Abstract:

Federated learning enables collaborative machine learning on decentralized data, but faces a critical privacy challenge from gradient leakage attacks, which can reconstruct sensitive user data from shared model updates. While differential privacy defenses like static noise injection are common, they often establish a poor privacy-utility trade-off by indiscriminately adding noise, thereby degrading model accuracy. Conventional dynamic methods also fall short, as they typically fail to adapt to the fine-grained, contextual dynamics of local training. To overcome these limitations, we propose FedDynaNoise, a novel privacy-preserving framework that introduces a triple-adaptive noise injection mechanism. The noise level is dynamically and intelligently calibrated based on three key factors such as the training round, the layer-wise gradient sensitivity, and the prediction entropy. This multi-faceted approach ensures that the privacy budget is used efficiently and effectively. We conducted a comprehensive evaluation of FedDynaNoise on four image classification benchmarks against gradient inversion attacks. Our experiments show that FedDynaNoise provides robust privacy protection, achieving a high reconstruction mean square error of approximately 0.65. This is a significant improvement over static noise and conventional dynamic noise baselines around 0.13 and 0.31. Remarkably, this strong defense is achieved with minimal impact on model utility, with FedDynaNoise reaching a test accuracy of 93.9%, only a slight decrease from the 95.1% of a non-private model. Our work demonstrates that FedDynaNoise offers a superior privacy-utility balance, presenting a practical and effective solution for building more secure, trustworthy, and accurate federated learning systems.