基于个性化梯度裁剪的联邦学习隐私保护算法

doi:10.19678/j.issn.1000-3428.0069644

摘要/Abstract

摘要： 联邦学习作为目前深度学习最为常用的隐私保护框架，被众多机构广泛应用。此框架中的各个参与方通过上传模型参数数据实现本地数据不离本地，达到共享数据的目的。但在联邦学习中各个参与方频繁上传及接收参数时易出现隐私泄露问题。为解决这一问题，提出一种基于个性化梯度裁剪的联邦学习隐私保护算法(AADP_FL)，该算法根据参与方不同网络层历史数据的L1范数计算出各层的裁剪阈值，对梯度数据进行裁剪以限制梯度范围，预防梯度爆炸及梯度消失。同时计算各层的贡献度，根据各层贡献度为每层分配隐私预算，进而添加个性化噪声。参与方在上传数据时加入适量的噪声，以掩盖上传数据的具体内容，进而隐藏各个参与者的贡献率，保护各个参与方的数据安全。经过一系列实验证明，本算法的准确率有较大提升，相较于常用的个性化梯度裁剪方法准确率提升3.5%以上，对比于传统的联邦学习框架本算法也能保持较高的准确率。在保持较高准确率的同时经证明能严格保护参与方数据的隐私安全，使得模型性能与数据隐私达到均衡状态。

Abstract: Federated learning, as the most commonly used privacy protection framework in deep learning, is widely applied by many institutions. The various participants in this framework achieve the goal of sharing data by uploading model parameter data without leaving the local data. However, in federated learning, there is a risk of privacy leakage when various parties frequently upload and receive parameters. To address this issue, a personalized gradient pruning based federated learning privacy preserving algorithm (AADP-FL) is proposed. This algorithm calculates the pruning threshold for each layer based on the L1 norm of historical data from different network layers of the participating parties. The gradient data is then pruned to limit the gradient range and prevent gradient explosion and vanishing. Simultaneously calculate the contribution of each layer, allocate privacy budgets for each layer based on their contribution, and then add personalized noise. Participants add an appropriate amount of noise when uploading data to conceal the specific content of the uploaded data, thereby hiding the contribution rate of each participant and protecting the data security of each participant. After a series of experiments, it has been proven that the accuracy of this algorithm has been greatly improved, with an accuracy increase of over 3.5% compared to commonly used personalized gradient cropping methods. Compared with traditional federated learning frameworks, this algorithm can also maintain a high accuracy. It has been proven to strictly protect the privacy and security of participant data while maintaining high accuracy, achieving a balance between model performance and data privacy.

曹天涯, 张雨静, 贾俊杰, 张宇帆, 邓晓飞. 基于个性化梯度裁剪的联邦学习隐私保护算法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0069644.

Cao Tianya, Zhang Yujing, Jia Junjie, Zhang Yufan, Deng Xiaofei. Privacy-preserving algorithm for federated learning based on personalized gradient clipping[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0069644.

参考文献

[1] MCMAHAN B, MOORE E, RAMAGE D, et al. Co mmunication-Efficient Learning of Deep Networks fro m Decentralized Data[C]//Artificial Intelligence and St atistics. Fort Lauderdale: PMLR, 2017: 1273-1282.
[2] 邹赛兰,李卓,陈昕.面向分层联邦学习的传输优化研究[J]. 计算机科学,2022,49(12):5-16. Zou Sailan, Li Zhuo, Chen Xin. Research on Transmi ssion Optimization for Hierarchical Federated Learning [J]. Computer Science, 2022, 49(12): 5-16.
[3] SONG M K, WANG Z B, ZHANG Z F, et al. Anal yzing user-level privacy attack against federated learni ng[J]. IEEE Journal on Selected Areas in Communicat ions, 2020, 38(10): 2430-2444.
[4] Luca M, Congzheng S, Emiliano D C, Vitaly S, et al. Exploiting Unintended Feature Leakage in Collaborati ve Learning[J]. IEEE Symposium on Security and Pri vacy, 2019:691-706.
[5] Hitaj B, Ateniese G, Perez-Cruz F. Deep models unde r the GAN: information leakage from collaborative de ep learning[C]//Proceedings of the 2017 ACM SIGSA C conference on computer and communications securit y. 2017: 603-618.
[6] 秦宝东,杨国栋,马宇涵.一种基于异步联邦学习的安全聚合机制[J].西安邮电大学学报,2023,28(01):50-61. Qin Baodong, Yang Guodong, Ma Yuhan. A Secure A ggregation Mechanism Based on Asynchronous Federat ed Learning[J]. Journal of Xi'an University of Posts a nd Telecommunications, 2023, 28(01): 50-61.
[7] Truex S, Baracaldo N, Anwar A, et al. A hybrid appr oach to privacy-preserving federated learning[C]// Proc of the 12th ACM Workshop on Artificial Intelligence and Security. 2019: 1-11.
[8] Xu Gfuowen, Li Hongwei, Zhang Yun, et al. Privacypreserving federated deep learning with irregular users [J]. IEEE Trans on Dependable and Secure Computin g, 2020, 19 (2): 1364-1381.
[9] ZIGOMITROS A, CASINO F, SOLANAS A, et al. A Survey on Privacy Properties for Data Publishing of Relational Data[J]. IEEE Access, 2020, 8: 51071-5109 9.
[10] DWORK C. Differential Privacy[C]//Proceedings of the 33rd international conference on Automata, Language s and Programming - Volume Part II, F, 2006:1-12.
[11] LIU X Y, LI H W, XU G W, et al. Privacy-enhanced federated learning against poisoning adversaries[J]. IE EE Transactions on Information Forensics and Security, 2021, 16: 4574-4588.
[12] Aono Y, Hayashi T, Wang L, et al. Privacy-preserving deep learning via additively homomorphic encryption [J]. IEEE Transactions on Information Forensics and S ecurity, 2017, 13(5): 1333-1345.
[13] 康海燕,冀源蕊. 基于本地化差分隐私的联邦学习方法研究[J].通信学报, 2022, 43(10): 94-105. Kang Haiyan, Ji Yuanrui. Research on Federated Learning Method Based on Local Differential Privacy[J]. Journal of Communications, 2022, 43(10): 94-105.
[14] Bu Z, Dong J, Long Q, et al. Deep learning with ga ussian differential privacy[J]. Harvard data science revi ew, 2020, 2020(23): 10-1162.
[15] Abadi M, Chu A, Goodfellow I, et al. Deep learning with differential privacy[C]//Proceedings of the 2016 A CM SIGSAC Conference on Computer and Communic ations Security. 2016: 308-318.
[16] 王方伟,谢美云,李青茹,王长广.自适应裁剪的差分隐私联邦学习框架[J].西安电子科技大学学报,2023,50(04):11 1-120. Wang Fangwei, Xie Meiyun, Li Qingru, Wang Changg uang. An Adaptive Clipping Framework for Differentia l Privacy-based Federated Learning[J]. Journal of Xidi an University, 2023, 50(04): 111-120.
[17] 刘文彦,程俊红,王晓玲.基于混合差分隐私的物联网联邦学习[J].系统架构学报，2022,124. Liu Wenyan, Cheng Junhong, Wang Xiaoling. Internet of Things Federated Learning Based on Hybrid Differential Privacy[J]. Journal of System Architecture, 2022, 124.
[18] 张晓龙,罗文华.利用动态裁剪差分隐私实现联邦学习入侵检测[J].小型微型计算机系统,2024,45(06):1474-1481.Zhang Xiaolong, Luo Wenhua. Implementing Federated Learning Intrusion Detection Using Dynamic Clipping Differential Privacy [J]. Journal of Chinese Computer Systems, 2024, 45(06): 1474-1481.
[19] 杨达森.交通轨迹数据发布差分隐私保护算法研究[D]. 广州:广东工业大学, 2020. Yang Dasen. Research on Differential Privacy Protecti on Algorithms for Traffic Trajectory Data Publication [D]. Guangzhou: Guangdong University of Technology, 2020.
[20] 余晟兴,陈钟.基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报,2023,44(01):14-28. Yu Shengxing, Chen Zhong. An Efficient and Secure Federated Learning Aggregation Framework Based on Homomorphic Encryption [J]. Journal of Communicati ons, 2023, 44(01): 14-28.
[21] Hu H, Peng R, Tai Y W, et al. Network trimming: A data-driven neuron pruning approach towards efficient deep architectures[J]. arXiv preprint arXiv:1607.03250, 2016.
[22] 尚涛, 赵铮, 舒王伟.基于等差隐私预算分配的大数据决策树算法[J]. 2019. Shang Tao, Zhao Zheng, Shu Wangwei. Big Data Dec ision Tree Algorithm Based on Arithmetic Differential Privacy Budget Allocation[J]. 2019.
[23] LeCun Y, Bottou L, Bengio Y, et al. Gradient-based Learning applied to document recognition[J]. Proceedin gs of the IEEE, 1998, 86(11): 2278-2324.
[24] Krizhevsky A, Hinton G. Learning multiple layers of features from tiny images[J]. Handbook of Systemic A utoimmune Diseases, 2009,1(4).
[25] 孙磊,杨宇,毛秀青.基于空间特征的生成对抗网络数据生成方法[J]. 电子与信息学报,2023,45(06):1959-1969. Sun Lei, Yang Yu, Mao Xiuqing. A Data Generation Method Based on Generative Adversarial Networks w ith Spatial Characteristics[J]. Journal of Electronics & Information Technology, 2023, 45(06): 1959-1969.
[26] 陈乃月,金一,李浥东.基于区块链的公平性联邦学习模型 [J].计算机工程,2022,48(06):33-41. Chen Naiyue, Jin Yi, Li Yidong. A Blockchain-Based Fairness Federated Learning Model[J]. Computer Engin eering, 2022, 48(06): 33-41.
[27] 于群,沈志恒,孙飞飞.面向云计算应用的用电负荷数据差分隐私保护方法[J].电力自动化设备,2022,42(07):68-75. Yu Qun, Shen Zhiheng, Sun Feifei. Differential Privac y Protection Method for Power Consumption Load Da ta Oriented to Cloud Computing Applications[J].Electri c Power Automation Equipment, 2022, 42(07): 68-75.
[28] 刘艺璇,陈红,刘宇涵. Privacy-preserving techniques in f ederated learning[J].Journal of Software, 2021, 33(3): 1057-1092. Liu Yixuan, Chen Hong, Liu Yuhan. Privacy-preservin g Techniques in Federated Learning[J]. Journal of Sof tware, 2021, 33(3): 1057-1092.

选择文件类型/文献管理软件名称

选择包含的内容