Skip to content

[NDSS 2025] CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling

License

Notifications You must be signed in to change notification settings

KaiyuanZh/censor

Repository files navigation

CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling

Python 3.8 Pytorch 2.2 License MIT

Table of Contents

Overview

overview

Results

results

Install required packages

# Create python environment (optional)
conda env create -f env.yml
conda activate censor 

Baselines

This repo contains the code for the following baselines:

Download models

  • download the shape_predictor_68_face_landmarks.dat from here to the root censor directory.
  • download the stylegan2-ffhq-config-f.pt from here to the /inversefed/genmodels/stylegan2_io/ directory.

How to Run the Code

python run_rec.py --config $CONFIG_PATH

Example command for evaluating CENSOR with BigGAN:

python run_rec.py --config configs_biggan.yml

Citation

Please cite our work as follows for any purpose of usage.

@inproceedings{zhang2025censor,
  title={CENSOR: Defense Against Gradient Inversion via Orthogonal Subspace Bayesian Sampling},
  author={Zhang, Kaiyuan and Cheng, Siyuan and Shen, Guangyu and Ribeiro, Bruno and An, Shengwei and Chen, Pin-Yu and Zhang, Xiangyu and Li, Ninghui},
  booktitle={32nd Annual Network and Distributed System Security Symposium, {NDSS} 2025},
  year = {2025},
}

Acknowledgement

Part of the code is adapted from the following repos. We express great gratitude for their contribution to our community!

The BigGAN implementation, we use PyTorch official implementation and weights. For StyleGAN2, we adapt this Pytorch implementation, which is based on the official Tensorflow code.