Scale-MIA: A Scalable Model Inversion Attack against Secure Federated Learning via Latent Space Reconstruction
Shanghao Shi
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Federated Learning 2
This article delves into "Scale-MIA," a sophisticated model inversion attack that challenges the privacy guarantees of federated learning (FL) systems. Presented by Shanghao Shi, a PhD candidate at Virginia Tech, this work reveals a significant vulnerability that allows an adversarial server to reconstruct sensitive training data from aggregated model updates, even when protected by state-of-the-art privacy mechanisms like secure aggregation and differential privacy. The research highlights a critical gap in current federated learning security paradigms, demonstrating that the collaborative, distributed nature of FL, while designed for privacy, can still be exploited to expose individual user data.
AI review
Solid, publishable ML security research that breaks a real assumption: that SecAgg + DP is sufficient privacy for federated learning. The two-step latent-space reconstruction approach is technically novel and the 61/64 CelebA reconstruction demo at under one second is a meaningful empirical result. NDSS-tier work, which is exactly where it landed.