FedGG: Leveraging Generative Adversarial Networks and Gradient Smoothing for Privacy Protection in Federated Learning

Gradient leakage attack allow attackers to infer Privacy data, which raises concerns about data leakage. To solve this problem, a series of methods have been proposed, while previously proposed methods have two weaknesses. First, adding noise (e.g., Differential privacy) to client-shared gradients reduces Privacy data leaks but harms performance of model and leaves room for data recovery attack(e.g., Gradient leak attacks). Second, encrypting shared gradients (e.g., Homomorphic encryption) enhances security but demands high computational costs, making it impractical for resource-constrained edge devices. This work proposes a novel federated learning method that leverages generative adversarial networks and gradient smoothing, which generates pseudodata through Wasserstein GAN(WGAN) and retains classification characteristics. Gradient smoothing can suppress gradients with high frequency changes; To improve the diversity of training data, launching data augmentation by mixup. Experiments show that compared with common defense methods, the MES-I of noise and gradient clipping are 0.5278 and 0.1036, respectively, while the MES-I of FedGG is 0.6422.