Abstract
Federated learning (FL) is a decentralized model training framework that aimsto merge isolated data islands while maintaining data privacy. However, recentstudies have revealed that Generative Adversarial Network (GAN) based attackscan be employed in FL to learn the distribution of private datasets andreconstruct recognizable images. In this paper, we exploit defenses againstGAN-based attacks in FL and propose a framework, Anti-GAN, to prevent attackersfrom learning the real distribution of the victim's data. The core idea ofAnti-GAN is to manipulate the visual features of private training images tomake them indistinguishable to human eyes even restored by attackers.Specifically, Anti-GAN projects the private dataset onto a GAN's generator andcombines the generated fake images with the actual images to create thetraining dataset, which is then used for federated model training. Theexperimental results demonstrate that Anti-GAN is effective in preventingattackers from learning the distribution of private images while causingminimal harm to the accuracy of the federated model.