FedBARRE: Privacy–Utility Optimized Perturbation Ensemble against Gradient Leakage Attacks in Federated Learning

Mingcong Xu; Yahao Pang; Wei Chen; Xiaojin Zhang

FedBARRE: Privacy–Utility Optimized Perturbation Ensemble against Gradient Leakage Attacks in Federated Learning

Mingcong Xu, Yahao Pang, Wei Chen, Xiaojin Zhang

18 Sept 2025 (modified: 11 Feb 2026)Submitted to ICLR 2026EveryoneRevisionsBibTeXCC BY 4.0

Keywords: Federated Learning, Gradient Leakage Attacks, Privacy-Utility Trade-off

Abstract: With the accelerating demand for data privacy and the proliferation of AI applications, federated learning has emerged as a pivotal paradigm for collaborative model training on distributed datasets. However, in horizontal federated settings, adversaries can still exploit gradient-inversion or optimization-based attacks to reconstruct clients’ private data, leading to severe privacy breaches. Although numerous privacy-preserving methods have been proposed, they typically entail substantial utility degradation. To address this trade-off, we introduce FedBARRE, a unified framework that synergizes a Randomized Ensemble Classifier (REC) with optimized data perturbations to markedly enhance privacy protection while incurring minimal performance loss. We establish the convexity of the REC’s adversarial risk, providing a solid theoretical foundation for privacy–utility optimization. Extensive experiments validate that FedBARRE preserves overall federated-learning accuracy while significantly strengthening client-data confidentiality.

Supplementary Material: zip

Primary Area: alignment, fairness, safety, privacy, and societal considerations

Submission Number: 11263

Loading