Junxu Liu,Jian Lou,Li Xiong,Jinfei Liu,Xiaofeng Meng

DOI: https://doi.org/10.14778/3503585.3503592

IF: 2.5

2021-01-01

Proceedings of the VLDB Endowment

Abstract:Federated Learning (FL) is a promising framework for multiple clients to learn a joint model without directly sharing the data. In addition to high utility of the joint model, rigorous privacy protection of the data and communication efficiency are important design goals. Many existing efforts achieve rigorous privacy by ensuring differential privacy for intermediate model parameters, however, they assume a uniform privacy parameter for all the clients. In practice, different clients may have different privacy requirements due to varying policies or preferences. In this paper, we focus on explicitly modeling and leveraging the heterogeneous privacy requirements of different clients and study how to optimize utility for the joint model while minimizing communication cost. As differentially private perturbations affect the model utility, a natural idea is to make better use of information submitted by the clients with higher privacy budgets (referred to as "public" clients, and the opposite as "private" clients). The challenge is how to use such information without biasing the joint model. We propose P rojected F ederated A veraging (PFA), which extracts the top singular subspace of the model updates submitted by "public" clients and utilizes them to project the model updates of "private" clients before aggregating them. We then propose communication-efficient PFA+, which allows "private" clients to upload projected model updates instead of original ones. Our experiments verify the utility boost of both algorithms compared to the baseline methods, whereby PFA+ achieves over 99% uplink communication reduction for "private" clients.

Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Wenjun Qian,Qingni Shen,Xiaoyi Chen,Cong Li,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1093/comjnl/bxae081

2024-01-01

Abstract:Federated learning (FL) as a privacy-preserving technology enables multiple clients to collaboratively train models on decentralized data. However, transmitting model parameters between local clients and the central server can potentially result in information leakage. Differentially private federated learning (DPFL) has emerged as a promising solution to enhance privacy. Nevertheless, existing DPFL schemes suffer from two issues: (i) most schemes that aim to achieve desired model accuracy may incur a high privacy budget. (ii) several schemes that consider the trade-off between privacy and accuracy by utilizing linear clipping bound may distort numerous model parameters. In this paper, we first propose FDP-FL, a flexible differential privacy approach for FL. FDP-FL introduces a novel series sum privacy budget allocation instead of uniform allocation and enables adaptive and nonlinear noise scale decay. In this way, a tight bound for cumulative privacy loss can be achieved while optimizing model accuracy. Then in order to mitigate gradient leakages caused by honest-but-curious clients and server, we further design client-level FDP-FL and record-level FDP-FL, respectively. Experimental results demonstrate that our FDP-FL improves model accuracy by $\sim $13.3% compared with the basic DP-FL under a fixed privacy budget and outperforms existing trade-off schemes with the same hyperparameter setting.

Jinliang Yuan,Shangguang Wang,Shihe Wang,Yuanchun Li,Xiao Ma,Ao Zhou,Mengwei Xu

DOI: https://doi.org/10.1109/infocom53939.2023.10228953

2023-01-01

Abstract:Differential privacy (DP) enables model training with a guaranteed bound on privacy leakage, therefore is widely adopted in federated learning (FL) to protect the model update. However, each DP-enhanced FL job accumulates privacy leakage, which necessitates a unified platform to enforce a global privacy budget for each dataset owned by users. In this work, we present a novel DP-enhanced FL platform that treats privacy as a resource and schedules multiple FL jobs across sensitive data. It first introduces a novel notion of device-time blocks for distributed data streams. Such data abstraction enables fine-grained privacy consumption composition across multiple FL jobs. Regarding the non-replenishable nature of the privacy resource (that differs it from traditional hardware resources like CPU and memory), it further employs an allocation-then-recycle scheduling algorithm. Its key idea is to first allocate an estimated upper-bound privacy budget for each arrived FL job, and then progressively recycle the unused budget as training goes on to serve further FL jobs. Extensive experiments show that our platform is able to deliver up to 2.1× as many completed jobs while reducing the violation rate by up to 55.2% under limited privacy budget constraint.

Xiangjian Hou,Sarit Khirirat,Mohammad Yaqub,Samuel Horvath

2023-08-19

Abstract:Federated learning (FL) is a distributed machine learning (ML) framework where multiple clients collaborate to train a model without exposing their private data. FL involves cycles of local computations and bi-directional communications between the clients and server. To bolster data security during this process, FL algorithms frequently employ a differential privacy (DP) mechanism that introduces noise into each client's model updates before sharing. However, while enhancing privacy, the DP mechanism often hampers convergence performance. In this paper, we posit that an optimal balance exists between the number of local steps and communication rounds, one that maximizes the convergence performance within a given privacy budget. Specifically, we present a proof for the optimal number of local steps and communication rounds that enhance the convergence bounds of the DP version of the ScaffNew algorithm. Our findings reveal a direct correlation between the optimal number of local steps, communication rounds, and a set of variables, e.g the DP privacy budget and other problem parameters, specifically in the context of strongly convex optimization. We furthermore provide empirical evidence to validate our theoretical findings.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning,Image and Video Processing

Xinpeng Ling,Jie Fu,Kuncan Wang,Huifa Li,Tong Cheng,Zhili Chen

2024-08-19

Abstract:Federated learning (FL) is a new machine learning paradigm to overcome the challenge of data silos and has garnered significant attention. However, federated learning faces challenges in fairness and data privacy. To address both of the above challenges simultaneously, we first propose a fairness-aware federated learning algorithm, termed FedFair. Then based on FedFair, we introduce differential privacy protection to form the FedFDP algorithm to address the trade-offs among fairness, privacy protection, and model performance. In FedFDP, we designed an fairness-aware gradient clipping technique to identify the relationship between fairness and differential privacy. Through convergence analysis, we determined the optimal fairness adjustment parameters to simultaneously achieve the best model performance and fairness. Additionally, for the extra uploaded loss values, we present an adaptive clipping method to minimize privacy budget consumption. Extensive experimental results demonstrate that FedFDP significantly outperforms state-of-the-art solutions in terms of model performance and fairness. Codes and datasets will be made public after acceptance.

Cryptography and Security

Kang Wei,Jun Li,Ming Ding,Chuan Ma,Hang Su,Bo Zhang,H. Vincent Poor

2020-01-01

Abstract:As a means of decentralized machine learning, federated learning (FL) has recently drawn considerable attentions. One of the prominent advantages of FL is its capability of preventing clients' data from being directly exposed to external adversaries. Nevertheless, via a viewpoint of information theory, it is still possible for an attacker to steal private information from eavesdropping upon the shared models uploaded by FL clients. In order to address this problem, we develop a novel privacy preserving FL framework based on the concept of differential privacy (DP). To be specific, we first borrow the concept of local DP and introduce a client-level DP (CDP) by adding artificial noises to the shared models before uploading them to servers. Then, we prove that our proposed CDP algorithm can satisfy the DP guarantee with adjustable privacy protection levels by varying the variances of the artificial noises. More importantly, we derive a theoretical convergence upper-bound of the CDP algorithm. Our derived upper-bound reveals that there exists an optimal number of communication rounds to achieve the best convergence performance in terms of loss function values for a given privacy protection level. Furthermore, to obtain this optimal number of communication rounds, which cannot be derived in a closed-form expression, we propose a communication rounds discounting (CRD) method. Compared with the heuristic searching method, our proposed CRD can achieve a much better trade-off between the computational complexity of searching for the optimal number and the convergence performance. Extensive experiments indicate that our CDP algorithm with an optimization on the number of communication rounds using the proposed CRD can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Junxu Liu,Jian Lou,Li Xiong,Xiaofeng Meng

DOI: https://doi.org/10.1145/3583780.3615247

2023-01-01

Abstract:The meteoric rise of cross-silo Federated Learning (FL) is due to its ability to mitigate data breaches during collaborative training. To further provide rigorous privacy protection with consideration of the varying privacy requirements across different clients, a privacy-enhanced line of work on personalized differentially private federated learning (PDP-FL) has been proposed. However, the existing solution for PDP-FL [20] assumes the raw privacy budgets of all clients should be collected by the server. These values are then directly utilized to improve the model utility via facilitating the privacy preferences partitioning (i.e., partitioning all clients into multiple privacy groups). It is however non-realistic because the raw privacy budgets can be quite informative and sensitive. In this work, our goal is to achieve PDP-FL without exposing clients' raw privacy budgets by indirectly partitioning the privacy preferences solely based on clients' noisy model updates. The crux lies in the fact that the noisy updates could be influenced by two entangled factors of DP noises and non-IID clients' data, leaving it unknown whether it is possible to uncover privacy preferences by disentangling the two affecting factors. To overcome the hurdle, we systematically investigate the unexplored question of under what conditions can the model updates of clients be primarily influenced by noise levels rather than data distribution. Then, we propose a simple yet effective strategy based on clustering the L2 norm of the noisy updates, which can be integrated into the vanilla PDP-FL to maintain the same performance. Experimental results demonstrate the effectiveness and feasibility of our privacy-budget-agnostic PDP-FL method.

Kangkang Sun,Xiaojin Zhang,Xi Lin,Gaolei Li,Jing Wang,Jianhua Li

DOI: https://doi.org/10.48550/arXiv.2311.18190

2023-11-30

Abstract:Federated Learning (FL) is a novel privacy-protection distributed machine learning paradigm that guarantees user privacy and prevents the risk of data leakage due to the advantage of the client's local training. Researchers have struggled to design fair FL systems that ensure fairness of results. However, the interplay between fairness and privacy has been less studied. Increasing the fairness of FL systems can have an impact on user privacy, while an increase in user privacy can affect fairness. In this work, on the client side, we use fairness metrics, such as Demographic Parity (DemP), Equalized Odds (EOs), and Disparate Impact (DI), to construct the local fair model. To protect the privacy of the client model, we propose a privacy-protection fairness FL method. The results show that the accuracy of the fair model with privacy increases because privacy breaks the constraints of the fairness metrics. In our experiments, we conclude the relationship between privacy, fairness and utility, and there is a tradeoff between these.

Machine Learning,Artificial Intelligence

A. Bellet,Aymeric Dieuleveut,Maxence Noble

2021-11-17

Abstract:Federated Learning (FL) is a paradigm for large-scale distributed learning which faces two key challenges: (i) efficient training from highly heterogeneous user data, and (ii) protecting the privacy of participating users. In this work, we propose a novel FL approach (DP-SCAFFOLD) to tackle these two challenges together by incorporating Differential Privacy (DP) constraints into the popular SCAFFOLD algorithm. We focus on the challenging setting where users communicate with a"honest-but-curious"server without any trusted intermediary, which requires to ensure privacy not only towards a third-party with access to the final model but also towards the server who observes all user communications. Using advanced results from DP theory, we establish the convergence of our algorithm for convex and non-convex objectives. Our analysis clearly highlights the privacy-utility trade-off under data heterogeneity, and demonstrates the superiority of DP-SCAFFOLD over the state-of-the-art algorithm DP-FedAvg when the number of local updates and the level of heterogeneity grow. Our numerical results confirm our analysis and show that DP-SCAFFOLD provides significant gains in practice.

Computer Science,Mathematics

Xuehua Sun,Zengsen Yuan,Xianguang Kong,Liang Xue,Lang He,Ying Lin

DOI: https://doi.org/10.1109/jiot.2024.3396217

IF: 10.6

2024-07-27

IEEE Internet of Things Journal

Abstract:Federated learning (FL) aims to protect data privacy while aggregating models. Existing works rarely focus simultaneously on the three issues of communication efficiency, privacy, and utility, which are the three main challenges facing FL. Specifically, sensitive information about the training data can still be inferred from the model parameters shared in FL. In recent years, differential privacy (DP) has been applied in FL to protect data privacy. The challenge of implementing DP in FL lies in the detrimental impact of DP noise on model accuracy. The DP noise affects the convergence of the model, leading to additional communication overhead. Moreover, considering the inherently high-communication costs of FL, FL process can be inefficient or even infeasible. In view of these, we propose a novel differentially private FL (DPFL) scheme named Adap-FedITK, which aims to achieve low-communication overhead and high-model accuracy while guaranteeing client-level DP. Specifically, we dynamically adjust the gradient clipping threshold for different clients in each round, based on the heterogeneity of gradients. This approach aims to mitigate the negative impact of DP and achieve a privacy-utility tradeoff. To alleviate the high-communication overhead problem in FL, we introduce an improved top-k algorithm, which utilizes sparsity and quantization to compress the model eliminates communication redundancy, and it also integrates coding techniques to further reduce communication. Extensive experimental results demonstrate that our method achieves the privacy-utility tradeoff and improves communication efficiency while ensuring client-level DPFL.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xuezheng Liu,Yipeng Zhou,Di Wu,Miao Hu,Jessie Hui Wang,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2024.3421991

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) emerges as an attractive collaborative machine learning framework that enables training of models across decentralized devices by merely exposing model parameters. However, malicious attackers can still hijack communicated parameters to expose clients' raw samples resulting in privacy leakage. To defend against such attacks, differentially private FL (DPFL) is devised, which incurs negligible computation overhead in protecting privacy by adding noises. Nevertheless, the low model utility and communication efficiency makes DPFL hard to be deployed in the real environment. To overcome these deficiencies, we propose a novel DPFL algorithm called FedDP-SA (namely, federated learning with differential privacy by splitting Local data sets and averaging parameters). Specifically, FedDP-SA splits a local data set into multiple subsets for parameter updating. Then, parameters averaged over all subsets plus differential privacy (DP) noises are returned to the parameter server. FedDP-SA offers dual benefits: 1) enhancing model accuracy by efficiently lowering sensitivity, thereby reducing noise to ensure DP and 2) improving communication efficiency by communicating model parameters with a lower frequency. These advantages are validated through sensitivity analysis and convergence rate analysis. Finally, we conduct comprehensive experiments to verify the performance of FedDP-SA compared with other state-of-the-art baseline algorithms.

Hanlin Gu,Xinyuan Zhao,Gongxi Zhu,Yuxing Han,Yan Kang,Lixin Fan,Qiang Yang

DOI: https://doi.org/10.48550/arXiv.2312.16554

IF: 5.414

2023-12-27

Machine Learning

Abstract:Federated learning (FL) enables multiple clients to collaboratively learn a shared model without sharing their individual data. Concerns about utility, privacy, and training efficiency in FL have garnered significant research attention. Differential privacy has emerged as a prevalent technique in FL, safeguarding the privacy of individual user data while impacting utility and training efficiency. Within Differential Privacy Federated Learning (DPFL), previous studies have primarily focused on the utility-privacy trade-off, neglecting training efficiency, which is crucial for timely completion. Moreover, differential privacy achieves privacy by introducing controlled randomness (noise) on selected clients in each communication round. Previous work has mainly examined the impact of noise level ($\sigma$) and communication rounds ($T$) on the privacy-utility dynamic, overlooking other influential factors like the sample ratio ($q$, the proportion of selected clients). This paper systematically formulates an efficiency-constrained utility-privacy bi-objective optimization problem in DPFL, focusing on $\sigma$, $T$, and $q$. We provide a comprehensive theoretical analysis, yielding analytical solutions for the Pareto front. Extensive empirical experiments verify the validity and efficacy of our analysis, offering valuable guidance for low-cost parameter design in DPFL.

Guangjing Huang,Qiong Wu,Peng Sun,Qian Ma,Xu Chen

DOI: https://doi.org/10.1109/tpds.2024.3354713

IF: 5.3

2024-02-02

IEEE Transactions on Parallel and Distributed Systems

Abstract:As a privacy-preserving distributed learning paradigm, federated learning (FL) enables multiple client devices to train a shared model without uploading their local data. To further enhance the privacy protection performance of FL, differential privacy (DP) has been successfully incorporated into FL systems to defend against privacy attacks from adversaries. In FL with DP, how to stimulate efficient client collaboration is vital for the FL server due to the privacy-preserving nature of DP and the heterogeneity of various costs (e.g., computation cost) of the participating clients. However, this kind of collaboration remains largely unexplored in existing works. To fill in this gap, we propose a novel analytical framework based on Stackelberg game to model the collaboration behaviors among clients and the server with reward allocation as incentive in FL with DP. We first conduct rigorous convergence analysis of FL with DP and reveal how clients' multidimensional attributes would affect the convergence performance of FL model. Accordingly, we solve the Stackelberg game and derive the collaboration strategies for both clients and the server. We further devise an approximately optimal algorithm for the server to efficiently conduct the joint optimization of the client set selection, the number of global iterations, and the reward payment for the clients. Numerical evaluations using real-world datasets validate our theoretical analysis and corroborate the superior performance of the proposed solution.

computer science, theory & methods,engineering, electrical & electronic

Shengnan Guo,Jianfeng Yang,Shigong Long,Xibin Wang,Guangyuan Liu

DOI: https://doi.org/10.1038/s41598-024-77428-0

IF: 4.6

2024-11-07

Scientific Reports

Abstract:Spurred by the simultaneous need for data privacy protection and data sharing, federated learning (FL) has been proposed. However, it still poses a risk of privacy leakage in it. This paper, an improved Differential Privacy (DP) algorithm to protect the federated learning model. Additionally, the Fast Fourier Transform (FFT) is used in the computation of the privacy budget , to minimize the impact of limited arithmetic resources and numerous users on the effectiveness of training model. Moreover, instead of direct analyses of the privacy budget through various methods, Privacy Loss Distribution (PLD) and privacy curves are adopted, while the number of artificial assignments hyperparameters is reduced, and the grid parameters delineated for FFT use are improved. The improved algorithm tightens parameter bounds and minimizes human factors' influence with minimal efficiency impact. It decreases the errors caused by truncation and discreteness of PLDs while expanding the discreteness interval to reduce the calculation workload. Furthermore, an improved activation function using a temper sigmoid with only one parameter , smooths the accuracy curve and mitigates drastically fluctuating scenarios during model training. Finally, simulation results on real datasets show that our improved DP algorithm, which accounts for long trailing, facilitates a better balance between privacy and utility in federated learning models.

multidisciplinary sciences

Jianzhe Zhao,Keming Mao,Chenxi Huang,Yuyang Zeng

DOI: https://doi.org/10.1155/2021/3344862

IF: 1.4

2021-01-01

Discrete Dynamics in Nature and Society

Abstract:Secure and trusted cross-platform knowledge sharing is significant for modern intelligent data analysis. To address the trade-off problems between privacy and utility in complex federated learning, a novel differentially private federated learning framework is proposed. First, the impact of data heterogeneity of participants on global model accuracy is analyzed quantitatively based on 1-Wasserstein distance. Then, we design a multilevel and multiparticipant dynamic allocation method of privacy budget to reduce the injected noise, and the utility can be improved efficiently. Finally, they are integrated, and a novel adaptive differentially private federated learning algorithm (A-DPFL) is designed. Comprehensive experiments on redefined non-I.I.D MNIST and CIFAR-10 datasets are conducted, and the results demonstrate the superiority of model accuracy, convergence, and robustness.

Kang Wei,Jun Li,Chuan Ma,Ming Ding,H. Vincent Poor

DOI: https://doi.org/10.1007/978-3-030-70604-3_3

2021-01-01

Abstract:Federated learning (FL), a type of collaborative machine learning framework, is capable of helping protect users’ private data while training the data into useful models. Nevertheless, privacy leakage may still happen by analyzing the exchanged parameters, e.g., weights and biases in deep neural networks, between the central server and clients. In this chapter, to effectively prevent information leakage, we investigate a differential privacy mechanism in which, at the clients’ side, artificial noises are added to parameters before uploading. Moreover, we propose a K-client random scheduling policy, in which K clients are randomly selected from a total of N clients to participate in each communication round. Furthermore, a theoretical convergence bound is derived from the loss function of the trained FL model. In detail, considering a fixed privacy level, the theoretical bound reveals that there exists an optimal number of clients K that can achieve the best convergence performance due to the tradeoff between the volume of user data and the variances of aggregated artificial noises. To optimize this tradeoff, we further provide a differentially private FL based client selection (DP-FedCS) algorithm, which can dynamically select the number of training clients. Our experimental results validate our theoretical conclusions and also show that the proposed algorithm can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Jiawei Yang,Shuhong Chen,Guojun Wang,Zijia Wang,Zhiyong Jie,Muhammad Arif

DOI: https://doi.org/10.1007/s11042-023-16543-y

IF: 2.577

2023-08-31

Multimedia Tools and Applications

Abstract:Federated learning(FL) is a popular distributed machine learning framework which can protect users' private data from being exposed to adversaries. However, related work shows that sensitive private information can still be compromised by analyzing parameters uploaded by clients. Applying differential privacy to federated learning has been a popular privacy-preserving way to achieve strict privacy guarantees in recent years. To reduce the impact of noise, this paper proposes to apply local differential privacy(LDP) to federated learning. We propose a gradient compression federated learning framework based on adaptive local differential privacy budget allocation(GFL-ALDPA). We propose a novel adaptive privacy budget allocation scheme based on communication rounds to reduce the loss of privacy budget and the amount of model noise. It can maximize the limited privacy budget and improve the model accuracy by assigning different privacy budgets to different communication rounds during training. Furthermore, we also propose a gradient compression mechanism based on dimension reduction, which can reduce the communication cost, overall noise size, and loss of the total privacy budget of the model simultaneously to ensure accuracy under a specific privacy-preserving guarantee. Finally, this paper presents the experimental evaluation on the MINIST dataset. Theoretical analysis and experiments demonstrate that our framework can achieve a better trade-off between privacy preservation, communication efficiency, and model accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Lin Chen,Xiaofeng Ding,Zhifeng Bao,Pan Zhou,Hai Jin

DOI: https://doi.org/10.1109/tkde.2024.3379001

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Federated learning (FL) has attracted increasing attention in recent years due to its data privacy preservation and great applicability to large-scale user scenarios. However, when FL faces numerous clients, it is inevitable to emerge the non-independent and identically distributed (non-iid) data between clients, which brings an enormous challenge for model training and performance analysis like convergence. Besides, due to the non-iid data, the participating clients of FL tend to be extremely heterogeneous so the number of samplings among clients causes a sampling variance problem, which induces a huge variation in convergence. More importantly, although FL can foster privacy security via locally retaining the training data, if local data is secret and sensitive, FL should have more powerful privacy protection to resist the cloud server or third party to infer private information from shared models or intermediate gradients. Facing the non-iid and privacy challenges, we propose a differential privacy (DP) based non-iid FL algorithm called DPNFL to jointly tackle these two issues. Specifically, motivated by the DP and its variants, we are the first to adopt the truncated concentrated differential privacy technique under the FL scenario to more tightly track end-to-end privacy loss, while requiring less noise injection for the same level of DP. To avoid the sampling variance problem, we enable the server to sample the partial clients uniformly without replacement, which also guarantees unbiased sampling. To further improve the algorithm performance, we also propose an adaptive version of DPNFL named AdDPNFL, which adopts the adaptive optimization on the server-side to simultaneously alleviate the impact of non-iid data and DP noise on model utility. Finally, we perform extensive experiments to validate the effectiveness and superiority of our algorithms.

Mahtab Talaei,Iman Izadi

2024-06-27

Abstract:Federated learning (FL), a novel branch of distributed machine learning (ML), develops global models through a private procedure without direct access to local datasets. However, it is still possible to access the model updates (gradient updates of deep neural networks) transferred between clients and servers, potentially revealing sensitive local information to adversaries using model inversion attacks. Differential privacy (DP) offers a promising approach to addressing this issue by adding noise to the parameters. On the other hand, heterogeneities in data structure, storage, communication, and computational capabilities of devices can cause convergence problems and delays in developing the global model. A personalized weighted averaging of local parameters based on the resources of each device can yield a better aggregated model in each round. In this paper, to efficiently preserve privacy, we propose a personalized DP framework that injects noise based on clients' relative impact factors and aggregates parameters while considering heterogeneities and adjusting properties. To fulfill the DP requirements, we first analyze the convergence boundary of the FL algorithm when impact factors are personalized and fixed throughout the learning process. We then further study the convergence property considering time-varying (adaptive) impact factors.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing