分层联邦学习中非交互式可验证安全聚合方法

doi:10.19678/j.issn.1000-3428.0252018

摘要/Abstract

摘要： 联邦学习作为一种分布式机器学习框架，能够在保护数据隐私的同时实现模型协同训练。然而，联邦学习在隐私保护、参与方互信及恶意攻击等方面仍面临挑战，尤其是在分层架构联邦学习中，中心服务器、中间层及终端设备的不可信性可能导致隐私泄露或恶意操纵。此外，恶意用户可能上传异常参数破坏训练进程，影响模型性能。因此，如何在分层联邦学习中高效实现安全验证和恶意检测，成为亟待解决的问题。本文针对分层架构联邦学习中的参与方无法互信、拜占庭攻击等问题，提出一种分层架构下的非交互式验证联邦学习安全聚合方案。首先，基于承诺方案设计多层架构下的联邦学习非交互式验证机制，允许各参与方进行互相验证。其次，基于零知识范围证明构造恶意更新的约束与检测方案，使服务器能检测并剔除恶意用户。再次，基于中国剩余定理设计噪声掩码方案，在保证用户本地隐私的同时，还支持用户的退出与重连；最后，安全性分析与实验评估表明，本方案能够以较高的效率实现安全相互验证以及恶意检测。

Abstract: Federated Learning enables collaborative model training while preserving data privacy. However, challenges remain in privacy protection, participant trust, and defense against adversarial attacks. In Hierarchical Federated Learning , untrusted central servers, intermediaries, and edge devices pose risks of data leakage and malicious manipulation. Additionally, adversarial clients may upload abnormal gradients, compromising model performance. Efficient security verification and adversarial detection in HFL are therefore critical issues. To address the challenges of mutual distrust among participants and Byzantine attacks in hierarchical federated learning, a secure aggregation scheme with non-interactive verification under hierarchical architecture is proposed. First, a mutual verification mechanism for hierarchical federated learning is designed based on a commitment scheme, allowing participants to perform mutual verification. Second, a constraint and detection scheme for malicious updates is constructed using non-interactive zero-knowledge range proofs, enabling the server to detect and exclude malicious users. Third, a noise masking scheme is designed based on the Chinese Remainder Theorem, supporting user exit and reconnection while ensuring local user privacy. Finally, security analysis and experimental evaluation demonstrate that the proposed scheme can achieve secure mutual verification and malicious detection with high efficiency.

宋书汉, 田有亮, 王帅. 分层联邦学习中非交互式可验证安全聚合方法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0252018.

SONG Shuhan, TIAN Youliang, WANG Shuai. Secure Aggregation for Hierarchical Federated Learning with Non-interactive Verification[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0252018.

参考文献

[1] LECUN Y, BENGIO Y, HINTON G. Deep learning[J]. Nature, 2015, 521(7553): 436-444.
[2] YU K H, BEAM A L, KOHANE I S. Artificial intelli gence in healthcare[J]. Nature Biomedical Engineering, 2018, 2(10): 719-731.
[3] NING Z, ZHANG K, WANG X, et al. Joint computing and caching in 5G-envisioned Internet of vehicles: A deep reinforcement learning-based traffic control system [J]. IEEE Transactions on Intelligent Transportation Syst ems, 2020, 22(8): 5201-5212.
[4] AHISKA K, OZGOREN M K, LEBLEBICIOGLU M K. Autopilot design for vehicle cornering through icy r oads[J]. IEEE Transactions on Vehicular Technology, 20 17, 67(3): 1867-1880.
[5] GE Z, SONG Z, DING SX, et al. Data mining and analytics in the process industry: The role of mach ine learning[J]. IEEE Access,2017,5:20590-20616.
[6] KONEČNÝ J, MCMAHAN H B, RAMAGE D, et al. Federated optimization: Distributed machine learning for on-device intelligence[J]. arXiv preprint arXiv: 1610.025 27, 2016: 1-38.
[7] ZHANG L, LI A, PENG H, et al. Privacy-preserving Data Selection for Horizontal and Vertical Federated Le arning[J]. IEEE Transactions on Parallel and Distributed Systems, 2024.
[8] 王汝言,陈伟,张普宁,等.异构物联网下资源高效的分层协同联邦学习方法[J].电子与信息学报,2023,45(08):2847-28 55. WANG R Y, CHEN W, ZHANG P N, et al. ResourceEfficient Hierarchical Collaborative Federated Learning i n Heterogeneous Internet of Things[J]. Journal of Electr onics & Information Technology,2023,45(08):2847-2855.
[9] LIM W Y B, NG J S, XIONG Z, et al. Decentralized edge intelligence: A dynamic resource allocation frame work for hierarchical federated learning[J]. IEEE Transa ctions on Parallel and Distributed Systems, 2021, 33(3): 536-550.
[10] WANG Z, SONG M, ZHANG Z, et al. Beyond inferri ng class representatives: User-level privacy leakage fro m federated learning[C]//IEEE INFOCOM 2019-IEEE c onference on computer communications. IEEE, 2019: 25 12-2520.
[11] MALEKZADEH M, BOROVYKH A, GÜNDÜZ D. Ho nest-but-curious nets: Sensitive attributes of private inpu ts can be secretly coded into the classifiers' outputs[C]// Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021: 825-84 4..
[12] NGUYEN T, LAI P, TRAN K, et al. Active membersh ip inference attack under local differential privacy in fe derated learning[J]. arXiv preprint arXiv:2302.12685, 20 23.
[13] CAO X, GONG N Z. Mpaf: Model poisoning attacks t o federated learning based on fake clients[C]//Proceedin gs of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022: 3396-3404.
[14] HE X, XU Y, ZHANG S, et al. Enhance membership i nference attacks in federated learning[J]. Computers & Security, 2024, 136: 103535.
[15] WIBAWA F, CATAK F O, SARP S, et al. Homomorph ic encryption and federated learning based privacy-Prese rving CNN training: COVID-19 detection use-case[C]//P roceedings of the 2022 European Interdisciplinary Cyber security Conference, 2022.
[16] ZHANG C, EKANUT S, ZHEN L, et al. Augmented multi-party computation against gradient leakage in fede rated learning[J]. IEEE Transactions on Big Data, 2022.
[17] MAHAWAGA ARACHCHIGE P C, LIU D, CAMTEPE S, et al. Local differential privacy for federated learni ng[C]//European Symposium on Research in Computer Security. Cham: Springer International Publishing, 2022: 195-216
[18] BONAWITZ K, IVANOV V, KREUTER B, et al. Pract ical secure aggregation for privacy-preserving machine l earning[C]//proceedings of the 2017 ACM SIGSAC Con ference on Computer and Communications Security. 201 7: 1175-1191.
[19] GUO X, LIU Z, LI J, et al. VeriFL: Communication-Ef ficient and Fast Verifiable Aggregation for Federated Le arning[J]. IEEE Transactions on Information Forensics a nd Security, 2020, 16: 1736-1751.
[20] FU A, ZHANG X, XIONG N, et al. VFL: A verifiable federated learning with privacy-preserving for big data in industrial IoT[J]. IEEE Transactions on Industrial In formatics, 2020, 18(5): 3316-3326.
[21] GAO S, LUO J, ZHU J, et al. VCD-FL: Verifiable, C ollusion-resistant, and Dynamic Federated Learning[J]. I EEE Transactions on Information Forensics and Security, 2023.
[22] LI T, GAO C, JIANG L, et al. Publicly verifiable priv acy-preserving aggregation and its application in IoT[J]. Journal of Network and Computer Applications, 2019, 126: 39-44.
[23] HAHN C, KIM H, KIM M, et al. Versa: Verifiable sec ure aggregation for cross-device federated learning[J]. I EEE Transactions on Dependable and Secure Computin g, 2021, 20(1): 36-52.
[24] 张首勋,王玲玲,耿克,等.融合零知识证明的去中心联邦学习可信聚合方案[J/OL].计算机工程与应用,1-11[2025-03- 06].http://kns.cnki.net/kcms/detail/11.2127.tp.20240624.114 5.004.html. ZHAGN S X, WANG L L, GENG K, et al. Trustful Aggregation Scheme for Decentralized Federated Learni ng Based on Zero Knowledge[J]. Computer Engineering and Applications,1-11[2025-03-06].http://kns.cnki.net/kcm s/detail/11.2127.tp.20240624.1145.004.html.
[25] AHMADI M, NOURMOHAMMADI R. zkFDL: An eff icient and privacy-preserving decentralized federated lear ning with zero knowledge proof[C]//2024 IEEE 3rd Inte rnational Conference on AI in Cybersecurity (ICAIC). I EEE, 2024: 1-10.
[26]魏立斐,张无忌,张蕾,等.基于本地差分隐私的异步横向联邦安全梯度聚合方案[J].电子与信息学报,2024,46(07):301 0-3018. WEI L F, ZHANG W J, ZHANG L, et al. A Secure Gradient Aggregation Scheme Based on Local Different ial Privacy in Asynchronous Horizontal Federated Learn ing[J]. Journal of Electronics & Information Technology, 2024,46(07):3010-3018.
[27] LI X, QU Z, ZHAO S, et al. Lomar: A local defense against poisoning attack on federated learning[J]. IEEE Transactions on Dependable and Secure Computing, 202 1, 20(1): 437-450.
[28] SUN Z, KAIROUZ P, SURESH A T, et al. Can you r eally backdoor federated learning? [J]. arxiv preprint ar xiv:1911.07963, 2019.
[29] BURKHALTER L, LYCKLAMA H, VIAND A, et al. Rofl: Attestable robustness for secure federated learning [J]. arxiv preprint arxiv:2107.03311, 2021, 21.
[30] MCMAHAN B, MOORE E, RAMAGE D, et al. Com munication-efficient learning of deep networks from dec entralized data[C]//Artificial intelligence and statistics. P MLR, 2017: 1273-1282.
[31] 李顺东,王道顺.现代密码学:理论,方法与研究前沿[M].科学出版社,2009. LI S D, WANG D S. Modern Cryptography: Theory, Methods and Research Frontiers [M].China Science Pub lishing & Media Ltd.2009
[32] 杨波.密码学中的可证明安全性[M].清华大学出版社,202 2. YANG B. Provable security in cryptography[M].Tsinghu a University Press.2022
[33] BÜNZ B, BOOTLE J, BONEH D, et al. Bulletproofs: Short proofs for confidential transactions and more[C]// 2018 IEEE symposium on security and privacy (SP). I EEE, 2018: 315-334.
[34] YE H, LIU J, ZHEN H, et al. VREFL: Verifiable and reconnection-efficient federated learning in IoT scenarios [J]. Journal of Network and Computer Applications, 20 22, 207: 103486.
[35] LIU L, ZHANG J, SONG S H, et al. Client-edge-clou d hierarchical federated learning[C]//ICC 2020-2020 IEE E international conference on communications (ICC). IE EE, 2020: 1-6.
[36] ZHU Y, WU Y, LUO Z, et al. Secure and verifiable data collaboration with low-cost zero-knowledge proofs [J]. arXiv preprint arXiv:2311.15310, 2023.
[37] WANG Z, DONG N, SUN J, et al. zkfl: Zero-knowle dge proof-based gradient aggregation for federated learn ing[J]. IEEE Transactions on Big Data, 2024.

选择文件类型/文献管理软件名称

选择包含的内容