Pengxin-Guo/Awesome-Gradient-Inversion-Attacks

# 超赞的 Gradient-Inversion-Attacks :star: 本仓库收录了与**联邦学习中的梯度反演攻击**相关的精选文献集。欢迎star和fork。更多详情请参阅以下论文： **[探索联邦学习的漏洞： 深入剖析梯度反演攻击](https://ieeexplore.ieee.org/document/11311346)** \ [Pengxin Guo](https://pengxin-guo.github.io/)\*, [Runxi Wang](https://scholar.google.com/citations?user=wClrSiMAAAAJ&hl=zh-CN)\*, Shuang Zeng, Jinjing Zhu, Haoning Jiang, Yanran Wang, Yuyin Zhou, Feifei Wang, Hui Xiong, 和 [Liangqiong Qu](https://liangqiong.github.io/) \ IEEE Transactions on Pattern Analysis and Machine Intelligence (**TPAMI**), 2026. ## 概述 现有的梯度反演攻击方法可分为三类：基于优化的梯度反演攻击 (**OP-GIA**)，通过最小化接收梯度与从虚拟数据计算出的梯度之间的距离来工作；基于生成的梯度反演攻击 (**GEN-GIA**)，利用生成器重建输入数据；以及基于分析的梯度反演攻击 (**ANA-GIA**)，旨在以封闭形式恢复输入数据。此外，GEN-GIA 可进一步细分为三类：优化潜在向量 z，优化生成器参数 W，以及训练反演生成模型。ANA-GIA 可进一步细分为两类：操纵模型架构和操纵模型参数。 - [综述论文](#survey-papers) - [基于优化的梯度反演攻击 (OP-GIA)](#optimization-based-gia-op-gia) - [基于生成的梯度反演攻击 (GEN-GIA)](#generation-based-gia-gen-gia) - [优化潜在向量 z](#optimizing-latent-vector-z) - [优化生成器参数 W](#optimizing-generators-parameters-w) - [训练反演生成模型](#training-an-inversion-generation-model) - [基于分析的梯度反演攻击 (ANA-GIA)](#analytics-based-gia-ana-gia) - [操纵模型架构](#manipulating-model-architecture) - [操纵模型参数](#manipulating-model-parameters) - [经验性研究](#emprical-works) ## 综述论文 - **SoK: 联邦学习中的梯度反演攻击** [[论文](https://www.usenix.org/conference/usenixsecurity25/presentation/carletti)] \ *Vincenzo Carletti, Pasquale Foggia, Carlo Mazzocca, Giuseppe Parrella, 和 Mario Vento* \ USENIX Security Symposium (**USENIX Security**), 2025. - **应对疑虑：揭示联邦学习中梯度反演攻击的威胁模型——综述与分类学** [[论文](https://arxiv.org/abs/2405.10376)] \ *Yichuan Shi, Olivera Kotevska, Viktor Reshniak, Abhishek Singh, 和 Ramesh Raskar* \ arXiv:2405.10376, 2024. - **对抗性攻击对联邦学习的影响：一项综述** [[论文](https://ieeexplore.ieee.org/document/10274102?denied=)] \ *Kummari Naveen Kumar, Chalavadi Krishna Mohan, 和 Linga Reddy Cenkeramaddi*\ IEEE Transactions on Pattern Analysis and Machine Intelligence (**TPAMI**), 2023. - **梯度反演综述：攻击、防御与未来方向** [[论文](https://www.ijcai.org/proceedings/2022/0791)] \ *Rui Zhang, Song Guo, Junxiao Wang, Xin Xie, 和 Dacheng Tao*\ International Joint Conference on Artificial Intelligence (**IJCAI**), 2022. - **联邦学习的安全与隐私综述** [[论文](https://www.sciencedirect.com/science/article/abs/pii/S0167739X20329848)] \ *Viraaji Mothukuri, Reza M. Parizi, Seyedamin Pouriyeh, Yan Huang, Ali Dehghantanha, 和 Gautam Srivastava* \ Future Generation Computer Systems (**FGCS**), 2021. ## 基于优化的梯度反演攻击 (OP-GIA) - **GI-NAS：通过自适应神经架构搜索增强梯度反演攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/11080068)] \ *Wenbo Yu, Hao Fang, Bin Chen, Xiaohang Sui, Chuan Chen, Hao Wu, Shu-Tao Xia, 和 Ke Xu* \ IEEE Transactions on Information Forensics and Security (**TIFS**), 2025. - **具有鲁棒优化的时序梯度反演攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/10848255)] \ *Bowen Li, Hanlin Gu, Ruoxin Chen, Jie Li, Chentao Wu, Na Ruan, Xueming Si, 和 Lixin Fan* \ IEEE Transactions on Dependable and Secure Computing (**TDSC**), 2025. - **Mjolnir：通过自适应扩散打破扰动保护梯度的防线** [[论文](https://ojs.aaai.org/index.php/AAAI/article/view/34829)] \ *Xuan Liu, Siqi Cai, Qihua Zhou, Song Guo, Ruibin Li, 和 Kaiwei Lin* \ AAAI Conference on Artificial Intelligence (**AAAI**), 2025. - **增强梯度泄露攻击：在实际联邦学习场景中的数据重建** [[论文](https://www.usenix.org/conference/usenixsecurity25/presentation/fan-boosting)] \ *Mingyuan Fan, Fuyi Wang, Cen Chen, 和 Jianying Zhou* \ USENIX Security Symposium (**USENIX Security**), 2025. - **TS-Inverse：针对联邦时间序列预测模型的梯度反演攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/10992348)] \ *Caspar Meijer, Jiyue Huang, Shreshtha Sharma, Elena Lazovik, 和 Lydia Y. Chen* \ IEEE Conference on Secure and Trustworthy Machine Learning (**SaTML**), 2025. - **联邦强化学习中的梯度反演** [[论文](https://arxiv.org/abs/2512.00303)] \ *Shenghong He 和 G.K.M. Anle* \ arXiv:2512.00303, 2025. - **联邦学习中多步梯度反演攻击的非线性轨迹建模** [[论文](https://arxiv.org/abs/2509.22082)] \ *Li Xia, Zheng Liu, Sili Huang, Wei Tang, 和 Xuan Liu* \ arXiv:2509.22082, 2025. - **梯度反演攻击：影响因素分析与隐私增强** [[论文](https://ieeexplore.ieee.org/abstract/document/10604429)] [[代码](https://github.com/MiLab-HITSZ/2023YeGIAnDe)] \ *Zipeng Ye, Wenjian Luo, Qi Zhou, Zhenqian Zhu, Yuhui Shi, 和 Yan Jia* \ IEEE Transactions on Pattern Analysis and Machine Intelligence (**TPAMI**), 2024. - **隐匿于众目睽睽之下：在联邦学习中伪装数据窃取攻击** [[论文](https://openreview.net/forum?id=krx55l2A6G)] [[代码](https://github.com/insait-institute/SEER)] \ *Kostadin Garov, Dimitar Iliev Dimitrov, Nikola Jovanović, 和 Martin Vechev* \ International Conference on Learning Representations (**ICLR**), 2024. - **致力于消除梯度反演攻击中的硬标签约束** [[论文](https://openreview.net/forum?id=s8cMuxI5gu)] [[代码](https://github.com/ybwang119/label_recovery)] \ *Yanbo Wang, Jian Liang, Ran He* \ International Conference on Learning Representations (**ICLR**), 2024. - **GI-SMN：无需先验知识的联邦学习梯度反演攻击** [[论文](https://link.springer.com/chapter/10.1007/978-981-97-5603-2_36)] \ *Jin Qian, Kaimin Wei, Yongdong Wu, Jilian Zhang, Jinpeng Chen, 和 Huan Bao* \ International Conference on Intelligent Computing (**ICIC**), 2024. - **揭示实际语言模型训练中的梯度反演风险** [[论文](https://dl.acm.org/doi/10.1145/3658644.3690292)] \ *Xinguo Feng, Zhongkui Ma, Zihan Wang, Eu Joe Chegne, Mengyao Ma, Alsharif Abuadbba, 和 Guangdong Bai* \ ACM Conference on Computer and Communications Security (**CCS**), 2024. - **分布式学习中的高保真梯度反演** [[论文](https://ojs.aaai.org/index.php/AAAI/article/view/29975)] [[代码](https://github.com/MiLab-HITSZ/2023YeHFGradInv)] \ *Zipeng Ye, Wenjian Luo, Qi Zhou, 和 Yubo Tang* \ AAAI Conference on Artificial Intelligence (**AAAI**), 2024. - **GI-PIP：梯度反演攻击需要不切实际的辅助数据集吗？** [[论文](https://ieeexplore.ieee.org/abstract/document/10445924)] [[代码](https://github.com/D1aoBoomm/GI-PIP)] \ *Yu Sun, Gaojian Xiong, Xianxun Yao, Kailang Ma, 和 Jian Cui* \ IEEE International Conference on Acoustics, Speech and Signal Processing (**ICASSP**), 2024. - **联邦学习遭受攻击：改进针对图像批次的梯度反演** [[论文](https://arxiv.org/abs/2409.17767)] \ *Luiz Leite, Yuri Santo, Bruno L. Dalmazo, 和 André Riker* \ arXiv:2409.17767, 2024. - **AFGI：面向联邦学习中精确且快速收敛的梯度反演攻击** [[论文](https://arxiv.org/abs/2403.08383)] \ *Can Liu, Jin Wang, Yipeng Zhou, Yachao Yuan, Quanzheng Sheng, 和 Kejie Lu* \ arXiv:2403.08383, 2024. - **MGIC：基于联邦学习中Canny边缘检测的多标签梯度反演攻击** [[论文](https://arxiv.org/abs/2403.08284)] \ *Can Liu 和 Jin Wang* \ arXiv:2403.08284, 2024. - **通过联邦学习中的梯度进行实例级批量标签恢复** [[论文](https://openreview.net/forum?id=FIrQfNSOoTr)] [[代码](https://github.com/BUAA-CST/iLRG)] \ *Kailang Ma, Yu Sun, Jian Cui, Dawei Li, Zhenyu Guan, 和 Jianwei Liu* \ International Conference on Learning Representations (**ICLR**), 2023. - **鸡尾酒会攻击：使用独立成分分析打破基于聚合的联邦学习隐私** [[论文](https://proceedings.mlr.press/v202/kariyappa23a.html)] [[代码](https://github.com/facebookresearch/cocktail_party_attack)] \ *Sanjay Kariyappa, Chuan Guo, Kiwan Maeng, Wenjie Xiong, G. Edward Suh, Moinuddin K Qureshi, 和 Hsien-Hsin S. Lee* \ International Conference on Machine Learning (**ICML**), 2023. - **代理模型扩展 (SME)：一种快速准确的联邦学习权重更新攻击** [[论文](https://proceedings.mlr.press/v202/zhu23m.html)] [[代码](https://github.com/JunyiZhu-AI/surrogate_model_extension)] \ *Junyi Zhu, Ruicong Yao, 和 Matthew B. Blaschko* \ International Conference on Machine Learning (**ICML**), 2023. - **梯度混淆在联邦学习中提供了一种错误的安全感** [[论文](https://www.usenix.org/conference/usenixsecurity23/presentation/yue)] [[代码](https://github.com/KAI-YUE/rog)] \ *Kai Yue, North Carolina State University; Richeng Jin, Zhejiang University; Chau-Wai Wong, Dror Baron, and Huaiyu Dai, and North Carolina State University* \ USENIX Security Symposium (**USENIX Security**), 2023. - **联邦平均中的数据泄露** [[论文](https://openreview.net/forum?id=e7A0B99zJf)] [[代码](https://github.com/eth-sri/fedavg_leakage)] \ *Dimitar Iliev Dimitrov, Mislav Balunovic, Nikola Konstantinov, 和 Martin Vechev* \ Transactions on Machine Learning Research (**TMLR**), 2022. - **GradViT：视觉Transformer的梯度反演** [[论文](https://openaccess.thecvf.com/content/CVPR2022/html/Hatamizadeh_GradViT_Gradient_Inversion_of_Vision_Transformers_CVPR_2022_paper.html)] \ *Ali Hatamizadeh, Hongxu Yin, Holger R. Roth, Wenqi Li, Jan Kautz, Daguang Xu, 和 Pavlo Molchanov* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2022. - **APRIL：发现视觉Transformer在隐私方面的阿喀琉斯之踵** [[论文](https://openaccess.thecvf.com/content/CVPR2022/html/Lu_APRIL_Finding_the_Achilles_Heel_on_Privacy_for_Vision_Transformers_CVPR_2022_paper.html)] \ *Jiahao Lu, Xi Sheryl Zhang, Tianli Zhao, Xiangyu He, 和 Jian Cheng* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2022. - **CAFE：纵向联邦学习中的灾难性数据泄露** [[论文](https://proceedings.neurips.cc/paper_files/paper/2021/hash/08040837089cdf46631a10aca5258e16-Abstract.html)] [[代码](https://github.com/DeRafael/CAFE)] \ *Xiao Jin, Pin-Yu Chen, Chia-Yi Hsu, Chia-Mu Yu, 和 Tianyi Chen* \ Conference on Neural Information Processing Systems (**NeurIPS**), 2021. - **透视梯度：通过GradInversion进行图像批次恢复** [[论文](https://openaccess.thecvf.com/content/CVPR2021/html/Yin_See_Through_Gradients_Image_Batch_Recovery_via_GradInversion_CVPR_2021_paper.html)] [[代码]()] \ *Hongxu Yin, Arun Mallya, Arash Vahdat, Jose M. Alvarez, Jan Kautz, 和 Pavlo Molchanov* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2021. - **面向联邦学习中的通用深度泄露** [[论文](https://arxiv.org/abs/2110.09074)] \ *Jiahui Geng, Yongli Mou, Feifei Li, Qing Li, Oya Beyan, Stefan Decker, 和 Chunming Rong* \ arXiv:2110.09074, 2021. - **梯度反演——打破联邦学习中的隐私有多容易？** [[论文](https://proceedings.neurips.cc/paper/2020/hash/c4ede56bbd98819ae6112b20ac6bf145-Abstract.html)] [[代码](https://github.com/JonasGeiping/invertinggradients)] \ *Jonas Geiping, Hartmut Bauermeister, Hannah Dröge, 和 Michael Moeller* \ Conference on Neural Information Processing Systems (**NeurIPS**), 2020. - **SAPAG：一种来自梯度的自适应隐私攻击** [[论文](https://arxiv.org/abs/2009.06228)] \ *Yijue Wang, Jieren Deng, Dan Guo, Chenghong Wang, Xianrui Meng, Hang Liu, Caiwen Ding, 和 Sanguthevar Rajasekaran* \ arXiv:2009.06228, 2020. - **iDLG：改进的梯度深度泄露** [[论文](https://arxiv.org/abs/2001.02610)] [[代码](https://github.com/PatrickZH/Improved-Deep-Leakage-from-Gradients)] \ *Bo Zhao, Konda Reddy Mopuri, 和 Hakan Bilen* \ arXiv:2001.02610, 2020. - **梯度深度泄露** [[论文](https://proceedings.neurips.cc/paper/2019/hash/60a6c4002cc7b29142def8871531281a-Abstract.html)] [[代码](https://github.com/mit-han-lab/dlg)] \ *Ligeng Zhu, Zhijian Liu, 和 Song Han* \ Conference on Neural Information Processing Systems (**NeurIPS**), 2019. ## 基于生成的梯度反演攻击 (GEN-GIA) ### 优化潜在向量 z - **GIFD：一种基于特征域优化的生成式梯度反演方法** [[论文](https://openaccess.thecvf.com/content/ICCV2023/html/Fang_GIFD_A_Generative_Gradient_Inversion_Method_with_Feature_Domain_Optimization_ICCV_2023_paper.html)] [[代码](https://github.com/ffhibnese/GIFD_Gradient_Inversion_Attack)] \ *Hao Fang, Bin Chen, Xuan Wang, Zhi Wang, 和 Shu-Tao Xia* \ International Conference on Computer Vision (**ICCV**), 2023. - **通过生成式梯度泄露审计联邦学习中的隐私防御** [[论文](https://openaccess.thecvf.com/content/CVPR2022/html/Li_Auditing_Privacy_Defenses_in_Federated_Learning_via_Generative_Gradient_Leakage_CVPR_2022_paper.html)] [[代码](https://github.com/zhuohangli/GGL)] \ *Zhuohang Li, Jiaxin Zhang, Luyang Liu, 和 Jian Liu* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2022. - **基于生成式图像先验的梯度反演** [[论文](https://proceedings.neurips.cc/paper/2021/hash/fa84632d742f2729dc32ce8cb5d49733-Abstract.html)] [[代码](https://github.com/ml-postech/gradient-inversion-generative-image-prior)] \ *Jinwoo Jeon, jaechang Kim, Kangwook Lee, Sewoong Oh, 和 Jungseul Ok* \ Conference on Neural Information Processing Systems (**NeurIPS**), 2021. ### 优化生成器参数 W - **从梯度进行生成式图像重建** [[论文](https://ieeexplore.ieee.org/abstract/document/10495167)] \ *Ekanut Sotthiwata, Liangli Zhen, Chi Zhang, Zengxiang Li, 和 Rick Siow Mong Goh* \ IEEE Transactions on Neural Networks and Learning Systems (**TNNLS**), 2024. - **联邦学习中通过过参数化网络进行生成式梯度反演** [[论文](https://openaccess.thecvf.com/content/ICCV2023/html/Zhang_Generative_Gradient_Inversion_via_Over-Parameterized_Networks_in_Federated_Learning_ICCV_2023_paper.html)] [[代码](https://github.com/czhang024/CI-Net)] \ *Chi Zhang, Zhang Xiaoman, Ekanut Sotthiwat, Yanyu Xu, Ping Liu, Liangli Zhen, 和 Yong Liu* \ International Conference on Computer Vision (**ICCV**), 2023. - **CGIR：针对联邦学习的条件生成实例重建攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/9980415)] \ *Xiangrui Xu, Pengrui Liu, Wei Wang, Hong-Liang Ma, Bin Wang, Zhen Han, 和 Yufei Han* \ IEEE Transactions on Dependable and Secure Computing (**TDSC**), 2022. - **GRNN：生成式回归神经网络——一种针对联邦学习的数据泄露攻击** [[论文](https://dl.acm.org/doi/abs/10.1145/3510032)] [[代码](https://github.com/Rand2AI/GRNN)] \ *Hanchi Ren, Jingjing Deng, 和 Xianghua Xie* \ ACM Transactions on Intelligent Systems and Technology (**TIST**), 2022. ### 训练反演生成模型 - **针对高度压缩梯度的快速基于生成的梯度泄露攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/10229091)] [[代码](https://github.com/pigeon-dove/FGLA)] \ *Dongyun Xue, Haomiao Yang, Mengyu Ge, Jingwei Li, Guowen Xu, 和 Hongwei Li* \ IEEE International Conference on Computer Communications (**INFOCOM**), 2023. - **学习反演：针对联邦学习梯度反演的简单自适应攻击** [[论文](https://proceedings.mlr.press/v216/wu23a.html)] [[代码](https://github.com/wrh14/Learning_to_Invert)] \ *Ruihan Wu, Xiangyu Chen, Chuan Guo, 和 Kilian Q. Weinberger*\ Conference on Uncertainty in Artificial Intelligence (**UAI**), 2023. ## 基于分析的梯度反演攻击 (ANA-GIA) - **隐私保护的深度学习：再审视与增强** [[论文](https://link.springer.com/chapter/10.1007/978-981-10-5421-1_9)] \ *Le Trieu Phong, Yoshinori Aono, Takuya Hayashi, Lihua Wang, 和 Shiho Moriai* \ International Conference on Applications and Techniques in Information Security (**ATIS**), 2017. - **R-GAP：基于递归梯度的隐私攻击** [[论文](https://openreview.net/forum?id=RSU17UoKfJF)] [[代码](https://github.com/JunyiZhu-AI/R-GAP)] \ *Junyi Zhu 和 Matthew B. Blaschko* \ International Conference on Learning Representations (**ICLR**), 2021. ### 操纵模型架构 - **ARES：通过激活恢复实现的联邦学习中可扩展且实用的梯度反演攻击** [[论文](https://arxiv.org/abs/2603.17623)] \ *Zirui Gong, Leo Yu Zhang, Yanjun Zhang, Viet Vo, Tianqing Zhu, Shirui Pan, 和 Cong Wang* \ IEEE Symposium on Security and Privacy (**S&P**), 2026. - **Loki：通过模型操纵对联邦学习进行大规模数据重建攻击** [[论文](https://ieeexplore.ieee.org/abstract/document/10646724)] [[代码](https://github.com/Manishpandey-0/Adversarial-reconstruction-attack-on-FL-using-LOKI)] \ *Joshua C. Zhao, Atul Sharma, Ahmed Roushdy Elkordy, Yahya H. Ezzeldin, Salman Avestimehr, 和 Saurabh Bagchi* \ IEEE Symposium on Security and Privacy (**S&P**), 2024. - **在联邦学习中使用线性层泄露攻击的资源问题** [[论文](https://openaccess.thecvf.com/content/CVPR2023/html/Zhao_The_Resource_Problem_of_Using_Linear_Layer_Leakage_Attack_in_CVPR_2023_paper.html)] \ *Joshua C. Zhao, Ahmed Roushdy Elkordy, Atul Sharma, Yahya H. Ezzeldin, Salman Avestimehr, 和 Saurabh Bagchi* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2023. - **抢劫联邦学习：通过修改的模型直接获取联邦学习中的私有数据** [[论文](https://openreview.net/forum?id=fwzUgo0FM9v&ref=morioh.com&utm_source=morioh.com)] [[代码](https://github.com/lhfowl/robbing_the_fed)] \ *Liam H Fowl, Jonas Geiping, Wojciech Czaja, Micah Goldblum, 和 Tom Goldstein* \ International Conference on Learning Representations (**ICLR**), 2022. ### 操纵模型参数 - **不再猜测：联邦学习中可验证的梯度反演攻击** [[论文](https://arxiv.org/abs/2604.15063)] \ *Francesco Diana, Chuan Xu, André Nusser, 和 Giovanni Neglia* \ arXiv:2604.15063, 2026. - **针对参数高效微调的梯度反演攻击** [[论文](https://openaccess.thecvf.com/content/CVPR2025/html/Sami_Gradient_Inversion_Attacks_on_Parameter-Efficient_Fine-Tuning_CVPR_2025_paper.html)] [[代码](https://github.com/info-ucr/PEFTLeak)] \ *Hasin Us Sami, Swapneel Sen, Amit K. Roy-Chowdhury, Srikanth V. Krishnamurthy, 和 Basak Guler* \ IEEE/CVF Computer Vision and Pattern Recognition Conference (**CVPR**), 2025. - **Scale-MIA：一种通过潜在空间重构针对安全联邦学习的可扩展模型反演攻击** [[论文](https://www.ndss-symposium.org/ndss-paper/scale-mia-a-scalable-model-inversion-attack-against-secure-federated-learning-via-latent-space-reconstruction/)] [[代码](https://github.com/unknown123489/Scale-MIA)] \ *Shanghao Shi, Ning Wang, Yang Xiao, Chaoyu Zhang, Yi Shi, Y.Thomas Hou, 和 Wenjing Lou* \ Network and Distributed System Security Symposium (**NDSS**), 2025. - **联邦学习中基于梯度的最大知识正交性重构** [[论文](https://openaccess.thecvf.com/content/WACV2024/html/Wang_Maximum_Knowledge_Orthogonality_Reconstruction_With_Gradients_in_Federated_Learning_WACV_2024_paper.html)] [[代码](https://github.com/wfwf10/MKOR)] \ *Feng Wang, Senem Velipasalar, 和 M. Cenk Gursoy* \ Winter Conference on Applications of Computer Vision (**WACV**), 2024. - **当好奇者背弃诚实：联邦学习并非私有** [[论文](https://ieeexplore.ieee.org/abstract/document/10190537)] \ *Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, 和 Nicolas Papernot* \ IEEE European Symposium on Security and Privacy (**EuroS&P**), 2023. - **通过梯度放大在大批量联邦学习中钓取用户数据** [[论文](https://proceedings.mlr.press/v162/wen22a.html)] \ *Yuxin Wen, Jonas A. Geiping, Liam Fowl, Micah Goldblum, 和 Tom Goldstein* \ International Conference on Machine Learning (**ICML**), 2022. - **通过模型不一致性规避联邦学习中的安全聚合** [[论文](https://dl.acm.org/doi/abs/10.1145/3548606.3560557)] [[代码](https://github.com/pasquini-dario/EludingSecureAggregation)] \ *Dario Pasquini, Danilo Francati, 和 Giuseppe Ateniese* \ ACM SIGSAC Conference on Computer and Communications Security (**CCS**), 2022. ## 经验性研究 - **探索联邦学习的漏洞： 深入剖析梯度反演攻击** [[论文](https://ieeexplore.ieee.org/document/11311346)] [[代码](https://github.com/1wrx1/GIA)] \ *Pengxin Guo, Runxi Wang, Shuang Zeng, Jinjing Zhu, Haoning Jiang, Yanran Wang, Yuyin Zhou, Feifei Wang, Hui Xiong, 和 Liangqiong Qu* \ IEEE Transactions on Pattern Analysis and Machine Intelligence (**TPAMI**), 2026. - **SoK：论联邦学习中的梯度泄露** [[论文](https://arxiv.org/abs/2404.05403)] \ *Jiacheng Du, Jiahui Hu, Zhibo Wang, Peng Sun, Neil Zhenqiang Gong, Kui Ren, 和 Chun Chen* \ USENIX Security Symposium (**USENIX Security**), 2025. - **论联邦学习中主动梯度反演攻击的可检测性** [[论文](https://arxiv.org/abs/2511.10502)] \ *Vincenzo Carletti, Pasquale Foggia, Carlo Mazzocca, Giuseppe Parrella, 和 Mario Vento* \ arXiv:2511.10502, 2025. - **充耳不闻：检测联邦学习中恶意服务器的梯度泄露** [[论文](https://arxiv.org/abs/2506.20651)] \ *Fei Wang 和 Baochun Li* \ arXiv:2506.20651, 2025. - **FEDLAD：深度泄露攻击与防御的联邦评估** [[论文](https://arxiv.org/abs/2411.03019)] \ *Isaac Baglin, Xiatian Zhu, 和 Simon Hadfield* \ arXiv:2411.03019, 2024. - **评估联邦学习中的梯度反演攻击与防御** [[论文](https://proceedings.neurips.cc/paper/2021/hash/3b3fff6463464959dcd1b68d0320f781-Abstract.html)] [[代码](https://github.com/Princeton-SysML/GradAttack)] \ *Yangsibo Huang, Samyak Gupta, Zhao Song, Kai Li, 和 Sanjeev Arora* \ Conference on Neural Information Processing Systems (**NeurIPS**), 2021.

标签：TPAMI, 优化攻击, 分析攻击, 安全漏洞, 密钥泄露防护, 技术综述, 数据重建, 文献综述, 机器学习安全, 梯度反演攻击, 深度学习, 生成攻击, 联邦学习, 逆向工具, 隐私安全, 隐私泄露