Gradient leakage attacks (GLAs) in federated learning enable adversaries to reconstruct sensitive training data from shared gradients, posing serious privacy risks. Method: This work systematically evaluates the empirical defense efficacy of differential privacy (DP) mechanisms—specifically DP-SGD and its explicit-regularization variant PDP-SGD—against GLAs in simulated federated vision tasks. Reconstruction quality (measured via PSNR) and model utility (test accuracy) are quantified under controlled settings. Results: DP-SGD significantly degrades reconstruction fidelity (PSNR drop >8 dB) but incurs substantial utility loss; conversely, PDP-SGD preserves model performance yet offers negligible protection against reconstruction. Crucially, the study demonstrates that theoretical DP guarantees alone are insufficient: practical privacy assurance requires empirical assessment of reconstruction risk. To our knowledge, this is the first work to empirically characterize the defense boundaries of DP methods against GLAs within a unified, reproducible evaluation framework—thereby establishing a principled methodology for privacy–utility trade-off analysis in federated learning.

Federated Learning (FL) allows for the training of Machine Learning models in a collaborative manner without the need to share sensitive data. However, it remains vulnerable to Gradient Leakage Attacks (GLAs), which can reveal private information from the shared model updates. In this work, we investigate the effectiveness of Differential Privacy (DP) mechanisms - specifically, DP-SGD and a variant based on explicit regularization (PDP-SGD) - as defenses against GLAs. To this end, we evaluate the performance of several computer vision models trained under varying privacy levels on a simple classification task, and then analyze the quality of private data reconstructions obtained from the intercepted gradients in a simulated FL environment. Our results demonstrate that DP-SGD significantly mitigates the risk of gradient leakage attacks, albeit with a moderate trade-off in model utility. In contrast, PDP-SGD maintains strong classification performance but proves ineffective as a practical defense against reconstruction attacks. These findings highlight the importance of empirically evaluating privacy mechanisms beyond their theoretical guarantees, particularly in distributed learning scenarios where information leakage may represent an unassumable critical threat to data security and privacy.