ABSTRACT Federated learning (FL) enables collaborative model training while keeping private data localized. However, recent studies have revealed that FL is vulnerable to gradient leakage attacks (GLAs), which reconstruct private training data from shared gradients, thereby undermining its fundamental privacy premise. Among existing defenses, differential privacy (DP) remains the dominant approach due to its low computational overhead and rigorous theoretical guarantees. Nevertheless, conventional DP schemes often incur severe utility degradation. Even advanced adaptive methods typically fail to account for the time‐varying nature of privacy leakage risk throughout the training process, resulting in unnecessary performance penalties. To achieve an optimal trade‐off between privacy and utility, we propose a novel defense mechanism named Leakage Risk Quantification‐Based Adaptive Defense (LRQAD). In this framework, each client employs a lightweight procedure to quantify the per‐round privacy leakage risk and dynamically calibrates the perturbation noise scale for model updates. This mechanism ensures that the injected noise remains sufficient to thwart data reconstruction yet not excessive, thereby minimizing its impact on model training. Extensive experiments on benchmark datasets demonstrate that LRQAD provides robust resistance against GLAs with only marginal accuracy loss, achieving a superior privacy‐utility balance compared to existing defense baselines.
Yu et al. (Wed,) studied this question.