Towards auditing gradient privacy risks in image reconstruction attacks on deep learning models

Article

Huang, Tao, Shi, Xin, Huang, Qingyu, Chen, Ziyang, Jiang, Liang, Wu, Chenhuang, Zheng, Guolong, Yang, Xu and Yang, Wencheng. 2025. "Towards auditing gradient privacy risks in image reconstruction attacks on deep learning models." Discover Computing. 28 (1). https://doi.org/10.1007/s10791-025-09551-z
Article Title

Towards auditing gradient privacy risks in image reconstruction attacks on deep learning models

Article CategoryArticle
AuthorsHuang, Tao, Shi, Xin, Huang, Qingyu, Chen, Ziyang, Jiang, Liang, Wu, Chenhuang, Zheng, Guolong, Yang, Xu and Yang, Wencheng
Journal TitleDiscover Computing
Journal Citation28 (1)
Number of Pages13
Year2025
PublisherSpringer
Place of PublicationGermany
ISSN2948-2992
Digital Object Identifier (DOI)https://doi.org/10.1007/s10791-025-09551-z
Web Address (URL)https://link.springer.com/article/10.1007/s10791-025-09551-z
Abstract

As artificial intelligence continues to drive advancements in computer vision, particularly in areas such as image analysis, object detection, and facial recognition, the ability to accurately recognize patterns in visual data has become a central focus of research. However, alongside these advances, concerns about the privacy risks associated with the training data used in AI models have also gained prominence. Deep learning models, frequently employed in computer vision tasks, can unintentionally expose sensitive information from the data they are trained on, raising the need for comprehensive research into privacy-preserving techniques. This paper explores the intersection of AI-driven pattern recognition and the privacy risks involved in training models on image data. Existing studies show that attackers can exploit the gradients from deep learning processes to reconstruct original image data, including personal and identifiable information, such as facial features. By iteratively adjusting input data, attackers can minimize the difference between the gradients of the random and stolen data, leading to the full reconstruction of private images. Current privacy protection methods fall short of explaining the relationship between an attacker’s capacity to recover visual data and the structure of the targeted model. This paper introduces a novel privacy auditing framework that directly assesses the extent to which gradient-based attacks can reconstruct sensitive data. Unlike traditional methods, which mainly focus on mitigating privacy risks through model regularization or data obfuscation, our approach provides a systematic and quantitative evaluation of gradient leakage, filling a critical gap in existing privacy protection techniques. This paper investigates the relationships among reconstructed data, model gradients, and the original input data in the context of computer vision. By formalizing the connection between gradient similarity and data similarity, we propose a novel methodology that quantifies the vulnerability of deep learning models to data reconstruction attacks. Building on these insights, we propose a novel privacy auditing method aimed at evaluating the privacy risks associated with deep learning models used in pattern recognition for image data.

KeywordsData mining; Pattern recognition ; Privacy risk auditing; Differential privacy
Contains Sensitive ContentDoes not contain sensitive content
ANZSRC Field of Research 2020460299. Artificial intelligence not elsewhere classified
Byline AffiliationsMinjiang University, China
Putian University, China
School of Science, Engineering & Digital Technologies- Maths,Physics & Computing
Permalink -

https://research.usq.edu.au/item/zyq2v/towards-auditing-gradient-privacy-risks-in-image-reconstruction-attacks-on-deep-learning-models

Log in to edit

Download files

Published Version
s10791-025-09551-z.pdf
License: CC BY
File access level: Anyone

  • 14
    total views
  • 2
    total downloads
  • 14
    views this month
  • 2
    downloads this month

Export as

Related outputs

eBPF-Guard: a detection method for container escape via multi-level monitoring and enhanced analysis model
Li, Xiaotang, Chen, Zhide, Yang, Wencheng, Yang, Xuechao, Luo, Junwei and Yang, Xu. 2026. "eBPF-Guard: a detection method for container escape via multi-level monitoring and enhanced analysis model." Empirical Software Engineering: an international journal. 31 (3). https://doi.org/10.1007/s10664-025-10784-1
Open set recognition of radar specific emitter based on adversarial reciprocal point learning
Zhang, Wenxu, An, Lin, Yang, Wencheng, Zhao, Zhongkai and Liu, Feiran. 2026. "Open set recognition of radar specific emitter based on adversarial reciprocal point learning." Signal Processing. 238. https://doi.org/10.1016/j.sigpro.2025.110137
The Chance Set-Up on Pattern Discovery
Elnour, Ammar, Yang, Wencheng and Li, Yan. 2025. "The Chance Set-Up on Pattern Discovery." IEEE Open Journal of the Computer Society. 6, pp. 1741-1751. https://doi.org/10.1109/OJCS.2025.3623301
Effects of particle size on properties of engineering muck-based geopolymers: Optimization through sieving treatment
Yuan, Bingxiang, Huang, Xianlun, Huang, Qingyu, Shiau, Jim, Liang, Jingkang, Zhang, Baifa, Zheng, Junjie, Fahimizadeh, Mohammad and Sabri, Mohanad Muayad. 2025. "Effects of particle size on properties of engineering muck-based geopolymers: Optimization through sieving treatment ." Construction and Building Materials. 492. https://doi.org/10.1016/j.conbuildmat.2025.142967
SMFSwap: Student-aware multi-teacher knowledge distillation for fast face-swapping
Ding, Yifeng, Yang, Gaoming, Yin, Shuting, Zhang, Ji, Fang, Xianjin and Yang, Wencheng. 2025. "SMFSwap: Student-aware multi-teacher knowledge distillation for fast face-swapping." Neurocomputing. 649. https://doi.org/10.1016/j.neucom.2025.130807
Deep learning model inversion attacks and defenses: a comprehensive survey
Yang, Wencheng, Wang, Song, Wu, Di, Cai, Taotao, Zhu, Yanming, Wei, Shicheng, Zhang, Yiying, Yang, Xu, Tang, Zhaohui and Li, Yan. 2025. "Deep learning model inversion attacks and defenses: a comprehensive survey." Artificial Intelligence Review: an international survey and tutorial journal. 58 (8). https://doi.org/10.1007/s10462-025-11248-0
Using Machine Learning to Detect Vault (Anti-Forensic) Apps
Johnstone, Michael N., Yang, Wencheng and Ahmad, Mohiuddin. 2025. "Using Machine Learning to Detect Vault (Anti-Forensic) Apps." Future Internet. 17 (5). https://doi.org/10.3390/fi17050186
Nonparametric Bootstrap Likelihood Estimation to Investigate the Chance Set-up on Clustering Results
Elnour, Ammar, Yang, Wencheng and Li, Yan. 2025. "Nonparametric Bootstrap Likelihood Estimation to Investigate the Chance Set-up on Clustering Results." IEEE Open Journal of the Computer Society. 6, pp. 438-448. https://doi.org/10.1109/OJCS.2025.3545261
A 3D decoupling Alzheimer’s disease prediction network based on structural MRI
Wei, Shicheng, Yang, Wencheng, Wang, Eugene, Wang, Song and Li, Yan. 2025. "A 3D decoupling Alzheimer’s disease prediction network based on structural MRI." Health Information Science and Systems. 13. https://doi.org/10.1007/s13755-024-00333-3
High Security and Privacy Protection Model for STI/HIV Risk Prediction
Tang, Zhaohui, Nguyen, Thi Phuoc Van, Yang, Wencheng, Xia, Xiaoyu, Chen, Huaming, Mullens, Amy B., Dean, Judith A., Osborne, Sonya and Li, Yan. 2024. "High Security and Privacy Protection Model for STI/HIV Risk Prediction." Digital Health. 10, pp. 1-14. https://doi.org/DOI:10.1177/20552076241298425
Generous teacher: Good at distilling knowledge for student learning
Ding, Yifeng, Yang, Gaoming, Yin, Shuting, Zhang, Ji, Fang, Xianjin and Yang, Wencheng. 2024. "Generous teacher: Good at distilling knowledge for student learning." Image and Vision Computing. 150. https://doi.org/10.1016/j.imavis.2024.105199
Advancing face detection efficiency: Utilizing classification networks for lowering false positive incidences
Zhang, Jianlin, Hou, Chen, Yang, Xu, Yang, Xuechao, Yang, Wencheng and Cui, Hui. 2024. "Advancing face detection efficiency: Utilizing classification networks for lowering false positive incidences." Array. 22. https://doi.org/10.1016/j.array.2024.100347
Lightweight federated learning for STIs/HIV prediction
Nguyen, Thi Phuoc Van, Yang, Wencheng, Tang, Zhaohui, Xia, Xiaoyu, Mullens, Amy B., Dean, Judith A. and Li, Yan. 2024. "Lightweight federated learning for STIs/HIV prediction." Scientific Reports. 14 (1). https://doi.org/10.1038/s41598-024-56115-0
UAV Control Method Combining Reptile Meta-Reinforcement Learning and Generative Adversarial Imitation Learning
Jiang, Shui, Ge, Yanning, Yang, Xu, Yang, Wencheng and Cui, Hui. 2024. "UAV Control Method Combining Reptile Meta-Reinforcement Learning and Generative Adversarial Imitation Learning." Future Internet. 16 (3). https://doi.org/10.3390/fi16030105
Evaluating Cryptocurrency Market Risk on the Blockchain: An Empirical Study Using the ARMA-GARCH-VaR Model
Huang, Yongrong, Wang, Huiqing, Chen, Zhide, Feng, Chen, Zhu, Kexin, Yang, Xu and Yang, Wencheng. 2024. "Evaluating Cryptocurrency Market Risk on the Blockchain: An Empirical Study Using the ARMA-GARCH-VaR Model." IEEE Open Journal of the Computer Society. 5, pp. 83-94. https://doi.org/10.1109/OJCS.2024.3370603
Feature extraction and learning approaches for cancellable biometrics: A survey
Yang, Wencheng, Wang, Song, Hu, Jiankun, Tao, Xiaohui and Li, Yan. 2024. "Feature extraction and learning approaches for cancellable biometrics: A survey." CAAI Transactions on Intelligence Technology. 9 (1), pp. 4-25. https://doi.org/10.1049/cit2.12283
An Adaptive Feature Fusion Network for Alzheimer’s Disease Prediction
Wei, Shicheng, Li, Yan and Yang, Wencheng. 2023. "An Adaptive Feature Fusion Network for Alzheimer’s Disease Prediction." 12th International Conference on Health Information Science (HIS 2023). Melbourne, Australia 23 - 24 Oct 2023 Germany. https://doi.org/10.1007/978-981-99-7108-4
A Review of Homomorphic Encryption for Privacy-Preserving Biometrics
Yang, Wencheng, Wang, Song, Cui, Hui, Tang, Zhaohui and Li, Yan. 2023. "A Review of Homomorphic Encryption for Privacy-Preserving Biometrics." Sensors. 23 (7). https://doi.org/10.3390/s23073566
Hybrid KD-NFT: A multi-layered NFT assisted robust Knowledge Distillation framework for Internet of Things
Wang, Nai, Chen, Junjun, Wu, Di, Yang, Wencheng, Xiang, Yong and Sajjanhar, Atul. 2023. "Hybrid KD-NFT: A multi-layered NFT assisted robust Knowledge Distillation framework for Internet of Things." Journal of Information Security and Applications. 75. https://doi.org/10.1016/j.jisa.2023.103483
A review of multi-factor authentication in the Internet of Healthcare Things
Suleski, Tance, Ahmed, Mohiuddin, Yang, Wencheng and Wang, Eugene. 2023. "A review of multi-factor authentication in the Internet of Healthcare Things." Digital Health. 9, pp. 1-20. https://doi.org/10.1177/20552076231177144
Token-Based Biometric Enhanced Key Derivation for Authentication Over Wireless Networks
Cui, Hui, Yang, Xuechao, Yang, Wencheng, Qin, Baodong and Yi, Xun. 2023. "Token-Based Biometric Enhanced Key Derivation for Authentication Over Wireless Networks." IEEE Transactions on Network Science and Engineering. 10 (4), pp. 2347-2357. https://doi.org/10.1109/TNSE.2023.3246439
A Secure Online Fingerprint Authentication System for Industrial IoT Devices over 5G Networks
Bedari, Aseel, Wang, Song and Yang, Wencheng. 2022. "A Secure Online Fingerprint Authentication System for Industrial IoT Devices over 5G Networks." Sensors. 22 (19), pp. 1-16. https://doi.org/10.3390/s22197609
Multimedia security and privacy protection in the internet of things: research developments and challenges
Yang, Wencheng, Wang, Song, Hu, Jiankun and Karie, Nickson M.. 2022. "Multimedia security and privacy protection in the internet of things: research developments and challenges." International Journal of Multimedia Intelligence and Security. 4 (1), pp. 20-46. https://doi.org/10.1504/ijmis.2022.121282
A linear convolution-based cancelable fingerprint biometric authentication system
Yang, Wencheng, Wang, Song, Kang, James Jin, Johnstone, Michael N. and Bedari, Aseel. 2022. "A linear convolution-based cancelable fingerprint biometric authentication system." Computers and Security. 114, pp. 1-14. https://doi.org/10.1016/j.cose.2021.102583
A Review on Security Issues and Solutions of the Internet of Drones
Yang, Wencheng, Wang, Song, Yin, Xuefei, Wang, Xu and Hu, Jiankun. 2022. "A Review on Security Issues and Solutions of the Internet of Drones." IEEE Open Journal of the Computer Society. 3, pp. 96-110. https://doi.org/10.1109/OJCS.2022.3183003
Network Forensics in the Era of Artificial Intelligence
Yang, Wencheng, Johnstone, Michael N., Wang, Song, Karie, Nickson M., Bin Sahri, Nor Masri and Kang, James Jin. 2022. "Network Forensics in the Era of Artificial Intelligence." Ahmed, Mohiuddin, Islam, Sheikh Rabiul, Anwar, Adnan, Moustafa, Nour and Pathan, Al-Sakib Khan (ed.) Explainable Artificial Intelligence for Cyber Security: Next Generation Artificial Intelligence. Cham, Switzerland. Springer. pp. 171-190
Leveraging Artificial Intelligence Capabilities for Real-Time Monitoring of Cybersecurity Threats
Karie, Nickson M., Bin Sahri, Nor Masri Bin, Yang, Wencheng and Johnstone, Michael N.. 2022. "Leveraging Artificial Intelligence Capabilities for Real-Time Monitoring of Cybersecurity Threats." Ahmed, Mohiuddin, Islam, Sheikh Rabiul, Anwar, Adnan, Moustafa, Nour and Pathan, Al-Sakib Khan (ed.) Explainable Artificial Intelligence for Cyber Security: Next Generation Artificial Intelligence. Cham, Switzerland. Springer. pp. 141-169
Biometrics for internet‐of‐things security: A review
Yang, Wencheng, Wang, Song, Sahri, Nor Masri, Karie, Nickson M., Ahmed, Mohiuddin and Valli, Craig. 2021. "Biometrics for internet‐of‐things security: A review." Sensors. 21 (18). https://doi.org/10.3390/s21186163
Security and Forensics in the Internet of Things: Research Advances and Challenges
Yang, Wencheng, Johnstone, Michael N., Sikos, Leslie F. and Wang, Song. 2020. "Security and Forensics in the Internet of Things: Research Advances and Challenges." 2020 Workshop on Emerging Technologies for Security in IoT (ETSecIoT). Sydney, Australia 21 - 21 Apr 2020 Australia. IEEE (Institute of Electrical and Electronics Engineers). pp. 12-17 https://doi.org/10.1109/ETSecIoT50046.2020.00007
A Critical Analysis of ECG-Based Key Distribution for Securing Wearable and Implantable Medical Devices
Zheng, Guanglou, Shankaran, Rajan, Yang Wencheng, Valli, Craig, Qiao, Li, Orgun, Mehmet A. and Mukhopadhyay, Subhas Chandra. 2019. "A Critical Analysis of ECG-Based Key Distribution for Securing Wearable and Implantable Medical Devices." IEEE Sensors Journal. 19 (3), pp. 1186-1198. https://doi.org/10.1109/JSEN.2018.2879929