One of the key advantages of Federated Learning (FL) is its ability to collaboratively train a Machine Learning (ML) model while keeping clients’ data on-site. However, this can create a false sense of security. Despite not sharing private data increases the overall privacy, prior studies have shown that gradients exchanged during the FL training remain vulnerable to Gradient Inversion Attacks (GIAs). These attacks allow reconstructing the clients’ local data, breaking the privacy promise of FL. GIAs can be launched by either a passive or an active server. In the latter case, a malicious server manipulates the global model to facilitate data reconstruction. While effective, earlier attacks falling under this category have been demonstrated to be detectable by clients, limiting their real-world applicability. Recently, novel active GIAs have emerged, claiming to be far stealthier than previous approaches. This work provides the first comprehensive analysis of these claims, investigating four state-of-the-art GIAs. We propose novel lightweight client-side detection techniques, based on statistically improbable weight structures and anomalous loss and gradient dynamics. Extensive evaluation across several configurations demonstrates that our methods enable clients to effectively detect active GIAs without any modifications to the FL training protocol.
@inproceedings{carletti2025detectability,author={Carletti, Vincenzo and Foggia, Pasquale and Mazzocca, Carlo and Parrella, Giuseppe and Vento, Mario},booktitle={2026 IEEE Symposium on Security and Privacy (SP)},title={On the Detectability of Active Gradient Inversion Attacks in Federated Learning},year={2026},issn={2375-1207},pages={1931-1950},doi={10.1109/SP63933.2026.00193},publisher={IEEE Computer Society},month=may,}
2025
USENIX Sec
SoK: Gradient Inversion Attacks in Federated Learning
Vincenzo Carletti, Pasquale Foggia, Carlo Mazzocca, Giuseppe Parrella*, and Mario Vento
In 34th USENIX Security Symposium (USENIX Security 25), 2025
Federated Learning (FL) is a promising paradigm for collaboratively training Machine Learning (ML) models while preserving the privacy of data owners. By allowing participants to maintain their data on-site, FL avoids sending client local data to a central server for model training. However, despite its evident privacy benefits, it is not immune to security and privacy threats. Among these, Gradient Inversion Attacks (GIAs) stand out as one of the most critical as they exploit client’s model updates to reconstruct local training data, breaking participant’s privacy. This work presents a comprehensive systematization of GIAs in FL. First, we identify various threat models defining the adversary’s knowledge and capabilities to perform these attacks. Then, we propose a systematic taxonomy to categorize GIAs, providing practical insights into their methods and applicability. Additionally, we explore defensive mechanisms designed to mitigate these attacks. We also systematize evaluation metrics used to measure the success of GIAs and assess the model’s vulnerability before an attack. Finally, based on a thorough analysis of the existing literature, we identify key challenges and outline promising future research directions.
@inproceedings{carletti2025sok,title={SoK: Gradient Inversion Attacks in Federated Learning},author={Carletti, Vincenzo and Foggia, Pasquale and Mazzocca, Carlo and Parrella, Giuseppe and Vento, Mario},booktitle={34th {USENIX} Security Symposium (USENIX Security 25)},pages={6439--6459},year={2025},publisher={USENIX Association},}
arXiv
GUIDE: Enhancing Gradient Inversion Attacks in Federated Learning with Denoising Models
Vincenzo Carletti, Pasquale Foggia, Carlo Mazzocca, Giuseppe Parrella*, and Mario Vento
@article{carletti2025guide,title={{GUIDE}: Enhancing Gradient Inversion Attacks in Federated Learning with Denoising Models},author={Carletti, Vincenzo and Foggia, Pasquale and Mazzocca, Carlo and Parrella, Giuseppe and Vento, Mario},journal={arXiv preprint arXiv:2510.17621},year={2025},note={Under review in IEEE Internet of Things Journal}}
AINA
Leveraging Open-Source LLMs for Zero-Shot Vulnerability Detection: A Comparative Analysis
Nicola Capuano, Vincenzo Carletti*, Pasquale Foggia, Giuseppe Parrella, and Mario Vento
In International Conference on Advanced Information Networking and Applications, 2025
@inproceedings{capuano2025leveraging,title={Leveraging Open-Source {LLMs} for Zero-Shot Vulnerability Detection: A Comparative Analysis},author={Capuano, Nicola and Carletti, Vincenzo and Foggia, Pasquale and Parrella, Giuseppe and Vento, Mario},booktitle={International Conference on Advanced Information Networking and Applications},pages={13--25},year={2025},publisher={Springer},}
ARES
Evaluating Large Language Models for Vulnerability Detection under Realistic Conditions
Vincenzo Carletti, Pasquale Foggia, Carlo Mazzocca, Giuseppe Parrella*, and Mario Vento
In International Conference on Availability, Reliability and Security, 2025
@inproceedings{carletti2025evaluating,title={Evaluating Large Language Models for Vulnerability Detection under Realistic Conditions},author={Carletti, Vincenzo and Foggia, Pasquale and Mazzocca, Carlo and Parrella, Giuseppe and Vento, Mario},booktitle={International Conference on Availability, Reliability and Security},pages={135--152},year={2025},publisher={Springer},}