RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data Manipulation
Dzung Pham
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Federated Learning 1
Dzung Pham from the University of Massachusetts Amherst presented "RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data Manipulation" at the NDSS Symposium. This groundbreaking work introduces a novel class of privacy attacks specifically targeting **interaction-based Federated Learning (FL)** systems, a specialized form of FL particularly relevant to recommendation and ranking systems. RAIFLE demonstrates how a malicious server, by subtly manipulating the items presented to users, can significantly enhance its ability to reconstruct sensitive user interaction data.
AI review
Solid, original academic security research targeting a genuinely underexplored attack surface in federated learning. The core insight — that a malicious server's control over presented items is itself an exploitation primitive — is clean and non-obvious, and the work holds up technically across multiple datasets and model types. Not flashy, but this is exactly the kind of principled threat modeling that should be done *before* interaction-based FL gets baked into production recommendation systems at scale.