attack 2026

DECIFR: Domain-Aware Exfiltration of Circuit Information from Federated Gradient Reconstruction

Gijung Lee , Wavid Bowman , Olivia P. Dizon-Paradis , Reiner N. Dizon-Paradis , Ronald Wilson , Damon L. Woodard , Domenic Forte

University of Florida

0 citations
α

Published on arXiv

2604.19915

Membership Inference Attack

OWASP ML Top 10 — ML04

Model Inversion Attack

OWASP ML Top 10 — ML03

Key Finding

Reconstruction fidelity from gradient inversion directly correlates with membership status, allowing reliable distinction between members and non-members in FL-trained IC segmentation models

DECIFR

Novel technique introduced

Federated Learning (FL) is a promising approach for multiparty collaboration as a privacy-preserving technique in hardware assurance, but its security against adversaries with domain-specific knowledge is underexplored. This paper demonstrates a critical vulnerability where available standard cell library layouts (SCLL) can be exploited to compromise the privacy of sensitive integrated circuit (IC) training data. We introduce DECIFR, a novel two-stage Membership Inference Attack (MIA) that requires no auxiliary dataset. The attack employs a guided Gradient Inversion Attack (GIA) to reconstruct a client's training images from intercepted model updates. Our findings reveal that the fidelity of these reconstructions directly correlates with membership status, allowing an adversary to reliably distinguish members from non-members based on image quality. This work exposes a practical threat that overcomes the limitations of conventional attacks and underscores that standard FL protocols are insufficient for securing domains with extensive knowledge. We conclude that robust defenses are essential for the secure application of FL in hardware assurance.

Key Contributions

  • First data-free MIA for FL segmentation models using standard cell library layouts to guide gradient inversion without auxiliary datasets
  • Demonstrates that reconstruction fidelity correlates with membership status, enabling reliable member/non-member distinction
  • Shows adversaries can infer hardware-specific traits (layers, technology nodes) by exploiting domain knowledge in FL hardware assurance

🛡️ Threat Analysis

Model Inversion Attack

Uses gradient inversion attack to reconstruct client training images from intercepted model updates in federated learning — adversary reconstructs private IC training data from gradients.

Membership Inference Attack

Primary contribution is a membership inference attack that determines if specific IC images were in the training set by analyzing reconstruction fidelity.

Details

Domains
visionfederated-learning
Model Types
federatedcnn
Threat Tags
training_timewhite_box
Applications
hardware assuranceic securitysem image segmentation
Read PDF arXiv

Similar Papers

attack

A Data-Free Membership Inference Attack on Federated Learning in Hardware Assurance

2026 0 cit.
Model Inversion AttackMembership Inference Attack
88%
attack

Non-Linear Trajectory Modeling for Multi-Step Gradient Inversion Attacks in Federated Learning

2025 2 cit.
Model Inversion Attack
80%
attack

Uncovering Privacy Vulnerabilities through Analytical Gradient Inversion Attacks

2025 0 cit.
Model Inversion Attack
80%
attack

An Efficient Gradient-Based Inference Attack for Federated Learning

2025 0 cit.
Membership Inference AttackModel Inversion Attack
78%
defense

Privacy-Preserving Collaborative Medical Image Segmentation Using Latent Transform Networks

2026 0 cit.
Model Inversion AttackMembership Inference Attack
76%
defense

Local Layer-wise Differential Privacy in Federated Learning

2026 0 cit.
Model Inversion AttackMembership Inference Attack
76%
attack

GUIDE: Enhancing Gradient Inversion Attacks in Federated Learning with Denoising Models

2025 1 cit.
Model Inversion Attack
75%
attack

ARES: Scalable and Practical Gradient Inversion Attack in Federated Learning through Activation Recovery

2026 0 cit.
Model Inversion Attack
75%