SRATTA : Sample Re-ATTribution Attack of Secure Aggregation in Federated Learning. (arXiv:2306.07644v1 [cs.LG])

We consider a cross-silo federated learning (FL) setting where a machine
learning model with a fully connected first layer is trained between different
clients and a central server using FedAvg, and where the aggregation step can
be performed with secure aggregation (SA). We present SRATTA an attack relying
only on aggregated models which, under realistic assumptions, (i) recovers data
samples from the different clients, and (ii) groups data samples coming from
the same client together. While sample recovery has already …

aggregation attack attribution clients federated learning machine machine learning server