This work addresses the privacy risks in federated learning, where sharing model updates can inadvertently leak sensitive user data, and existing privacy-preserving techniques often degrade model accuracy. To mitigate this trade-off, the authors propose FLRSP, a method that enhances robustness against data reconstruction attacks by randomly selecting only a subset of locally trained model parameters for upload and global aggregation. FLRSP integrates seamlessly with both FedSGD and FedAvg frameworks and is evaluated using ResNet34 and Vision Transformer architectures. Experimental results on image classification tasks demonstrate that FLRSP significantly improves defense against state-of-the-art attacks while maintaining high model accuracy, thereby offering a more effective balance between privacy preservation and utility than current approaches.

In this paper, we propose a method for privacy-preserving federated learning that uses randomly selected model parameters to update global models. High-quality deep neural networks (DNN) models require a huge amount of training data in general, but model training raises privacy concerns when dealing with sensitive or personal information. Federated learning is a distributed machine learning framework in which multiple clients and a server train a model collaboratively. However, if the shared updates are compromised, an attacker may reconstruct the original training data. In addition, previous methods for improving robustness generally reduce the accuracy. To overcome these issues, in our method called federated learning using randomly selected model parameters (FLRSP), model parameters computed in each local server are randomly selected and shared to update a global model in a central server. In experiments, image classification tasks were carried out on the ResNet34 architecture and the Vision Transformer (ViT) under the use of Federated Stochastic Gradient Descent (FedSGD) and Federated Averaging (FedAvg), and the results demonstrated our method's effectiveness in terms of image classification accuracy and robustness against state-of-the-art attacks compared with previous methods.