{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T16:50:03Z","timestamp":1768582203721,"version":"3.49.0"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2026,8,25]],"date-time":"2026-08-25T00:00:00Z","timestamp":1787616000000},"content-version":"vor","delay-in-days":222,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["CNS-2140477, CNS-1935923, ITE-2235678, and IIS-2416606"],"award-info":[{"award-number":["CNS-2140477, CNS-1935923, ITE-2235678, and IIS-2416606"]}]},{"name":"Korea Institute of Energy Technology Evaluation and Planning (KETEP) grant funded by the Korea government","award":["RS-2023-00303559"],"award-info":[{"award-number":["RS-2023-00303559"]}]},{"name":"National Renewable Energy Laboratory (NREL) for the U.S. Department of Energy","award":["DE-AC36-08GO28308"],"award-info":[{"award-number":["DE-AC36-08GO28308"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2026,2,28]]},"abstract":"<jats:p>\n                    Federated Learning (FL) has amassed notable attention for its ability to preserve user privacy while emphasizing the retainment of model training efficiency. Due to this potential, FL has been integrated in many domains, such as healthcare, finance, law, and industrial engineering, where data cannot be easily exchanged due to sensitive information and strict privacy laws. However, current research has indicated that FL protocols are easily compromised by\n                    <jats:italic toggle=\"yes\">active<\/jats:italic>\n                    data reconstruction attacks employed by\n                    <jats:italic toggle=\"yes\">actively<\/jats:italic>\n                    dishonest servers. The malicious modification of global model parameters allows an actively dishonest server to obtain a direct copy of users\u2019 private data via gradient inversion. This class of attacks is highly underexplored and continues to be a major challenge due to the intense threat model. In this article, we propose OASIS as a scalable and modality-agnostic defense based on data augmentation that counteracts active data reconstruction attacks while preserving model performance. To generalize our defense, we uncover the intuition behind gradient inversion that enables these attacks and theoretically establish the conditions by which the defense can be considered robust regardless of attack design. From this, we formulate our defense with data augmentation that illustrates its ability to undermine the attack principle. We evaluate OASIS on five real-world datasets\u2013two image-based (ImageNet and CIFAR100) and three text-based (Wikitext, Stack Overflow, and Shakespeare)\u2013which span diverse uses cases such as vision tasks and language modeling. Comprehensive evaluations on these datasets exhibit the efficacy of OASIS and highlight its feasibility as a solution.\n                  <\/jats:p>","DOI":"10.1145\/3762639","type":"journal-article","created":{"date-parts":[[2025,8,25]],"date-time":"2025-08-25T11:26:00Z","timestamp":1756121160000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Securing Federated Learning Against Active Reconstruction Attacks"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1998-4842","authenticated-orcid":false,"given":"Tre' R.","family":"Jeter","sequence":"first","affiliation":[{"name":"Computer and Information Sciences and Engineering, University of Florida","place":["Gainesville, United States"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5836-5884","authenticated-orcid":false,"given":"Truc","family":"Nguyen","sequence":"additional","affiliation":[{"name":"National Renewable Energy Laboratory","place":["Golden, United States"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2861-0439","authenticated-orcid":false,"given":"Raed","family":"Alharbi","sequence":"additional","affiliation":[{"name":"Saudi Electronic University","place":["Riyadh, Saudi Arabia"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0971-8548","authenticated-orcid":false,"given":"Jung Taek","family":"Seo","sequence":"additional","affiliation":[{"name":"Gachon University","place":["Seongnam-si, Korea (the Republic of)"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0503-2012","authenticated-orcid":false,"given":"My","family":"Thai","sequence":"additional","affiliation":[{"name":"Computer and Information Science and Engineering, University of Florida","place":["Gainesville, United States"]}]}],"member":"320","published-online":{"date-parts":[[2026,1,15]]},"reference":[{"key":"e_1_3_3_2_2","unstructured":"2024. NLPAUG \u2013 A Python library to Augment Your Text Data. (2024). Retrieved from https:\/\/www.analyticsvidhya.com\/blog\/2021\/08\/nlpaug-a-python-library-to-augment-your-text-data\/"},{"key":"e_1_3_3_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978318"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP57164.2023.00020"},{"key":"e_1_3_3_5_2","unstructured":"Sebastian Caldas Sai Meher Karthik Duddu Peter Wu Tian Li Jakub Kone\u010dn\u1ef3 H. Brendan McMahan Virginia Smith and Ameet Talwalkar. 2018. Leaf: A benchmark for federated settings. arXiv:1812.01097. Retrieved from https:\/\/arxiv.org\/abs\/1812.01097"},{"key":"e_1_3_3_6_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2019.00020"},{"key":"e_1_3_3_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_3_8_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Fowl Liam H.","year":"2021","unstructured":"Liam H. Fowl, Jonas Geiping, Wojciech Czaja, Micah Goldblum, and Tom Goldstein. 2021. Robbing the Fed: Directly obtaining private data in federated learning with modified models. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00018"},{"key":"e_1_3_3_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2020.3016035"},{"key":"e_1_3_3_11_2","unstructured":"Jonas Geiping Hartmut Bauermeister Hannah Dr\u00f6ge and Michael Moeller. 2020. Inverting gradients-how easy is it to break privacy in federated learning? Advances in Neural Information Processing Systems 33 (2020) 16937\u201316947."},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134012"},{"key":"e_1_3_3_14_2","first-page":"2731","volume-title":"Proceedings of the International Conference on Machine Learning","author":"Ho Daniel","year":"2019","unstructured":"Daniel Ho, Eric Liang, Xi Chen, Ion Stoica, and Pieter Abbeel. 2019. Population based augmentation: Efficient learning of augmentation policy schedules. In Proceedings of the International Conference on Machine Learning. PMLR, 2731\u20132741."},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2018.8647649"},{"key":"e_1_3_3_16_2","unstructured":"Yangsibo Huang Samyak Gupta Zhao Song Kai Li and Sanjeev Arora. 2021. Evaluating gradient inversion attacks and defenses in federated learning. Advances in Neural Information Processing Systems 34 (2021) 7232\u20137241."},{"key":"e_1_3_3_17_2","doi-asserted-by":"crossref","unstructured":"Truong Thu Huong Ta Phuong Bac Dao Minh Long Tran Duc Luong Nguyen Minh Dan Le Anh Quang Le Thanh Cong Bui Doan Thang and Kim Phuc Tran. 2021. Detecting cyberattacks using anomaly detection in industrial control systems: A federated learning approach. Computers in Industry 132 (2021) 103509.","DOI":"10.1016\/j.compind.2021.103509"},{"key":"e_1_3_3_18_2","first-page":"2","volume-title":"Proceedings of the NAACL-HLT","volume":"1","author":"Kenton Jacob Devlin Ming-Wei Chang","year":"2019","unstructured":"Jacob Devlin Ming-Wei Chang Kenton and Lee Kristina Toutanova. 2019. Bert: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the NAACL-HLT, Vol. 1. Minneapolis, Minnesota, 2."},{"issue":"6","key":"e_1_3_3_19_2","first-page":"4088","article-title":"Federated transfer learning based cross-domain prediction for smart manufacturing","volume":"18","author":"Kevin I.","year":"2021","unstructured":"I. Kevin, Kai Wang, Xiaokang Zhou, Wei Liang, Zheng Yan, and Jinhua She. 2021. Federated transfer learning based cross-domain prediction for smart manufacturing. IEEE Transactions on Industrial Informatics 18, 6 (2021), 4088\u20134096.","journal-title":"IEEE Transactions on Industrial Informatics"},{"key":"e_1_3_3_20_2","unstructured":"Alex Krizhevsky Geoffrey Hinton and others. 2009. Learning multiple layers of features from tiny images. (2009)."},{"key":"e_1_3_3_21_2","volume-title":"Advances in Neural Information Processing Systems","author":"Krizhevsky Alex","year":"2012","unstructured":"Alex Krizhevsky, Ilya Sutskever, and Geoffrey E. Hinton. 2012. ImageNet classification with deep convolutional neural networks. In Advances in Neural Information Processing Systems. F. Pereira, C.J. Burges, L. Bottou, and K.Q. Weinberger (Eds.), Vol. 25, Curran Associates, Inc. Retrieved fromhttps:\/\/proceedings.neurips.cc\/paper\/2012\/file\/c399862d3b9d6b76c8436e924a68c45b-Paper.pdf"},{"key":"e_1_3_3_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICC51166.2024.10622682"},{"key":"e_1_3_3_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.3021006"},{"key":"e_1_3_3_24_2","unstructured":"Brendan McMahan Eider Moore Daniel Ramage Seth Hampson and Blaise Aguera y Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Artificial Intelligence and Statistics PMLR 1273\u20131282."},{"key":"e_1_3_3_25_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Merity Stephen","year":"2022","unstructured":"Stephen Merity, Caiming Xiong, James Bradbury, and Richard Socher. 2022. Pointer sentinel mixture models. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.2967\/jnmt.119.227819"},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2021.3075439"},{"key":"e_1_3_3_28_2","first-page":"5714","volume-title":"Proceedings of the 26th International Conference on Artificial Intelligence and Statistics","volume":"206","author":"Nguyen Truc","year":"2023","unstructured":"Truc Nguyen, Phung Lai, Khang Tran, NhatHai Phan, and My T. Thai. 2023. Active membership inference attack under local differential privacy in federated learning. In Proceedings of the 26th International Conference on Artificial Intelligence and Statistics, Vol. 206. PMLR, 5714\u20135730. Retrieved from https:\/\/proceedings.mlr.press\/v206\/nguyen23e.htmlISSN: 2640-3498."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2023.3302016"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICBC54727.2022.9805521"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560557"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00340"},{"key":"e_1_3_3_33_2","volume-title":"The Complete Works of William Shakespeare","author":"Shakespeare William","year":"2007","unstructured":"William Shakespeare. 2007. The Complete Works of William Shakespeare. Wordsworth Editions."},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1186\/s40537-021-00492-0"},{"key":"e_1_3_3_35_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.00919"},{"key":"e_1_3_3_36_2","doi-asserted-by":"crossref","unstructured":"Prohim Tam Sa Math Chaebeen Nam and Seokhoon Kim. 2021. Adaptive resource optimized edge federated learning in real-time image sensing classifications. IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing 14 (2021) 10929\u201310940.","DOI":"10.1109\/JSTARS.2021.3120724"},{"key":"e_1_3_3_37_2","article-title":"TensorFlow Federated: Stack Overflow Dataset","author":"Federated TensorFlow","year":"2024","unstructured":"TensorFlow Federated. 2024. TensorFlow Federated: Stack Overflow Dataset. Retrieved December 15, 2024 from https:\/\/www.tensorflow.org\/federated\/api_docs\/python\/tff\/simulation\/datasets\/stackoverflow\/load_data. (2024).","journal-title":"https:\/\/www.tensorflow.org\/federated\/api_docs\/python\/tff\/simulation\/datasets\/stackoverflow\/load_data"},{"key":"e_1_3_3_38_2","first-page":"1004","volume-title":"Proceedings of the 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS)","author":"Tre\u2019R Jeter","year":"2024","unstructured":"Jeter Tre\u2019R, Truc Nguyen, Raed Alharbi, and My T. Thai. 2024. OASIS: Offsetting active reconstruction attacks in federated learning. In Proceedings of the 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS). IEEE, 1004\u20131015."},{"key":"e_1_3_3_39_2","first-page":"24","volume-title":"Proceedings of the 2023 IEEE 9th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS)","author":"Tre\u2019R Jeter","year":"2023","unstructured":"Jeter Tre\u2019R and My T. Thai. 2023. Privacy analysis of federated learning via dishonest servers. In Proceedings of the 2023 IEEE 9th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). IEEE, 24\u201329."},{"key":"e_1_3_3_40_2","unstructured":"Ashish Vaswani Noam Shazeer Niki Parmar Jakob Uszkoreit Llion Jones Aidan N. Gomez \u0141ukasz Kaiser and Illia Polosukhin. 2017. Attention is all you need. Advances in Neural Information Processing Systems 30 (2017)."},{"key":"e_1_3_3_41_2","article-title":"The EU General Data Protection Regulation (GDPR)","author":"Voigt Paul","year":"2017","unstructured":"Paul Voigt and Axel Von dem Bussche. 2017. The EU General Data Protection Regulation (GDPR): A Practical Guide (1st ed.). Springer International Publishing, Cham.","journal-title":"A Practical Guide (1st ed.). Springer International Publishing, Cham"},{"key":"e_1_3_3_42_2","first-page":"1423","volume-title":"Proceedings of the 27th International Conference on Artificial Intelligence and Statistics","volume":"238","author":"Vu Minh","year":"2024","unstructured":"Minh Vu, Truc Nguyen, Tre\u2019 Jeter, and My T. Thai. 2024. Analysis of privacy leakage in federated large language models. In Proceedings of the 27th International Conference on Artificial Intelligence and Statistics. Sanjoy Dasgupta, Stephan Mandt, and Yingzhen Li (Eds.), Proceedings of Machine Learning Research, Vol. 238, PMLR, 1423\u20131431. Retrieved from https:\/\/proceedings.mlr.press\/v238\/vu24a.html"},{"key":"e_1_3_3_43_2","doi-asserted-by":"publisher","DOI":"10.1109\/BigData59044.2023.10386594"},{"key":"e_1_3_3_44_2","unstructured":"Jianyu Wang Zachary Charles Zheng Xu Gauri Joshi H. Brendan McMahan Maruan Al-Shedivat Galen Andrew Salman Avestimehr Katharine Daly Deepesh Data et\u00a0al. 2021. A field guide to federated optimization. arXiv:2107.06917. Retrieved from https:\/\/arxiv.org\/abs\/2107.06917"},{"key":"e_1_3_3_45_2","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737416"},{"key":"e_1_3_3_46_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Yarats Denis","year":"2020","unstructured":"Denis Yarats, Ilya Kostrikov, and Rob Fergus. 2020. Image augmentation is all you need: Regularizing deep reinforcement learning from pixels. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01607"},{"key":"e_1_3_3_48_2","doi-asserted-by":"crossref","unstructured":"Tengchan Zeng Omid Semiari Mingzhe Chen Walid Saad and Mehdi Bennis. 2022. Federated learning on the road autonomous controller design for connected and autonomous vehicles. IEEE Transactions on Wireless Communications 21 12 (2022) 10407\u201310423.","DOI":"10.1109\/TWC.2022.3183996"},{"key":"e_1_3_3_49_2","volume-title":"Proceedings of the International Conference on Learning Representations","author":"Zhang Hongyi","year":"2018","unstructured":"Hongyi Zhang, Moustapha Cisse, Yann N. Dauphin, and David Lopez-Paz. 2018. Mixup: Beyond empirical risk minimization. In Proceedings of the International Conference on Learning Representations."},{"key":"e_1_3_3_50_2","doi-asserted-by":"crossref","unstructured":"Hao Zhang Qingying Hou Tingting Wu Siyao Cheng and Jie Liu. 2023. Data-augmentation-based federated learning. IEEE Internet of Things Journal 10 24 (2023) 22530\u201322541.","DOI":"10.1109\/JIOT.2023.3303889"},{"key":"e_1_3_3_51_2","unstructured":"Bo Zhao Konda Reddy Mopuri and Hakan Bilen. 2020. idlg: Improved deep leakage from gradients. arXiv:2001.02610. Retrieved from https:\/\/arxiv.org\/abs\/2001.02610"},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00030"},{"key":"e_1_3_3_53_2","unstructured":"Ligeng Zhu Zhijian Liu and Song Han. 2019. Deep leakage from gradients. Advances in Neural Information Processing Systems 32 (2019)."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3762639","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3762639","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T05:07:26Z","timestamp":1768540046000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3762639"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,15]]},"references-count":52,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2,28]]}},"alternative-id":["10.1145\/3762639"],"URL":"https:\/\/doi.org\/10.1145\/3762639","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,15]]},"assertion":[{"value":"2025-01-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-08-13","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2026-01-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}