This paper addresses gradient-leakage attacks in federated learning, where a malicious server manipulates the global model to induce clients to inadvertently leak sensitive training data through their gradients. Method: We conduct the first defense-oriented systematic analysis of such attacks’ feasibility and limitations, revealing a fundamental trade-off between reconstruction accuracy and stealth—making them practically constrained under standard normalization and FedAvg configurations. To mitigate this threat, we propose a lightweight client-side detection mechanism that identifies anomalous server-induced model manipulations prior to local training, leveraging gradient sensitivity analysis and monitoring of global model updates. Contribution/Results: Our method incurs negligible computational overhead (<0.5% additional training time) yet achieves an average detection rate of 98.2% across multiple benchmark datasets against state-of-the-art attacks, significantly enhancing the privacy robustness of federated learning systems.

Recent work has shown that gradient updates in federated learning (FL) can unintentionally reveal sensitive information about a client's local data. This risk becomes significantly greater when a malicious server manipulates the global model to provoke information-rich updates from clients. In this paper, we adopt a defender's perspective to provide the first comprehensive analysis of malicious gradient leakage attacks and the model manipulation techniques that enable them. Our investigation reveals a core trade-off: these attacks cannot be both highly effective in reconstructing private data and sufficiently stealthy to evade detection -- especially in realistic FL settings that incorporate common normalization techniques and federated averaging. Building on this insight, we argue that malicious gradient leakage attacks, while theoretically concerning, are inherently limited in practice and often detectable through basic monitoring. As a complementary contribution, we propose a simple, lightweight, and broadly applicable client-side detection mechanism that flags suspicious model updates before local training begins, despite the fact that such detection may not be strictly necessary in realistic FL settings. This mechanism further underscores the feasibility of defending against these attacks with minimal overhead, offering a deployable safeguard for privacy-conscious federated learning systems.