The Gradient Puppeteer: Adversarial domination in gradient leakage attacks through model poisoning

Author

• Kunlan Xiang
• Haomiao Yang
• Meng HAO, Singapore Management UniversityFollow
• Shaofeng Li
• Haoxin Wang
• Zikang Ding
• Wenbo Jiang
• Tianwei Zhang

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

1-2025

Abstract

In Federated Learning (FL), clients share gradients with a central server while keeping their data local. However, malicious servers could deliberately manipulate the models to reconstruct clients' data from shared gradients, posing significant privacy risks. Although such Active Gradient Leakage Attacks (AGLAs) have been widely studied, they suffer from two severe limitations: 1) coverage: no existing AGLAs can reconstruct all samples in a batch from the shared gradients; 2) stealthiness: no existing AGLAs can evade principled checks of clients. In this paper, we address these limitations with two core contributions. First, we introduce a new theoretical analysis approach, which uniformly models AGLAs as backdoor poisoning. This analysis approach reveals that the core principle of AGLAs is to bias the gradient space to prioritize the reconstruction of a small subset of samples while sacrificing the majority, which theoretically explains the above limitations of existing AGLAs. Second, we propose Enhanced Gradient Global Vulnerability (EGGV), the first AGLA that achieves complete attack coverage while evading client-side detection. In particular, EGGV employs a gradient projector and a jointly optimized discriminator to assess gradient vulnerability, steering the gradient space toward the point most prone to data leakage. Extensive experiments show that EGGV achieves complete attack coverage and surpasses state-of-the-art (SOTA) with at least a 43% increase in reconstruction quality (PSNR) and a 45% improvement in stealthiness (D-SNR).

Keywords

Federated learning, gradient leakage attack, model poisoning, malicious attack

Discipline

Information Security

Publication

IEEE Transactions on Information Forensics and Security

Volume

20

First Page

11477

Last Page

11488

ISSN

1556-6013

Identifier

10.1109/TIFS.2025.3607271

Publisher

Institute of Electrical and Electronics Engineers

Citation

Xiang, Kunlan; Yang, Haomiao; HAO, Meng; Li, Shaofeng; Wang, Haoxin; Ding, Zikang; Jiang, Wenbo; and Zhang, Tianwei. The Gradient Puppeteer: Adversarial domination in gradient leakage attacks through model poisoning. (2025). IEEE Transactions on Information Forensics and Security. 20, 11477-11488.
Available at: https://ink.library.smu.edu.sg/sis_research/11107

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/TIFS.2025.3607271