overuse 2019
Continual Unsupervised Representation Learning 2019
Reinforcement Learning with Convex Constraints 2019