Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and Taxonomy Article Swipe
Yichuan Shi
,
Olivera Kotevska
,
Viktor Reshniak
,
Abhishek Singh
,
Ramesh Raskar
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2405.10376
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2405.10376
Federated Learning (FL) has emerged as a leading paradigm for decentralized, privacy preserving machine learning training. However, recent research on gradient inversion attacks (GIAs) have shown that gradient updates in FL can leak information on private training samples. While existing surveys on GIAs have focused on the honest-but-curious server threat model, there is a dearth of research categorizing attacks under the realistic and far more privacy-infringing cases of malicious servers and clients. In this paper, we present a survey and novel taxonomy of GIAs that emphasize FL threat models, particularly that of malicious servers and clients. We first formally define GIAs and contrast conventional attacks with the malicious attacker. We then summarize existing honest-but-curious attack strategies, corresponding defenses, and evaluation metrics. Critically, we dive into attacks with malicious servers and clients to highlight how they break existing FL defenses, focusing specifically on reconstruction methods, target model architectures, target data, and evaluation metrics. Lastly, we discuss open problems and future research directions.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2405.10376
- https://arxiv.org/pdf/2405.10376
- OA Status
- green
- Cited By
- 1
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4398156427
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4398156427Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2405.10376Digital Object Identifier
- Title
-
Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and TaxonomyWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-05-16Full publication date if available
- Authors
-
Yichuan Shi, Olivera Kotevska, Viktor Reshniak, Abhishek Singh, Ramesh RaskarList of authors in order
- Landing page
-
https://arxiv.org/abs/2405.10376Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2405.10376Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2405.10376Direct OA link when available
- Concepts
-
Taxonomy (biology), Inversion (geology), Computer science, Artificial intelligence, Data science, Psychology, Political science, Computer security, Geology, Zoology, Biology, Seismology, TectonicsTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
1Total citation count in OpenAlex
- Citations by year (recent)
-
2025: 1Per-year citation counts (last 5 years)
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4398156427 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2405.10376 |
| ids.doi | https://doi.org/10.48550/arxiv.2405.10376 |
| ids.openalex | https://openalex.org/W4398156427 |
| fwci | |
| type | preprint |
| title | Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and Taxonomy |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9959999918937683 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| topics[1].id | https://openalex.org/T10764 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9772999882698059 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Privacy-Preserving Technologies in Data |
| topics[2].id | https://openalex.org/T10237 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9509999752044678 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1702 |
| topics[2].subfield.display_name | Artificial Intelligence |
| topics[2].display_name | Cryptography and Data Security |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C58642233 |
| concepts[0].level | 2 |
| concepts[0].score | 0.5676847696304321 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q8269924 |
| concepts[0].display_name | Taxonomy (biology) |
| concepts[1].id | https://openalex.org/C1893757 |
| concepts[1].level | 3 |
| concepts[1].score | 0.5523074269294739 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q3653001 |
| concepts[1].display_name | Inversion (geology) |
| concepts[2].id | https://openalex.org/C41008148 |
| concepts[2].level | 0 |
| concepts[2].score | 0.4640805721282959 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[2].display_name | Computer science |
| concepts[3].id | https://openalex.org/C154945302 |
| concepts[3].level | 1 |
| concepts[3].score | 0.37834134697914124 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[3].display_name | Artificial intelligence |
| concepts[4].id | https://openalex.org/C2522767166 |
| concepts[4].level | 1 |
| concepts[4].score | 0.3756237030029297 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q2374463 |
| concepts[4].display_name | Data science |
| concepts[5].id | https://openalex.org/C15744967 |
| concepts[5].level | 0 |
| concepts[5].score | 0.36350345611572266 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q9418 |
| concepts[5].display_name | Psychology |
| concepts[6].id | https://openalex.org/C17744445 |
| concepts[6].level | 0 |
| concepts[6].score | 0.34728047251701355 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q36442 |
| concepts[6].display_name | Political science |
| concepts[7].id | https://openalex.org/C38652104 |
| concepts[7].level | 1 |
| concepts[7].score | 0.3456900715827942 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[7].display_name | Computer security |
| concepts[8].id | https://openalex.org/C127313418 |
| concepts[8].level | 0 |
| concepts[8].score | 0.16183894872665405 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q1069 |
| concepts[8].display_name | Geology |
| concepts[9].id | https://openalex.org/C90856448 |
| concepts[9].level | 1 |
| concepts[9].score | 0.10286131501197815 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q431 |
| concepts[9].display_name | Zoology |
| concepts[10].id | https://openalex.org/C86803240 |
| concepts[10].level | 0 |
| concepts[10].score | 0.09414806962013245 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q420 |
| concepts[10].display_name | Biology |
| concepts[11].id | https://openalex.org/C165205528 |
| concepts[11].level | 1 |
| concepts[11].score | 0.08762672543525696 |
| concepts[11].wikidata | https://www.wikidata.org/wiki/Q83371 |
| concepts[11].display_name | Seismology |
| concepts[12].id | https://openalex.org/C77928131 |
| concepts[12].level | 2 |
| concepts[12].score | 0.0 |
| concepts[12].wikidata | https://www.wikidata.org/wiki/Q193343 |
| concepts[12].display_name | Tectonics |
| keywords[0].id | https://openalex.org/keywords/taxonomy |
| keywords[0].score | 0.5676847696304321 |
| keywords[0].display_name | Taxonomy (biology) |
| keywords[1].id | https://openalex.org/keywords/inversion |
| keywords[1].score | 0.5523074269294739 |
| keywords[1].display_name | Inversion (geology) |
| keywords[2].id | https://openalex.org/keywords/computer-science |
| keywords[2].score | 0.4640805721282959 |
| keywords[2].display_name | Computer science |
| keywords[3].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[3].score | 0.37834134697914124 |
| keywords[3].display_name | Artificial intelligence |
| keywords[4].id | https://openalex.org/keywords/data-science |
| keywords[4].score | 0.3756237030029297 |
| keywords[4].display_name | Data science |
| keywords[5].id | https://openalex.org/keywords/psychology |
| keywords[5].score | 0.36350345611572266 |
| keywords[5].display_name | Psychology |
| keywords[6].id | https://openalex.org/keywords/political-science |
| keywords[6].score | 0.34728047251701355 |
| keywords[6].display_name | Political science |
| keywords[7].id | https://openalex.org/keywords/computer-security |
| keywords[7].score | 0.3456900715827942 |
| keywords[7].display_name | Computer security |
| keywords[8].id | https://openalex.org/keywords/geology |
| keywords[8].score | 0.16183894872665405 |
| keywords[8].display_name | Geology |
| keywords[9].id | https://openalex.org/keywords/zoology |
| keywords[9].score | 0.10286131501197815 |
| keywords[9].display_name | Zoology |
| keywords[10].id | https://openalex.org/keywords/biology |
| keywords[10].score | 0.09414806962013245 |
| keywords[10].display_name | Biology |
| keywords[11].id | https://openalex.org/keywords/seismology |
| keywords[11].score | 0.08762672543525696 |
| keywords[11].display_name | Seismology |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2405.10376 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2405.10376 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2405.10376 |
| locations[1].id | doi:10.48550/arxiv.2405.10376 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | cc-by |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | https://openalex.org/licenses/cc-by |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2405.10376 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5102623844 |
| authorships[0].author.orcid | |
| authorships[0].author.display_name | Yichuan Shi |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Shi, Yichuan |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5021188335 |
| authorships[1].author.orcid | https://orcid.org/0000-0003-1677-2243 |
| authorships[1].author.display_name | Olivera Kotevska |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Kotevska, Olivera |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5070770993 |
| authorships[2].author.orcid | https://orcid.org/0000-0003-1545-4462 |
| authorships[2].author.display_name | Viktor Reshniak |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Reshniak, Viktor |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5101494381 |
| authorships[3].author.orcid | https://orcid.org/0009-0006-7537-8173 |
| authorships[3].author.display_name | Abhishek Singh |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Singh, Abhishek |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5023495279 |
| authorships[4].author.orcid | https://orcid.org/0000-0002-3254-3224 |
| authorships[4].author.display_name | Ramesh Raskar |
| authorships[4].author_position | last |
| authorships[4].raw_author_name | Raskar, Ramesh |
| authorships[4].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2405.10376 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Dealing Doubt: Unveiling Threat Models in Gradient Inversion Attacks under Federated Learning, A Survey and Taxonomy |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9959999918937683 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| related_works | https://openalex.org/W1980470275, https://openalex.org/W2086322839, https://openalex.org/W2344971351, https://openalex.org/W2363509351, https://openalex.org/W2377084220, https://openalex.org/W1990581988, https://openalex.org/W2384206310, https://openalex.org/W2354391290, https://openalex.org/W2112313195, https://openalex.org/W2378498423 |
| cited_by_count | 1 |
| counts_by_year[0].year | 2025 |
| counts_by_year[0].cited_by_count | 1 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2405.10376 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2405.10376 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2405.10376 |
| primary_location.id | pmh:oai:arXiv.org:2405.10376 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2405.10376 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2405.10376 |
| publication_date | 2024-05-16 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 6, 53, 77 |
| abstract_inverted_index.FL | 30, 86, 137 |
| abstract_inverted_index.In | 72 |
| abstract_inverted_index.We | 96, 109 |
| abstract_inverted_index.as | 5 |
| abstract_inverted_index.in | 29 |
| abstract_inverted_index.is | 52 |
| abstract_inverted_index.of | 55, 67, 82, 91 |
| abstract_inverted_index.on | 19, 34, 41, 45, 141 |
| abstract_inverted_index.to | 131 |
| abstract_inverted_index.we | 75, 122, 153 |
| abstract_inverted_index.and | 62, 70, 79, 94, 101, 118, 129, 149, 157 |
| abstract_inverted_index.can | 31 |
| abstract_inverted_index.far | 63 |
| abstract_inverted_index.for | 9 |
| abstract_inverted_index.has | 3 |
| abstract_inverted_index.how | 133 |
| abstract_inverted_index.the | 46, 60, 106 |
| abstract_inverted_index.(FL) | 2 |
| abstract_inverted_index.GIAs | 42, 83, 100 |
| abstract_inverted_index.dive | 123 |
| abstract_inverted_index.have | 24, 43 |
| abstract_inverted_index.into | 124 |
| abstract_inverted_index.leak | 32 |
| abstract_inverted_index.more | 64 |
| abstract_inverted_index.open | 155 |
| abstract_inverted_index.that | 26, 84, 90 |
| abstract_inverted_index.then | 110 |
| abstract_inverted_index.they | 134 |
| abstract_inverted_index.this | 73 |
| abstract_inverted_index.with | 105, 126 |
| abstract_inverted_index.While | 38 |
| abstract_inverted_index.break | 135 |
| abstract_inverted_index.cases | 66 |
| abstract_inverted_index.data, | 148 |
| abstract_inverted_index.first | 97 |
| abstract_inverted_index.model | 145 |
| abstract_inverted_index.novel | 80 |
| abstract_inverted_index.shown | 25 |
| abstract_inverted_index.there | 51 |
| abstract_inverted_index.under | 59 |
| abstract_inverted_index.(GIAs) | 23 |
| abstract_inverted_index.attack | 114 |
| abstract_inverted_index.dearth | 54 |
| abstract_inverted_index.define | 99 |
| abstract_inverted_index.future | 158 |
| abstract_inverted_index.model, | 50 |
| abstract_inverted_index.paper, | 74 |
| abstract_inverted_index.recent | 17 |
| abstract_inverted_index.server | 48 |
| abstract_inverted_index.survey | 78 |
| abstract_inverted_index.target | 144, 147 |
| abstract_inverted_index.threat | 49, 87 |
| abstract_inverted_index.Lastly, | 152 |
| abstract_inverted_index.attacks | 22, 58, 104, 125 |
| abstract_inverted_index.clients | 130 |
| abstract_inverted_index.discuss | 154 |
| abstract_inverted_index.emerged | 4 |
| abstract_inverted_index.focused | 44 |
| abstract_inverted_index.leading | 7 |
| abstract_inverted_index.machine | 13 |
| abstract_inverted_index.models, | 88 |
| abstract_inverted_index.present | 76 |
| abstract_inverted_index.privacy | 11 |
| abstract_inverted_index.private | 35 |
| abstract_inverted_index.servers | 69, 93, 128 |
| abstract_inverted_index.surveys | 40 |
| abstract_inverted_index.updates | 28 |
| abstract_inverted_index.However, | 16 |
| abstract_inverted_index.Learning | 1 |
| abstract_inverted_index.clients. | 71, 95 |
| abstract_inverted_index.contrast | 102 |
| abstract_inverted_index.existing | 39, 112, 136 |
| abstract_inverted_index.focusing | 139 |
| abstract_inverted_index.formally | 98 |
| abstract_inverted_index.gradient | 20, 27 |
| abstract_inverted_index.learning | 14 |
| abstract_inverted_index.methods, | 143 |
| abstract_inverted_index.metrics. | 120, 151 |
| abstract_inverted_index.paradigm | 8 |
| abstract_inverted_index.problems | 156 |
| abstract_inverted_index.research | 18, 56, 159 |
| abstract_inverted_index.samples. | 37 |
| abstract_inverted_index.taxonomy | 81 |
| abstract_inverted_index.training | 36 |
| abstract_inverted_index.Federated | 0 |
| abstract_inverted_index.attacker. | 108 |
| abstract_inverted_index.defenses, | 117, 138 |
| abstract_inverted_index.emphasize | 85 |
| abstract_inverted_index.highlight | 132 |
| abstract_inverted_index.inversion | 21 |
| abstract_inverted_index.malicious | 68, 92, 107, 127 |
| abstract_inverted_index.realistic | 61 |
| abstract_inverted_index.summarize | 111 |
| abstract_inverted_index.training. | 15 |
| abstract_inverted_index.evaluation | 119, 150 |
| abstract_inverted_index.preserving | 12 |
| abstract_inverted_index.Critically, | 121 |
| abstract_inverted_index.directions. | 160 |
| abstract_inverted_index.information | 33 |
| abstract_inverted_index.strategies, | 115 |
| abstract_inverted_index.categorizing | 57 |
| abstract_inverted_index.conventional | 103 |
| abstract_inverted_index.particularly | 89 |
| abstract_inverted_index.specifically | 140 |
| abstract_inverted_index.corresponding | 116 |
| abstract_inverted_index.architectures, | 146 |
| abstract_inverted_index.decentralized, | 10 |
| abstract_inverted_index.reconstruction | 142 |
| abstract_inverted_index.honest-but-curious | 47, 113 |
| abstract_inverted_index.privacy-infringing | 65 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 5 |
| citation_normalized_percentile |