DeGain: Detecting GAN-based data inversion in collaborative deep learning

Publication Type

Conference Proceeding Article

Publication Date

7-2025

Abstract

Collaborative deep learning (DL) allows distributed clients to jointly train models without sharing raw data, addressing privacy concerns in centralized methods. However, malicious participants can still compromise privacy. An attacker can use a Generative Adversarial Network (GAN) to reconstruct other clients’ data during training. Such cross-client attacks are particularly stealthy and difficult to defend against.This work proposes DeGain, an active detection defense designed to counter cross-client GAN-based data inversion attack. DeGain can actively identify attackers who maliciously manipulate their local models uploaded to the server before updating the global model. The key insight is that the tampered local model exhibits distinguishable characteristics that can be captured by a meta-classifier. DeGain leverages this by using a meta-classifier to differentiate between malicious and benign local model updates, extracting meta-data from the local model parameters to feed into the meta-classifier. Through extensive evaluations on two datasets of MNIST and AT&T demonstrate desirable detection accuracy up to 90%. Importantly, DeGain successfully defeats the GAN-based data inversion by the attacker, affirming its privacy-preserving capability. In addition, the utility of the global model is nearly unaffected.

Discipline

Information Security

Research Areas

Information Systems and Management

Publication

Information Security and Privacy: 30th Australasian Conference, ACISP 2025, Wollongong, NSW, Australia, July 14-16

First Page

167

Last Page

185

Identifier

10.1007/978-981-96-9101-2_9

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/978-981-96-9101-2_9

This document is currently not available here.

Share

COinS