基于宽度网络架构的单模型主导联邦学习

联邦学习是一种分布式机器学习方法,它将数据保留在本地,仅将计算结果上传到客户端,从而提高了模型传递与聚合的效率和安全性.然而,联邦学习面临的一个重要挑战是,上传的模型大小日益增加,大量参数多次迭代,给通信能力不足的小型设备带来了困难.因此在本文中,客户端和服务器被设置为仅一次的互相通信机会.联邦学习中的另一个挑战是,客户端之间的数据规模并不相同.在不平衡数据场景下,服务器的模型聚合将变得低效.为了解决这些问题,本文提出了一个仅需一轮通信的轻量级联邦学习框架,在联邦宽度学习中设计了一种聚合策略算法,即FBL-LD.算法在单轮通信中收集可靠的模型并选出主导模型,通过验证集合理地调整其他模型的参与权重来泛化联邦模型. FBL-LD利用有限的通信资源保持了高效的聚合.实验结果表明, FBL-LD相比同类联邦宽度学习算法具有更小的开销和更高的精度,并且对不平衡数据问题具有鲁棒性.     

FedDAA: a robust federated learning framework to protect privacy and defend against adversarial attack

Federated learning (FL) has emerged to break data-silo and protect clients’ privacy in the field of artificial intelligence. However, deep leakage from gradient (DLG) attack can fully reconstruct clients’ data from the submitted gradient, which threatens the fundamental privacy of FL. Although cryptology and differential privacy prevent privacy leakage from gradient, they bring negative effect on communication overhead or model performance. Moreover, the original distribution of local gradient has been changed in these schemes, which makes it difficult to defend against adversarial attack. In this paper, we propose a novel federated learning framework with model decomposition, aggregation and assembling (FedDAA), along with a training algorithm, to train federated model, where local gradient is decomposed into multiple blocks and sent to different proxy servers to complete aggregation. To bring better privacy protection performance to FedDAA, an indicator is designed based on image structural similarity to measure privacy leakage under DLG attack and an optimization method is given to protect privacy with the least proxy servers. In addition, we give defense schemes against adversarial attack in FedDAA and design an algorithm to verify the correctness of aggregated results. Experimental results demonstrate that FedDAA can reduce the structural similarity between the reconstructed image and the original image to 0.014 and remain model convergence accuracy as 0.952, thus having the best privacy protection performance and model training effect. More importantly, defense schemes against adversarial attack are compatible with privacy protection in FedDAA and the defense effects are not weaker than those in the traditional FL. Moreover, verification algorithm of aggregation results brings about negligible overhead to FedDAA.     

联邦学习通信开销研究综述

为了解决数据共享需求与隐私保护要求之间不可调和的矛盾,联邦学习应运而生.联邦学习作为一种分布式机器学习,其中的参与方与中央服务器之间需要不断交换大量模型参数,而这造成了较大通信开销;同时,联邦学习越来越多地部署在通信带宽有限、电量有限的移动设备上,而有限的网络带宽和激增的客户端数量会使通信瓶颈加剧.针对联邦学习的通信瓶...     

支持多数不规则用户的隐私保护联邦学习框架

针对联邦学习存在处理大多数不规则用户易引起聚合效率降低,以及采用明文通信导致参数隐私泄露的问题,基于设计的安全除法协议构建针对不规则用户鲁棒的隐私保护联邦学习框架.该框架通过将模型相关计算外包给两台边缘服务器以减小采用同态加密产生的高额计算开销,不仅允许模型及其相关信息以密文形式在边缘服务器上进行密文聚合,还支持用户在...     

联邦学习中的隐私保护技术研究综述

近年来,联邦学习成为解决机器学习中数据孤岛与隐私泄露问题的新思路。联邦学习架构不需要多方共享数据资源,只要参与方在本地数据上训练局部模型,并周期性地将参数上传至服务器来更新全局模型,就可以获得在大规模全局数据上建立的机器学习模型。联邦学习架构具有数据隐私保护的特质,是未来大规模数据机器学习的新方案。然而,该架构的参数交互方式可能导致数据隐私泄露。目前,研究如何加强联邦学习架构中的隐私保护机制已经成为新的热点。从联邦学习中存在的隐私泄露问题出发,探讨了联邦学习中的攻击模型与敏感信息泄露途径,并重点综述了联邦学习中的几类隐私保护技术：以差分隐私为基础的隐私保护技术、以同态加密为基础的隐私保护技术、以安全多方计算（SMC）为基础的隐私保护技术。最后,探讨了联邦学习中隐私保护中的若干关键问题,并展望了未来研究方向。     

支持数据隐私保护的联邦深度神经网络模型研究

近些年, 人工智能技术已经在图像分类、目标检测、语义分割、智能控制以及故障诊断等领域得到广泛应用, 然而某些行业(例如医疗行业)由于数据隐私的原因, 多个研究机构或组织难以共享数据训练联邦学习模型. 因此, 将同态加密(Homomorphic encryption, HE)算法技术引入到联邦学习中, 提出一种支持数据隐私保护的联邦深度神经网络模型(Privacy-preserving federated deep neural network, PFDNN). 该模型通过对其权重参数的同态加密保证了数据的隐私性, 并极大地减少了训练过程中的加解密计算量. 通过理论分析与实验验证, 所提出的联邦深度神经网络模型具有较好的安全性, 并且能够保证较高的精度.     

基于博弈论优化的高效联邦学习方案

随着网络信息技术与互联网的发展,数据的隐私与安全问题亟待解决,联邦学习作为一种新型的分布式隐私保护机器学习技术应运而生。针对在联邦学习过程中存在个人数据信息泄露的隐私安全问题,结合Micali-Rabin随机向量表示技术,基于博弈论提出一种具有隐私保护的高效联邦学习方案。根据博弈论激励机制,构建联邦学习博弈模型,通过设置合适的效用函数和激励机制保证参与者的合理行为偏好,同时结合Micali-Rabin随机向量表示技术设计高效联邦学习方案。基于Pedersen承诺机制实现高效联邦学习的隐私保护,以保证联邦学习各参与者的利益和数据隐私,并且全局达到帕累托最优状态。在数字分类数据集上的实验结果表明,该方案不仅提高联邦学习的通信效率,而且在通信开销和数据精确度之间实现平衡。     

基于Z-Score动态压缩的高效联邦学习算法

联邦学习作为一种具有隐私保护的新兴分布式计算范式,在一定程度上保护了用户隐私和数据安全。然而,由于联邦学习系统中客户端与服务器需要频繁地交换模型参数,造成了较大的通信开销。在带宽有限的无线通信场景中,这成为了限制联邦学习发展的主要瓶颈。针对这一问题,提出了一种基于Z-Score的动态稀疏压缩算法。通过引入Z-Score,对局部模型更新进行离群点检测,将重要的更新值视为离群点,从而将其挑选出来。在不需要复杂的排序算法以及原始模型更新的先验知识的情况下,实现模型更新的稀疏化。同时随着通信轮次的增加,根据全局模型的损失值动态地调整稀疏率,从而在保证模型精度的前提下最大程度地减少总通信量。通过实验证明,在I.I.D。数据场景下,该算法与联邦平均（FedAvg）算法相比可以降低95%的通信量,精度损失仅仅为1.6%,与FTTQ算法相比可以降低40%~50%的通信量,精度损失仅为1.29%,证明了该方法在保证模型性能的同时显著降低了通信成本。     

面向通信成本优化的联邦学习算法

联邦学习是一种能够保护数据隐私的机器学习设置,然而高昂的通信成本和客户端的异质性问题阻碍了联邦学习的规模化落地。针对这两个问题,提出一种面向通信成本优化的联邦学习算法。首先,服务器接收来自客户端的生成模型并生成模拟数据;然后,服务器利用模拟数据训练全局模型并将其发送给客户端,客户端利用全局模型进行微调后得到最终模型。所提算法仅需要客户端与服务器之间的一轮通信,并且利用微调客户端模型来解决客户端异质性问题。在客户端数量为20个时,在MNIST和CIFAR-10这两个数据集上进行了实验。结果表明,所提算法能够在保证准确率的前提下,在MNIST数据集上将通信的数据量减少至联邦平均（FedAvg）算法的1/10,在CIFAR-10数据集上将通信数据量减少至FedAvg算法的1/100。     

基于声誉的分布式联邦学习节点选择算法

由于隐私泄露的风险越来越大,而采集的数据中的通常包含大量隐私信息,使数据的采集者不愿意共享自己的数据,造成“数据孤岛”,联邦学习能够实现数据不离本地的数据共享,但其在多机构数据共享中还存在一些问题,一方面中央服务器集中处理信息造成昂贵的成本,易产生单点故障,另一方面,对于多机构数据共享而言,参与节点中混入恶意节点可能影响训练过程,导致数据隐私泄露,基于上述分析,本文提出了一种将区块链和联邦学习相结合的以实现高效节点选择和通信的新的分布式联邦学习架构,解放中央服务器,实现参与节点直接通信,并在此架构上提出了一种基于信誉的节点选择算法方案（RBLNS）,对参与节点进行筛选,保证参与节点的隐私安全。仿真结果表明,RBLNS能够显着提高模型的实验性能。     

Greedy-based user selection for federated graph neural networks with limited communication resources

Recently, graph neural networks (GNNs) have attracted much attention in the field of machine learning due to their remarkable success in learning from graph-structured data. However, implementing GNNs in practice faces a critical bottleneck from the high complexity of communication and computation, which arises from the frequent exchange of graphic data during model training, especially in limited communication scenarios. To address this issue, we propose a novel framework of federated graph neural networks, where multiple mobile users collaboratively train the global model of graph neural networks in a federated way. The utilization of federated learning into the training of graph neural networks can help reduce the communication overhead of the system and protect the data privacy of local users. In addition, the federated training can help reduce the system computational complexity significantly. We further introduce a greedy-based user selection for the federated graph neural networks, where the wireless bandwidth is dynamically allocated among users to encourage more users to attend the federated training of neural networks. We perform the convergence analysis on the federated training of neural networks, in order to obtain some more insights on the impact of critical parameters on the system design. Finally, we perform the simulations on the coriolis ocean for reAnalysis (CORA) dataset and show the advantages of the proposed method in this paper.     

联邦学习安全防御与隐私保护技术研究

联邦学习(federated learning, FL)在多个参与方不直接进行数据传输的前提下共同完成模型训练,充分发挥各方数据价值;然而,由于联邦学习的固有缺陷以及存储和通信的安全问题,其在实际应用场景中仍面临多种安全与隐私威胁。首先阐述了FL面临的安全攻击和隐私攻击;然后针对这两类典型攻击分别总结了最新的安全防御机制和隐私保护手段,包括投毒攻击防御、后门攻击防御、搭便车攻击防御、女巫攻击防御以及基于安全计算与差分隐私的防御手段。通过对联邦学习的现有风险和相应防御手段的系统梳理,展望了联邦学习未来的研究挑战与发展方向。     

面向用户的支持用户掉线的联邦学习数据隐私保护方法

联邦学习是解决多组织协同训练问题的一种有效手段,但是现有的联邦学习存在不支持用户掉线、模型API泄露敏感信息等问题。文章提出一种面向用户的支持用户掉线的联邦学习数据隐私保护方法,可以在用户掉线和保护的模型参数下训练出一个差分隐私扰动模型。该方法利用联邦学习框架设计了基于深度学习的数据隐私保护模型,主要包含两个执行协议:服务器和用户执行协议。用户在本地训练一个深度模型,在本地模型参数上添加差分隐私扰动,在聚合的参数上添加掉线用户的噪声和,使得联邦学习过程满足(ε,δ)-差分隐私。实验表明,当用户数为50、ε=1时,可以在模型隐私性与可用性之间达到平衡。     

Evaluation and comparison of federated learning algorithms for Human Activity Recognition on smartphones

Pervasive computing promotes the integration of smart devices in our living spaces to develop services providing assistance to people. Such smart devices are increasingly relying on cloud-based Machine Learning, which raises questions in terms of security (data privacy), reliance (latency), and communication costs. In this context, Federated Learning (FL) has been introduced as a new machine learning paradigm enhancing the use of local devices. At the server level, FL aggregates models learned locally on distributed clients to obtain a more general model. In this way, no private data is sent over the network, and the communication cost is reduced. Unfortunately, however, the most popular federated learning algorithms have been shown not to be adapted to some highly heterogeneous pervasive computing environments. In this paper, we propose a new FL algorithm, termed FedDist, which can modify models (here, deep neural network) during training by identifying dissimilarities between neurons among the clients. This permits to account for clients’ specificity without impairing generalization. FedDist evaluated with three state-of-the-art federated learning algorithms on three large heterogeneous mobile Human Activity Recognition datasets. Results have shown the ability of FedDist to adapt to heterogeneous data and the capability of FL to deal with asynchronous situations.     

区块链赋能多边缘安全联邦学习模型研究

联邦学习是一种革命性的深度学习模式,可以保护用户不暴露其私有数据,同时合作训练全局模型。然而某些客户端的恶意行为会导致单点故障以及隐私泄露的风险,使得联邦学习的安全性面临极大挑战。为了解决上述安全问题,在现有研究的基础上提出了一种区块链赋能多边缘联邦学习模型。首先,通过融合区块链替代中心服务器来增强模型训练过程的稳定性与可靠性;其次,提出了基于边缘计算的共识机制,以实现更加高效的共识流程;此外,将声誉评估融入到联邦学习训练流程中,能够透明地衡量每一个参与者的贡献值,规范工作节点的行为。最后通过对比实验证明,所提方案在恶意环境下仍然能够保持较高的准确度,与传统的联邦学习算法相比,该方案能够抵抗更高的恶意比例。     

Round efficient privacy-preserving federated learning based on MKFHE

Federated learning (FL) was created with the intention of enabling collaborative training of models without the need for direct data exchange. However, data leakage remains an issue in FL. Multi-Key Fully Homomorphic Encryption (MKFHE) is a promising technique that allows computations on ciphertexts encrypted by different parties. MKFHE’s aptitude to handle multi-party data makes it an ideal tool for implementing privacy-preserving federated learning.We present a multi-hop MKFHE with compact ciphertext. MKFHE allows computations on data encrypted by different parties. In MKFHE, the compact ciphertext means that the size of the ciphertext is independent of the number of parties. The multi-hop property means that parties can dynamically join the homomorphic computation at any time. Prior MKFHE schemes were limited by their inability to combine these desirable properties. To address this limitation, we propose a multi-hop MKFHE scheme with compact ciphertext based on the random sample common reference string(CRS). We construct our scheme based on the residue number system (RNS) variant CKKS17 scheme, which enables efficient homomorphic computation over complex numbers due to the RNS representations of numbers.We construct a round efficient privacy-preserving federated learning based on our multi-hop MKFHE. In FL, there is always the possibility that some clients may drop out during the computation. Previous HE-based FL methods did not address this issue. However, our approach takes advantage of multi-hop MKFHE that users can join dynamically and constructs an efficient federated learning scheme that reduces interactions between parties. Compared to other HE-based methods, our approach reduces the number of interactions during a round from 3 to 2. Furthermore, in situations where some users fail, we are able to reduce the number of interactions from 3 to just 1.     

Challenges and future directions of secure federated learning: a survey

Federated learning came into being with the increasing concern of privacy security, as people’s sensitive information is being exposed under the era of big data. It is an algorithm that does not collect users’ raw data, but aggregates model parameters from each client and therefore protects user’s privacy. Nonetheless, due to the inherent distributed nature of federated learning, it is more vulnerable under attacks since users may upload malicious data to break down the federated learning server. In addition, some recent studies have shown that attackers can recover information merely from parameters. Hence, there is still lots of room to improve the current federated learning frameworks. In this survey, we give a brief review of the state-of-the-art federated learning techniques and detailedly discuss the improvement of federated learning. Several open issues and existing solutions in federated learning are discussed. We also point out the future research directions of federated learning.     

基于匿名指纹集的室内指纹定位隐私保护算法

基于Wi-Fi无线信号的指纹定位技术是实现室内定位、追踪等物联网相关应用的重要手段之一。在用户向服务器请求定位服务的同时,如何保护用户的定位隐私和服务器的数据安全是其商业化应用中亟需解决的重要问题。针对目前通过加密算法进行隐私保护时,算法的实时性不足和定位精度不高的问题,设计了一种具有隐私保护的轻量级室内指纹定位算法。采用k匿名算法保护用户的请求隐私,Paillier同态加密算法保护用户的定位隐私和服务器的数据隐私;通过独特的指纹请求子集设计,改进方案进一步降低了定位中的计算开销和通信开销,并实现了定位精度的提升。理论分析和实验研究均表明,所提方案在实现隐私保护的同时,克服了现有同态加密巨大的计算开销问题,并提高了定位性能。     

基于差分隐私的分段裁剪联邦学习算法

为解决现有的差分隐私联邦学习算法中使用固定的裁剪阈值和噪声尺度进行训练,从而导致数据隐私泄露、模型精度较低的问题,提出了一种基于差分隐私的分段裁剪联邦学习算法。首先,根据客户端的隐私需求分为隐私需求高和低。对于高隐私需求用户使用自适应裁剪来动态裁剪梯度;而低隐私需求用户则采用比例裁剪。其次根据裁剪后阈值大小自适应地添加噪声尺度。通过实验分析可得,该算法可以更好地保护隐私数据,同时通信代价也低于ADP-FL和DP-FL算法,并且与ADP-FL和DP-FL相比,模型准确率分别提高了2.25%和4.41%。     

基于信誉评估机制和区块链的移动网络联邦学习方案

联邦学习是一种新兴的分布式机器学习技术,通过将训练任务下放到用户端,仅将训练得到的模型参数发送给服务端,整个过程并不需要参与方直接共享数据,从而很大限度上规避了隐私问题.然而,这种学习模式中移动用户间没有预先建立信任关系,用户之间进行合作训练时会存在安全隐患.针对上述问题,提出一种基于信誉评估机制和区块链的移动网络联邦...