Privacy-Preserving Algorithm for Federated Learning Against Attacks

doi:10.19678/j.issn.1000-3428.00 68705

Abstract

Abstract: Federated Learning, as an emerging distributed learning framework, facilitates multiple clients to collectively engage in global model training without sharing raw data, thus effectively safeguarding data privacy. Nevertheless, traditional Federated Learning still harbors latent security vulnerabilities, susceptible to the threats of poisoning attacks and inference attacks. Therefore, to enhance the security and model performance of Federated Learning, it becomes imperative to precisely identify and mitigate malicious client behaviors, while employing gradient noise as a countermeasure to prevent attackers from gaining access to client data through gradient monitoring. This paper proposes a robust Federated Learning framework that combines mechanisms for malicious client detection with local differential privacy techniques. Specifically, the algorithm initially employs gradient similarity for the identification and classification of potential malicious clients, thereby minimizing their adverse impact on model training tasks. Subsequently, a dynamic privacy budget is designed based on local differential privacy, accommodating the sensitivity of different queries and individual privacy requirements, with the objective of achieving a balance between privacy preservation and data quality. Experimental results conducted on MNIST, CIFAR-10, and MR datasets demonstrate that, in comparison to three baseline algorithms, this approach results in an average 3% increase in accuracy for sP-type clients and a 1% increase for other attack methods, consequently achieving a higher security level and significantly enhanced model performance within the Federated Learning framework.

摘要： 联邦学习作为新兴的分布式学习框架，允许多个客户端在不共享原始数据的情况下共同进行全局模型的训练，从而有效保护了数据隐私。然而，传统联邦学习仍然存在潜在的安全隐患，容易受到中毒攻击和推理攻击的威胁。因此，为了提高联邦学习的安全性和模型性能，需要准确地识别和防止恶意客户端的行为，同时采用梯度加噪的方法来避免攻击者通过监控梯度信息来获取客户端的数据。结合恶意客户端检测机制和本地差分隐私技术提出了一种鲁棒的联邦学习框架。具体而言，该算法首先利用梯度相似性来判断和识别潜在的恶意客户端，以最小化对模型训练任务的不良影响。其次，根据不同查询的敏感性以及用户的个体隐私需求设计了一种基于动态隐私预算的本地差分隐私算法，旨在平衡隐私保护和数据质量之间的权衡。在MNIST、CIFAR-10和MR数据集上的实验结果表明，与三种基准算法相比，该算法在准确性方面针对sP类客户端平均提高了3个百分点，针对其他攻击方法平均提高了1个百分点，实现了联邦学习中更高的安全性水平，显著提升了模型性能。

WU Ruolan, CHEN Yulin, DOU Hui, ZHANG Yangwen, LONG Zhong. Privacy-Preserving Algorithm for Federated Learning Against Attacks[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.00 68705.

吴若岚, 陈玉玲, 豆慧, 张洋文, 龙钟. 抗攻击的联邦学习隐私保护算法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.00 68705.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.00 68705

References

[1] Mao Y, You C, Zhang J, et al. A survey on mobile edge computing: The communication perspective[J]. IEEE communications surveys & tutorials, 2017, 19(4): 2322-2358.
[2] Zhao B, Liu X, Chen W N, et al. CrowdFL: Privacy-Preserving Mobile Crowdsensing System via Federated Learning[J]. IEEE Transactions on Mobile Computing, 2023, 21(8): 4607-4619.
[3] Yang Q, Liu Y, Chen T, et al. Federated machine learning: Concept and applications[J]. ACM Transactions onIntelligent Systems and Technology (TIST), 2019, 10(2): 1-19.
[4] Kairouz P, McMahan H B, Avent B, et al. Advances and open problems in federated learning[J]. Foundations and Trends® in Machine Learning, 2021, 14(1–2): 1-210.
[5] Yu S, Cui L. Poisoning Attacks and Counterattacks in Federated Learning[M]//Security and Privacy in Federated Learning. Singapore: Springer Nature Singapore, 2022: 37-54.
[6] Mothukuri V, Parizi R M, Pouriyeh S, et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021, 115: 619-640.
[7] Lyu L, Yu H, Ma X, et al. Privacy and robustness in federated learning: Attacks and defenses[J]. IEEE transactions on neural networks and learning systems, 2022.
[8] Shokri R, Stronati M, Song C, et al. Membership inference attacks against machine learning models[C]//2017 IEEE symposium on security and privacy (SP). IEEE, 2017: 3-18.
[9] Sun Y, Chen Y, Wu P, et al. DRL: Dynamic rebalance learning for adversarial robustness of UAV with long-tailed distribution[J]. Computer Communications, 2023, 205: 14-23.
[10] Huang Y, Chen Y, Wang X, et al. Promoting Adversarial Transferability via Dual-Sampling Variance Aggregation and Feature Heterogeneity Attacks[J]. Electronics, 2023, 12(3): 767.
[11] Arachchige P C M, Bertok P, Khalil I, et al. Local differential privacy for deep learning[J]. IEEE Internet of Things Journal, 2019, 7(7): 5827-5842.
[12] Cormode G, Jha S, Kulkarni T, et al. Privacy at scale: Local differential privacy in practice[C]//Proceedings of the 2018 International Conference on Management of Data. 2018: 1655-1658.
[13] Bhagoji A N, Chakraborty S, Mittal P, et al. Analyzing federated learning through an adversarial lens[C]//International Conference on Machine Learning. PMLR, 2019: 634-643.
[14] Fang M, Cao X, Jia J, et al. Local model poisoning attacks to byzantine-robust federated learning[C]//Proceedings of the 29th USENIX Conference on Security Symposium. 2020: 1623-1640.
[15] Zhang Z, Cao X, Jia J, et al. FLDetector: Defending Federated Learning Against Model Poisoning Attacks via Detecting Malicious Clients[J]. arXiv e-prints, 2022: arXiv: 2207.09209.
[16] Xu X, Lyu L. A reputation mechanism is all you need: Collaborative fairness and adversarial robustness in federated learning[J]. arXiv preprint arXiv:2011.10464, 2020.
[17] Bernau D, Robl J, Grassal P W, et al. Comparing local and central differential privacy using membership inference attacks[C]//IFIP Annual Conference on Data and Applications Security and Privacy. Cham: Springer International Publishing, 2021: 22-42.
[18] Khaliq A A, Anjum A, Ajmal A B, et al. A secure and privacy preserved parking recommender system using elliptic curve cryptography and local differential privacy[J]. IEEE Access, 2022, 10: 56410-56426.
[19] Gursoy M E, Tamersoy A, Truex S, et al. Secure and utility-aware data collection with condensed local differential privacy[J]. IEEE Transactions on Dependable and Secure Computing, 2019, 18(5): 2365-2378.
[20] 温依霖, 赵乃良, 曾艳, 韩猛, 岳鲁鹏, 张纪林. 基于本地模型质量的客户端选择方法[J]. 计算机工程, 2023, 49(6): 131-143. WEN Yilin, ZHAO Nailiang, ZENG Yan, HAN Meng, YUE Lupeng, ZHANG Jilin. Client Selection Method Based on Local Model Quality[J]. Computer Engineering, 2023, 49(6): 131-143.
[21] Cao X, Fang M, Liu J, et al. Fltrust: Byzantine-robust federated learning via trust bootstrapping[J]. arXiv preprint arXiv:2012.13995, 2020.
[22] Fung C, Yoon C J M, Beschastnikh I. The limitations of federated learning in sybil settings[C]//23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). 2020: 301-316.
[23] LeCun Y. The MNIST database of handwritten digits[J]. http://yann. lecun. com/exdb/mnist/, 1998. [24] Krizhevsky A, Hinton G. Learning multiple layers of features from tiny images[J]. 2009.
[25] Pang B, Lee L. Seeing stars: Exploiting class relationships for sentiment categorization with respect to rating scales[J].arXiv preprint cs/0506075, 2005.
[26] McMahan B, Moore E, Ramage D, et al. Communication-efficient learning of deep networks from decentralized data[C]//Artificial intelligence and statistics. PMLR, 2017: 1273-1282.
[27] Wu R, Chen Y, Tan C, et al. MDIFL: Robust Federated Learning Based on Malicious Detection and Incentives[J]. Applied Sciences, 2023, 13(5): 2793.
[28] Qiang Yang, Yang Liu, Yong Cheng, Yan Kang, Tianjian Chen, and Han Yu, Federated Learning, Morgan & Claypool, Dec. 2019.
[29] Biggio B, Nelson B, Laskov P. Support vector machines under adversarial label noise[C]//Asian conference on machine learning. PMLR, 2011: 97-112.
[30] Bernstein J, Zhao J, Azizzadenesheli K, et al. signSGD with majority vote is communication efficient and fault tolerant[J]. arXiv preprint arXiv:1810.05291, 2018.

Please choose a citation manager

Content to export