联邦学习及其安全与隐私保护研究综述

doi:10.19678/j.issn.1000-3428.0067782

摘要/Abstract

摘要： 联邦学习(FL)是一种新兴的分布式机器学习技术,只需将数据留在本地即可通过各方协作训练一个共有模型,解决了传统机器学习中数据难以采集和隐私安全的问题。随着联邦学习技术的应用和发展,相关研究发现联邦学习仍可能受到各类攻击。为了确保联邦学习的安全性,研究联邦学习中的攻击方式及相应的隐私保护技术显得尤为重要。首先介绍了联邦学习的背景知识及相关定义,总结概括了联邦学习的发展历程及分类;接着阐述了联邦学习的安全三要素,从基于安全来源和基于安全三要素2个角度分类概述了联邦学习中的安全问题及研究进展;然后对隐私保护技术进行分类,结合相关研究应用综述了联邦学习中安全多方计算(SMC)、同态加密(HE)、差分隐私(DP)、可信执行环境(TEE)4种常用隐私保护技术;最后对联邦学习的未来研究方向进行展望。

关键词: 联邦学习, 数据安全, 攻击方式, 隐私保护, 安全三要素

Abstract: Federated Learning (FL) is a new distributed machine earning technology that only requires local maintenance of data and can train a common model through the cooperation of all parties, which mitigates issues pertaining to data collection and privacy security in conventional machine learning. However, with the application and development of FL, it is still exposed to various attacks. To ensure the security of FL, the attack mode in FL and the corresponding privacy protection technology must be investigated. Herein, first, the background knowledge and relevant definitions of FL are introduced, and the development process and classification of FL are summarized. Second, the security three elements of FL are expounded, and the security issues and research progress of FL are summarized from two perspectives based on security sources and the security three elements. Subsequently, privacy protection technologies are classified. This paper summarizes four common privacy protection technologies used in FL: Secure Multiparty Computing (SMC), Homomorphic Encryption (HE), Differential Privacy (DP), and Trusted Execution Environment (TEE). Finally, the future research direction for FL is discussed.

Key words: Federated Learning(FL), data security, attack mode, privacy protection, security three elements

中图分类号:

TP309

熊世强, 何道敬, 王振东, 杜润萌. 联邦学习及其安全与隐私保护研究综述[J]. 计算机工程, 2024, 50(5): 1-15.

XIONG Shiqiang, HE Daojing, WANG Zhendong, DU Runmeng. Review of Federated Learning and Its Security and Privacy Protection[J]. Computer Engineering, 2024, 50(5): 1-15.

https://www.ecice06.com/CN/Y2024/V50/I5/1

参考文献

[1] ROH Y, HEO G, WHANG S E. A survey on data collection for machine learning:a big data-AI integration perspective[J]. IEEE Transactions on Knowledge and Data Engineering, 2021, 33(4):1328-1347.
[2] ZHANG C L, LI S Y, XIA J Z, et al. BatchCrypt:efficient homomorphic encryption for cross-silo federated learning[C]//Proceedings of 2020 USENIX Conference on USENIX Annual Technical Conference. New York, USA:ACM Press, 2020:493-506.
[3] YUE Z, LI M, LAI L Z, et al. Federated learning with non-IID data[EB/OL].[2023-05-11]. https://arxiv.org/abs/1806.00582.
[4] YANG Q, LIU Y, CHEN T J, et al. Federated machine learning:concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2):12.
[5] PILLUTLA K, MALIK K, MOHAMED A, et al. Federated learning with partial model personalization[EB/OL].[2023-05-11]. https://arxiv.org/abs/2204.03809.
[6] ALAZAB M, RM S P, PARIMALA M, et al. Federated learning for cybersecurity:concepts, challenges, and future directions[J]. IEEE Transactions on Industrial Informatics, 2022, 18(5):3501-3509.
[7] 周志华. 机器学习[M]. 北京:清华大学出版社, 2016. ZHOU Z H. Machine learning[M]. Beijing:Tsinghua University Press, 2016.(in Chinese)
[8] VERBRAEKEN J, WOLTING M, KATZY J, et al. A survey on distributed machine learning[J]. ACM Computing Surveys, 53(2):30.
[9] CUSTERS B, SEARS A M, DECHESNE F, et al. EU personal data protection in policy and practice[M].[S.l.]:T.M.C. Asser Press, 2019.
[10] 中华人民共和国网络安全法[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2016-11/07/c_1119867116_2.htm. Cyber security law of the People's Republic of China[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2016-11/07/c_1119867116_2.htm. (in Chinese)
[11] 中华人民共和国数据安全法[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2021-06/11/c_1624994566919140.htm. Data security law of the People's Republic of China[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2021-06/11/c_1624994566919140.htm. (in Chinese)
[12] 中华人民共和国个人信息保护法[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2021-08/20/c_1631050028355286.htm. Personal information protection law of the People's Republic of China[EB/OL].[2023-05-11]. http://www.cac.gov.cn/2021-08/20/c_1631050028355286.htm. (in Chinese)
[13] WANG X D, GARG S, LIN H, et al. Toward accurate anomaly detection in industrial Internet of Things using hierarchical federated learning[J]. IEEE Internet of Things Journal, 2022, 9(10):7110-7119.
[14] ANDREW H, RAO K, MATHEWS R, et al. Federated learning for mobile keyboard prediction[EB/OL].[2023-05-11]. https://arxiv.org/abs/1811.03604.
[15] 王健宗,李泽远,何安珣. 深入浅出联邦学习原理与实践[M]. 北京:机械工业出版社,2021. WANG J Z, LI Z Y, HE A X. Principles and practice of federated learning in a simple way[M]. Beijing:Mechanical Industry Press, 2021. (in Chinese)
[16] DING J, TRAMEL E, SAHU A K, et al. Federated learning challenges and opportunities:an outlook[C]//Proceedings of 2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). Washington D.C., USA:IEEE Press, 2022:8752-8756.
[17] 杨强, 刘洋, 程勇, 等. 联邦学习[M]. 北京:电子工业出版社, 2020. YANG Q, LIU Y, CHENG Y, et al. Federated learning[M]. Beijing:Publishing House of Electronics Industry, 2020.(in Chinese)
[18] MCMAHAN H B, MOORE E, RAMAGE D, et al. Federated learning of deep networks using model averaging[EB/OL].[2023-05-11]. https://arxiv.org/abs/1602.05629v1.
[19] MCMAHAN B, RANAGE D. Federated learning:collaborative machine learning without centralized training data[EB/OL].[2023-05-11]. https://www.googblogs.com/federated-learning-collaborative-machine-learning-without-centralized-training-data/.
[20] 彭南博, 王虎. 联邦学习技术及实战[M]. 北京:电子工业出版社, 2021. PENG N B, WANG H. Federal learning technology and actual combat[M]. Beijing:Publishing House of Electronics Industry, 2021.(in Chinese)
[21] BONAWITZ K, EICHNER H, GRIESKAMP W, et al. Towards federated learning at scale:system design[EB/OL].[2023-05-11]. https://arxiv.org/abs/1902.01046.
[22] 2022联邦学习全球研究与应用趋势报告[EB/OL].[2023-05-11]. https://www.secrss.com/articles/34579. 2022 Global research and application trend report on federated learning[EB/OL].[2023-05-11]. https://www.secrss.com/articles/34579. (in Chinese)
[23] KAIROUZ P, MCMAHAN H B, AVENT B, et al. Advances and open problems in federated learning[EB/OL].[2023-05-11]. https://arxiv.org/abs/1912.04977.
[24] 邢云隆. 基于网络安全维护的计算机网络安全技术应用探讨[J]. 科技创新与应用, 2022(25):189-192. XING Y L. Discussion on the application of computer network security technology based on network security maintenance[J]. Technology Innovation and Application, 2022(25):189-192.(in Chinese)
[25] IMTEAJ A, THAKKER U, WANG S Q, et al. A survey on federated learning for resource-constrained IoT devices[J]. IEEE Internet of Things Journal, 2022, 9(1):1-24.
[26] 梁天恺, 曾碧, 陈光. 联邦学习综述:概念、技术、应用与挑战[J]. 计算机应用, 2022, 42(12):3651-3662. LIANG T K, ZENG B, CHEN G. Federated learning survey:concepts, technologies, applications and challenges[J]. Journal of Computer Applications, 2022, 42(12):3651-3662.(in Chinese)
[27] 王腾, 霍峥, 黄亚鑫, 等. 联邦学习中的隐私保护技术研究综述[J]. 计算机应用, 2023, 43(2):437-449. WANG T, HUO Z, HUANG Y X, et al. Survey of privacy-preserving technologies in federated learning[J]. Journal of Computer Applications, 2023, 43(2):437-449.(in Chinese)
[28] 吴建汉, 司世景, 王健宗, 等. 联邦学习攻击与防御综述[J]. 大数据, 2022, 8(5):12-32. WU J H, SI S J, WANG J Z, et al. Threats and defenses of federated learning:a survey[J]. Big Data Research, 2022, 8(5):12-32.(in Chinese)
[29] CHEN Q, YAO L, WANG X, et al. SecMDGM:federated learning security mechanism based on multi-dimensional auctions[J]. Sensors, 2022, 22(23):9434.
[30] 王坤庆, 刘婧, 李晨, 等. 联邦学习安全威胁综述[J]. 信息安全研究, 2022, 8(3):223-234. WANG K Q, LIU J, LI C, et al. A survey on threats to federated learning[J]. Journal of Information Security Research, 2022, 8(3):223-234.(in Chinese)
[31] 陈明鑫, 张钧波, 李天瑞. 联邦学习攻防研究综述[J]. 计算机科学, 2022, 49(7):310-323. CHEN M X, ZHANG J B, LI T R. Survey on attacks and defenses in federated learning[J]. Computer Science, 2022, 49(7):310-323.(in Chinese)
[32] MOTHUKURI V, PARIZI R M, POURIYEH S, et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021, 115:619-640.
[33] NGUYEN T, THAI M T. Preserving privacy and security in federated learning[J]. IEEE/ACM Transactions on Networking, 2024,32(1):833-843.
[34] 景慧昀, 周川, 贺欣. 针对人脸检测对抗攻击风险的安全测评方法[J]. 计算机科学, 2021, 48(7):17-24. JING H Y, ZHOU C, HE X. Security evaluation method for risk of adversarial attack on face detection[J]. Computer Science, 2021, 48(7):17-24.(in Chinese)
[35] CAO J R, ZHU L H. A highly efficient, confidential, and continuous federated learning backdoor attack strategy[C]//Proceedings of the 14th International Conference on Machine Learning and Computing. New York, USA:ACM Press, 2022:18-27.
[36] LI M H, WAN W, LU J R, et al. Shielding federated learning:mitigating Byzantine attacks with less constraints[EB/OL].[2023-05-11]. https://arxiv.org/abs/2210.01437.
[37] 孙爽, 李晓会, 刘妍, 等. 不同场景的联邦学习安全与隐私保护研究综述[J]. 计算机应用研究, 2021, 38(12):3527-3534. SUN S, LI X H, LIU Y, et al. Survey on security and privacy protection in different scenarios of federated learning[J]. Application Research of Computers, 2021, 38(12):3527-3534.(in Chinese)
[38] JIANG Y F, ZHANG W W, CHEN Y X. Data quality detection mechanism against label flipping attacks in federated learning[J]. IEEE Transactions on Information Forensics and Security, 2023, 18:1625-1637.
[39] CHIU T C, LIN W C, PANG A C, et al. Dual-masking framework against two-sided model attacks in federated learning[EB/OL].[2023-05-11]. https://www.semanticscholar.org/paper/Dual-Masking-Framework-against-Two-Sided-Model-in-Chiu-Lin/ff9f85f3d51496f74f6ce2b5e50110d49e254217/figure/6.
[40] CHEN L Y, CHIU T C, PANG A C, et al. FedEqual:defending model poisoning attacks in heterogeneous federated learning[C]//Proceedings of the IEEE Global Communications Conference. Washington D.C., USA:IEEE Press, 2021:1-6.
[41] WANG Y K, ZHAI D H, HE Y P, et al. An adaptive robust defending algorithm against backdoor attacks in federated learning[J]. Future Generation Computer Systems, 2023, 143(C):118-131.
[42] ZHAO C, WEN Y, LI S L, et al. FederatedReverse:a detection and defense method against backdoor attacks in federated learning[C]//Proceedings of 2021 ACM Workshop on Information Hiding and Multimedia Security. New York, USA:ACM Press, 2021:1-6.
[43] YANG X, FENG Y, FANG W J, et al. An accuracy-lossless perturbation method for defending privacy attacks in federated learning[C]//Proceedings of ACM Web Conference 2022. New York, USA:ACM Press, 2022:732-742.
[44] 张鹏. 基于区块链的联邦学习隐私安全性研究[D]. 长春:长春工业大学, 2022. ZHANG P. Research on privacy security of federated learning based on blockchain[D]. Changchun:Changchun University of Technology, 2022. (in Chinese)
[45] 钱文君, 沈晴霓, 吴鹏飞, 等. 大数据计算环境下的隐私保护技术研究进展[J]. 计算机学报, 2022, 45(4):669-701. QIAN W J, SHEN Q N, WU P F, et al. Research progress on privacy-preserving techniques in big data computing environment[J]. Chinese Journal of Computers, 2022, 45(4):669-701.(in Chinese)
[46] 中国信通院.隐私计算白皮书(2021年)[EB/OL].[2023-05-11]. https://www.sohu.com/a/478870037_121124365. China Academy of Information and Communications. White paper on privacy computing (2021)[EB/OL].[2023-05-11]. https://www.sohu.com/a/478870037_121124365. (in Chinese)
[47] YAO C C. How to generate and exchange secrets[C]//Proceedings of the 27th Annual Symposium on Foundations of Computer Science. New York, USA:ACM Press, 1986:162-167.
[48] 冯琦. 基于安全多方计算的数据隐私保护技术研究[D]. 武汉:武汉大学, 2021. FENG Q. Research on data privacy preservation technologies using secure multi-party computation[D].Wuhan:Wuhan University, 2021. (in Chinese)
[49] 孙茂华. 安全多方计算及其应用研究[D]. 北京:北京邮电大学, 2013. SUN M H. Research on secure multi-party computation and its application[D]. Beijing:Beijing University of Posts and Telecommunications, 2013. (in Chinese)
[50] ZHANG C, EKANUT S, ZHEN L L, et al. Augmented multi-party computation against gradient leakage in federated learning[J/OL]. IEEE Transactions on Big Data:1-10[2023-05-11]. https://doi.org/10.1109/TBDATA.2022.3208736.
[51] HOSSEINI S M, SIKAROUDI M, BABAEI M, et al. Cluster based secure multi-party computation in federated learning for histopathology images[M].Berlin, Germany:Springer, 2022.
[52] KANAGAVELU R, WEI Q S, LI Z X, et al. CE-Fed:communication efficient multi-party computation enabled federated learning[J]. Array, 2022, 15:100207.
[53] SUN L T, DU R M, HE D J, et al. Feature engineering framework based on secure multi-party computation in federated learning[C]//Proceedings of the 23rd International Conference on High Performance Computing & Communications; 7th International Conference on Data Science & Systems; 19th International Conference on Smart City; 7th International Conference on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). Washington D.C., USA:IEEE Press, 2021:487-494.
[54] RIVEST, R L, MICHAWL L D. On data banks and privacy homomorphisms[EB/OL].[2023-05-11]. https://www.semanticscholar.org/paper/ON-DATA-BANKS-AND-PRIVAC Y-HOMOMORPHISMS-Rivest-Dertouzos/c365f01d330b221 1e74069120e88cff37eacbcf5.
[55] 周启贤. 基于同态加密的安全的机器学习研究[D]. 成都:电子科技大学, 2021. ZHOU Q X. Research on secure machine learning based on homomorphic encryption[D]. Chengdu:University of Electronic Science and Technology of China, 2021. (in Chinese)
[56] TIAN H B, WEN Y C, ZHANG F G, et al. A distributed threshold additive homomorphic encryption for federated learning with dropout resiliency based on lattice[C]//Proceedings of International Symposium on Cyberspace Safety and Security. Berlin, Germany:Springer, 2022:277-292.
[57] WIBAWA F, CATAK F O, KUZLU M, et al. Homomorphic encryption and federated learning based privacy-preserving CNN training:COVID-19 detection use-case[C]//Proceedings of European Interdisciplinary Cybersecurity Conference. New York, USA:ACM Press, 2022:2864-2880.
[58] PARK J, YU N Y, LIM H. Privacy-preserving federated learning using homomorphic encryption with different encryption keys[C]//Proceedings of the 13th International Conference on Information and Communication Technology Convergence (ICTC). Washington D.C., USA:IEEE Press, 2022:1869-1871.
[59] QIU F Y, YANG H, ZHOU L, et al. Privacy preserving federated learning using CKKS homomorphic encryption[M]. Berlin, Germany:Springer, 2022.
[60] ZHANG S L, LI Z R, CHEN Q, et al. Dubhe:towards data unbiasedness with homomorphic encryption in federated learning client selection[C]//Proceedings of the 50th International Conference on Parallel Processing. New York, USA:ACM Press, 2021:1-10.
[61] DWORK C, MCSHERRY F, NISSIM K, et al. Calibrating noise to sensitivity in private data analysis[C]//Proceedings of the 3rd Conference on Theory of Cryptography. New York, USA:ACM Press, 2006:265-284.
[62] 张鸿鸣, 鲍晓涵, 倪巍伟. 基于差分隐私的数据流频繁项集发布[J]. 计算机工程与设计, 2022, 43(11):3051-3056. ZHANG H M, BAO X H, NI W W. Dataflow frequent item set publishing based on differential privacy[J]. Computer Engineering and Design, 2022, 43(11):3051-3056.(in Chinese)
[63] 张珊. 深度学习中差分隐私保护算法研究[D]. 呼和浩特:内蒙古大学, 2022. ZHANG S. Research on differential privacy in deep learning[D].Hohhot:Inner Mongolia University, 2022. (in Chinese)
[64] 李明霜. 基于分类数据的差分隐私保护研究[D]. 西安:陕西师范大学, 2021. LI M S. Research on differential privacy protection based on classified data[D].Xi'an:Shaanxi Normal University, 2021. (in Chinese)
[65] 杨庚, 王周生. 联邦学习中的隐私保护研究进展[J]. 南京邮电大学学报(自然科学版), 2020, 40(5):204-214. YANG G, WANG Z S. Survey on privacy preservation in federated learning[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2020, 40(5):204-214.(in Chinese)
[66] AVENT B, KOROLOVA A, ZEBER D, et al. BLENDER:enabling local search with a hybrid differential privacy model[EB/OL].[2023-05-11]. https://arxiv.org/abs/1705.00831.
[67] WANG C, WU X K, LIU G Y, et al. Safeguarding cross-silo federated learning with local differential privacy[J]. Digital Communications and Networks, 2022, 8(4):446-454.
[68] CHAMIKARA M A P, LIU D X, CAMTEPE S, et al. Local differential privacy for federated learning[M]. Berlin, Germany:Springer International Publishing, 2022.
[69] ZONG H X, WANG Q, LIU X F, et al. Communication reducing quantization for federated learning with local differential privacy mechanism[C]//Proceedings of IEEE/CIC International Conference on Communications in China (ICCC). Washington D.C., USA:IEEE Press, 2021:75-80.
[70] BYRD D, MUGUNTHAN V, POLYCHRONIADOU A, et al. Collusion resistant federated learning with oblivious distributed differential privacy[C]//Proceedings of the 3rd ACM International Conference on AI in Finance. New York, USA:ACM Press, 2022:114-122.
[71] JIANG Z F, WANG W, CHEN R C, et al. Taming client dropout for distributed differential privacy in federated learning[EB/OL].[2023-05-11]. https://arxiv.org/pdf/2209.12528v1.pdf.
[72] LIU W Y, CHENG J H, WANG X L, et al. Hybrid differential privacy based federated learning for Internet of Things[J]. Journal of Systems Architecture, 2022, 124:102418.
[73] 姜建林. 基于可信执行环境的联邦学习模型安全聚合技术研究[D]. 武汉:武汉大学, 2021. JIANG J L. Research on secure aggregation technology of federated learning based on trusted execution environment[D].Wuhan:Wuhan University, 2021. (in Chinese)
[74] 宁振宇, 张锋巍, 施巍松. 基于边缘计算的可信执行环境研究[J]. 计算机研究与发展, 2019, 56(7):1441-1453. NING Z Y, ZHANG F W, SHI W S. A study of using TEE on edge computing[J]. Journal of Computer Research and Development, 2019, 56(7):1441-1453.(in Chinese)
[75] ZHANG Y H, WANG Z W, CAO J F, et al. ShuffleFL:gradient-preserving federated learning using trusted execution environment[C]//Proceedings of the 18th ACM International Conference on Computing Frontiers. New York, USA:ACM Press, 2021:161-168.
[76] XU T X, ZHU K L, ANDRZEJAK A, et al. Distributed learning in trusted execution environment:a case study of federated learning in SGX[C]//Proceedings of the 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC). Washington D.C., USA:IEEE Press, 2021:450-454.
[77] MO F, HADDADI H, KATEVAS K, et al. PPFL:privacy-preserving federated learning with trusted execution environments[EB/OL].[2023-05-11]. https://arxiv.org/abs/2104.14380.
[78] CHEN Y, LUO F, LI T, et al. A training-integrity privacy-preserving federated learning scheme with trusted execution environment[J]. Information Sciences, 2020, 522:69-79.
[79] JIA B, ZHANG X S, LIU J W, et al. Blockchain-enabled federated learning data protection aggregation scheme with differential privacy and homomorphic encryption in IIoT[J]. IEEE Transactions on Industrial Informatics, 2022, 18(6):4049-4058.
[80] KATO F, CAO Y, YOSHIKAWA M, et al. OLIVE:oblivious and differentially private federated learning on trusted execution environment[EB/OL].[2023-05-11]. https://arxiv.org/pdf/2202.07165v1.pdf.
[81] YAO J J, ANSARI N. Enhancing federated learning in fog-aided IoT by CPU frequency and wireless power control[J]. IEEE Internet of Things Journal, 2021, 8(5):3438-3445.
[82] KONECNY J, BRENDAN MCMAHAN H, YU F X, et al. Federated learning:strategies for improving communication efficiency[EB/OL].[2023-05-11]. https://arxiv.org/abs/1610.05492.
[83] LI X, HUANG K X, YANG W H, et al. On the convergence of FedAvg on Non-IID data[EB/OL].[2023-05-11]. https://arxiv.org/abs/1907.02189.
[84] MOHRI M, SIVEK G, SURESH A, et al. Agnostic federated learning[EB/OL].[2023-05-11]. https://arxiv.org/abs/1902.00146.
[85] LI T, SAHU A K, TALWALKAR A, et al. Federated learning:challenges, methods, and future directions[J]. IEEE Signal Processing Magazine, 2020, 37(3):50-60.
[86] 赵杨, 张海岩, 王硕. 联邦学习综述[J]. 电脑编程技巧与维护, 2022(1):117-119. ZHAO Y, ZHANG H Y, WANG S. A summary of federal learning[J]. Computer Programming Skills & Maintenance, 2022(1):117-119.(in Chinese)
[87] 周传鑫, 孙奕, 汪德刚, 等. 联邦学习研究综述[J]. 网络与信息安全学报, 2021, 7(5):77-92. ZHOU C X, SUN Y, WANG D G, et al. Survey of federated learning research[J]. Chinese Journal of Network and Information Security, 2021, 7(5):77-92.(in Chinese)

选择文件类型/文献管理软件名称

选择包含的内容