CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling
Kaiyuan Zhang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Federated Learning 2
In an era where data privacy is paramount, **federated learning (FL)** has emerged as a promising distributed machine learning paradigm. It allows multiple clients to collaboratively train a shared model without directly exposing their raw, sensitive data to a central server. This approach has found applications across various domains, including network prediction, credit risk assessment, and the aggregation of data from IoT devices. However, the talk "CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling," presented by Kaiyuan Zhang, a fifth-year PhD student in Computer Science at Purdue University, unveils a critical vulnerability in this seemingly private setup: **gradient inversion attacks**.
AI review
Legitimate academic ML security research with a real technical contribution — orthogonal subspace perturbation as a gradient inversion defense is a credible idea grounded in the overparameterization of large networks. The results look solid and the adaptive attack evaluation against EOT is a necessary box that too many defense papers skip. But this is a conference paper presentation, not a breakout security talk, and the write-up leans heavily on abstract framing without enough mechanistic specificity to fully evaluate the core claim.