FRISC: Mitigating Privacy Leakage in Federated Learning through Frequency-domain Feature Screening

Federated learning (FL) is an emerging paradigm for privacy-preserving collaborative machine learning that coordinates the training of a global model by sharing model updates (i.e., gradients) instead of sensitive raw information. Yet, sensitive information can be reconstructed from exposed gradients through inversion attacks, challenging the privacy promises of federated learning. Current defenses for federated learning either introduce unnecessary overhead to the training framework to adapt complex cryptographic algorithms or sacrifice model performance through noise injection. In this paper, we approach this challenge from a frequency-domain perspective. We observe that models' overfitting to sample-specific, high-frequency data components ultimately induces privacy vulnerabilities. To this end, we propose FRISC, a lightweight privacy protection scheme for federated learning. FRISC employs a frequency-aware, feature-wise regularization during training, to precisely screen out exploitable information within the training data. This design allows FRISC to be integrated seamlessly into existing federated learning systems with minimal computational cost. We validate the efficacy of our approach through a comprehensive theoretical analysis and extensive empirical evaluations on multiple datasets, including MNIST, Fashion-MNIST, and CIFAR-10. The results demonstrably prove that FRISC significantly improves privacy protection while maintaining model performance, offering a promising solution for improving privacy in federated learning.