Yi Zhang,Yunfan Lu,Fengxia Liu

DOI: https://doi.org/10.4236/jis.2023.142008

2023-01-01

Journal of Information Security

Abstract:Federated learning is a distributed machine learning technique that trains a global model by exchanging model parameters or intermediate results among multiple data sources.Although federated learning achieves physical isolation of data, the local data of federated learning clients are still at risk of leakage under the attack of malicious individuals.For this reason, combining data protection techniques (e.g., differential privacy techniques) with federated learning is a sure way to further improve the data security of federated learning models.In this survey, we review recent advances in the research of differentially-private federated learning models.First, we introduce the workflow of federated learning and the theoretical basis of differential privacy.Then, we review three differentially-private federated learning paradigms: central differential privacy, local differential privacy, and distributed differential privacy.After this, we review the algorithmic optimization and communication cost optimization of federated learning models with differential privacy.Finally, we review the applications of federated learning models with differential privacy in various domains.By systematically summarizing the existing research, we propose future research opportunities.

Mengchu Li,Ye Tian,Yang Feng,Yi Yu

2024-04-09

Abstract:Federated learning is gaining increasing popularity, with data heterogeneity and privacy being two prominent challenges. In this paper, we address both issues within a federated transfer learning framework, aiming to enhance learning on a target data set by leveraging information from multiple heterogeneous source data sets while adhering to privacy constraints. We rigorously formulate the notion of \textit{federated differential privacy}, which offers privacy guarantees for each data set without assuming a trusted central server. Under this privacy constraint, we study three classical statistical problems, namely univariate mean estimation, low-dimensional linear regression, and high-dimensional linear regression. By investigating the minimax rates and identifying the costs of privacy for these problems, we show that federated differential privacy is an intermediate privacy model between the well-established local and central models of differential privacy. Our analyses incorporate data heterogeneity and privacy, highlighting the fundamental costs of both in federated learning and underscoring the benefit of knowledge transfer across data sets.

Machine Learning,Cryptography and Security,Statistics Theory,Methodology

Xiuting Gu,Tianqing Zhu,Jie Li,Tao Zhang,Wei Ren

DOI: https://doi.org/10.1007/978-3-030-65745-1_25

2020-01-01

Abstract:Federated learning is a machine learning framework where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. Naively minimizing an aggregate loss function in such a network may disproportionately advantage or disadvantage some of the clients. Thus, federated learning could raise "unfairness" according to some fairness metrics. Differential privacy is a privacy model used to protect privacy in federated learning with bounded leakage about the presence of a specific point in the training data. Previous work showed that a reduction in accuracy induced by deep private models disproportionately impacts underrepresented groups. This motivates us to analyze the impact of differential privacy on model fairness in federated learning. In this work, we conduct extensive experiments to evaluate the impact of differential privacy on model fairness in federated learning. Experiments show that, with a proper choice of parameters, differential privacy might improve fairness with an ignoble reduction on accuracy.

Ayush K. Varshney,Sonakshi Garg,Arka Ghosh,Sargam Gupta

DOI: https://doi.org/10.48550/arXiv.2305.13878

2023-05-23

Abstract:Federated learning (FL) is a distributed machine learning strategy that enables participants to collaborate and train a shared model without sharing their individual datasets. Privacy and fairness are crucial considerations in FL. While FL promotes privacy by minimizing the amount of user data stored on central servers, it still poses privacy risks that need to be addressed. Industry standards such as differential privacy, secure multi-party computation, homomorphic encryption, and secure aggregation protocols are followed to ensure privacy in FL. Fairness is also a critical issue in FL, as models can inherit biases present in local datasets, leading to unfair predictions. Balancing privacy and fairness in FL is a challenge, as privacy requires protecting user data while fairness requires representative training data. This paper presents a "Fair Differentially Private Federated Learning Framework" that addresses the challenges of generating a fair global model without validation data and creating a globally private differential model. The framework employs clipping techniques for biased model updates and Gaussian mechanisms for differential privacy. The paper also reviews related works on privacy and fairness in FL, highlighting recent advancements and approaches to mitigate bias and ensure privacy. Achieving privacy and fairness in FL requires careful consideration of specific contexts and requirements, taking into account the latest developments in industry standards and techniques.

Machine Learning,Computers and Society

Kang Wei,Jun Li,Chuan Ma,Ming Ding,H. Vincent Poor

DOI: https://doi.org/10.1007/978-3-030-70604-3_3

2021-01-01

Abstract:Federated learning (FL), a type of collaborative machine learning framework, is capable of helping protect users’ private data while training the data into useful models. Nevertheless, privacy leakage may still happen by analyzing the exchanged parameters, e.g., weights and biases in deep neural networks, between the central server and clients. In this chapter, to effectively prevent information leakage, we investigate a differential privacy mechanism in which, at the clients’ side, artificial noises are added to parameters before uploading. Moreover, we propose a K-client random scheduling policy, in which K clients are randomly selected from a total of N clients to participate in each communication round. Furthermore, a theoretical convergence bound is derived from the loss function of the trained FL model. In detail, considering a fixed privacy level, the theoretical bound reveals that there exists an optimal number of clients K that can achieve the best convergence performance due to the tradeoff between the volume of user data and the variances of aggregated artificial noises. To optimize this tradeoff, we further provide a differentially private FL based client selection (DP-FedCS) algorithm, which can dynamically select the number of training clients. Our experimental results validate our theoretical conclusions and also show that the proposed algorithm can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Sheng Shen,Tianqing Zhu,Di Wu,Wei Wang,Wanlei Zhou

DOI: https://doi.org/10.1002/cpe.6002

2020-09-23

Concurrency and Computation: Practice and Experience

Abstract:<p>Federated learning is an improved version of distributed machine learning that further offloads operations which would usually be performed by a central server. The server becomes more like an assistant coordinating clients to work together rather than micromanaging the workforce as in traditional DML. One of the greatest advantages of federated learning is the additional privacy and security guarantees it affords. Federated learning architecture relies on smart devices, such as smartphones and IoT sensors, that collect and process their own data, so sensitive information never has to leave the client device. Rather, clients train a submodel locally and send an encrypted update to the central server for aggregation into the global model. These strong privacy guarantees make federated learning an attractive choice in a world where data breaches and information theft are common and serious threats. This survey outlines the landscape and latest developments in data privacy and security for federated learning. We identify the different mechanisms used to provide privacy and security, such as differential privacy, secure multiparty computation and secure aggregation. We also survey the current attack models, identifying the areas of vulnerability and the strategies adversaries use to penetrate federated systems. The survey concludes with a discussion on the open challenges and potential directions of future work in this increasingly popular learning paradigm.</p>

English Else

Beatrice Balbierer,Lukas Heinlein,Domenique Zipperling,Niklas Kühl

2024-10-27

Abstract:Federated Learning presents a way to revolutionize AI applications by eliminating the necessity for data sharing. Yet, research has shown that information can still be extracted during training, making additional privacy-preserving measures such as differential privacy imperative. To implement real-world federated learning applications, fairness, ranging from a fair distribution of performance to non-discriminative behaviour, must be considered. Particularly in high-risk applications (e.g. healthcare), avoiding the repetition of past discriminatory errors is paramount. As recent research has demonstrated an inherent tension between privacy and fairness, we conduct a multivocal literature review to examine the current methods to integrate privacy and fairness in federated learning. Our analyses illustrate that the relationship between privacy and fairness has been neglected, posing a critical risk for real-world applications. We highlight the need to explore the relationship between privacy, fairness, and performance, advocating for the creation of integrated federated learning frameworks.

Machine Learning,Artificial Intelligence

Qinqing Zheng,Shuxiao Chen,Qi Long,Weijie J Su

Abstract:Federated learning (FL) is a training paradigm where the clients collaboratively learn models by repeatedly sharing information without compromising much on the privacy of their local sensitive data. In this paper, we introduce federated f-differential privacy, a new notion specifically tailored to the federated setting, based on the framework of Gaussian differential privacy. Federated f-differential privacy operates on record level: it provides the privacy guarantee on each individual record of one client's data against adversaries. We then propose a generic private federated learning framework PriFedSync that accommodates a large family of state-of-the-art FL algorithms, which provably achieves federated f-differential privacy. Finally, we empirically demonstrate the trade-off between privacy guarantee and prediction performance for models trained by PriFedSync in computer vision tasks.

Nima Mohammadi,Jianan Bai,Qiang Fan,Yifei Song,Yang Yi,Lingjia Liu

DOI: https://doi.org/10.48550/arXiv.2101.12240

IF: 5.414

2021-01-28

Machine Learning

Abstract:The performance of federated learning systems is bottlenecked by communication costs and training variance. The communication overhead problem is usually addressed by three communication-reduction techniques, namely, model compression, partial device participation, and periodic aggregation, at the cost of increased training variance. Different from traditional distributed learning systems, federated learning suffers from data heterogeneity (since the devices sample their data from possibly different distributions), which induces additional variance among devices during training. Various variance-reduced training algorithms have been introduced to combat the effects of data heterogeneity, while they usually cost additional communication resources to deliver necessary control information. Additionally, data privacy remains a critical issue in FL, and thus there have been attempts at bringing Differential Privacy to this framework as a mediator between utility and privacy requirements. This paper investigates the trade-offs between communication costs and training variance under a resource-constrained federated system theoretically and experimentally, and how communication reduction techniques interplay in a differentially private setting. The results provide important insights into designing practical privacy-aware federated learning systems.

Xiuting Gu,Zhu Tianqing,Jie Li,Tao Zhang,Wei Ren,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.cose.2022.102907

2022-11-01

Abstract:As applications of machine learning become increasingly widespread, the need to ensure model accuracy and fairness while protecting the privacy of user data becomes more pronounced. On this note, this paper introduces a federated learning training model, which allow clients to simultaneously learn their model and update the associated parameters on a centralized server. In our approach, we seek to achieve an acceptable trade-off between privacy, accuracy, and model fairness by using differential privacy (DP), which also helps to minimize privacy risks by protecting the presence of a specific sample in the training data. Machine learning models can, however, exhibit unintended behaviors, such as unfairness, which result in groups with certain sensitive characteristics (e.g., gender) receiving different patterns of outcomes. Hence, we discuss the fairness and privacy effect of local DP and global DP when applied to federated learning by designing a fair and privacy quantification mechanism. In doing so, we can achieve an acceptable trade-off between accuracy, privacy, and model fairness. We quantify the level of fairness based on the constraints of three definitions of fairness, including demographic parity, equal odds, and equality of opportunity. Finally, findings from our extensive experiments conducted on three real-world datasets with class imbalance demonstrate the positive effect of local and global DP on fairness. Our study also shows that privacy can come at the cost of fairness, as stricter privacy can intensify discrimination. Hence, we posit that careful parameter selection can potentially help achieve a more effective trade-off between utility, bias, and privacy.

computer science, information systems

David Byrd,Antigoni Polychroniadou

DOI: https://doi.org/10.1145/3383455.3422562

2020-10-15

Abstract:Federated Learning enables a population of clients, working with a trusted server, to collaboratively learn a shared machine learning model while keeping each client&#x27;s data within its own local systems. This reduces the risk of exposing sensitive data, but it is still possible to reverse engineer information about a client&#x27;s private data set from communicated model parameters. Most federated learning systems therefore use differential privacy to introduce noise to the parameters. This adds uncertainty to any attempt to reveal private client data, but also reduces the accuracy of the shared model, limiting the useful scale of privacy-preserving noise. A system can further reduce the coordinating server&#x27;s ability to recover private client information, without additional accuracy loss, by also including secure multiparty computation. An approach combining both techniques is especially relevant to financial firms as it allows new possibilities for collaborative learning without exposing sensitive client data. This could produce more accurate models for important tasks like optimal trade execution, credit origination, or fraud detection. The key contributions of this paper are: We present a privacy-preserving federated learning protocol to a non-specialist audience, demonstrate it using logistic regression on a real-world credit card fraud data set, and evaluate it using an open-source simulation platform which we have adapted for the development of federated learning systems.

Ahmed El Ouadrhiri,Ahmed Abdelhadi

DOI: https://doi.org/10.1109/access.2022.3151670

IF: 3.9

2022-01-01

IEEE Access

Abstract:Users’ privacy is vulnerable at all stages of the deep learning process. Sensitive information of users may be disclosed during data collection, during training, or even after releasing the trained learning model. Differential privacy (DP) is one of the main approaches proven to ensure strong privacy protection in data analysis. DP protects the users’ privacy by adding noise to the original dataset or the learning parameters. Thus, an attacker could not retrieve the sensitive information of an individual involved in the training dataset. In this survey paper, we analyze and present the main ideas based on DP to guarantee users’ privacy in deep and federated learning. In addition, we illustrate all types of probability distributions that satisfy the DP mechanism, with their properties and use cases. Furthermore, we bridge the gap in the literature by providing a comprehensive overview of the different variants of DP, highlighting their advantages and limitations. Our study reveals the gap between theory and application, accuracy, and robustness of DP. Finally, we provide several open problems and future research directions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhe Zhang,Ryumei Nakada,Linjun Zhang

2024-04-25

Abstract:Differentially private federated learning is crucial for maintaining privacy in distributed environments. This paper investigates the challenges of high-dimensional estimation and inference under the constraints of differential privacy. First, we study scenarios involving an untrusted central server, demonstrating the inherent difficulties of accurate estimation in high-dimensional problems. Our findings indicate that the tight minimax rates depends on the high-dimensionality of the data even with sparsity assumptions. Second, we consider a scenario with a trusted central server and introduce a novel federated estimation algorithm tailored for linear regression models. This algorithm effectively handles the slight variations among models distributed across different machines. We also propose methods for statistical inference, including coordinate-wise confidence intervals for individual parameters and strategies for simultaneous inference. Extensive simulation experiments support our theoretical advances, underscoring the efficacy and reliability of our approaches.

Machine Learning,Cryptography and Security,Statistics Theory,Methodology

Kai Hu,Sheng Gong,Qi Zhang,Chaowen Seng,Min Xia,Shanshan Jiang

DOI: https://doi.org/10.1007/s10462-024-10846-8

IF: 9.588

2024-07-13

Artificial Intelligence Review

Abstract:Federated learning has received a great deal of research attention recently,with privacy protection becoming a key factor in the development of artificial intelligence. Federated learning is a special kind of distributed learning framework, which allows multiple users to participate in model training while ensuring that their privacy is not compromised; however, this paradigm is still vulnerable to security and privacy threats from various attackers. This paper focuses on the security and privacy threats related to federated learning. First, we analyse the current research and development status of federated learning through use of the CiteSpace literature search tool. Next, we describe the basic concepts and threat models, and then analyse the security and privacy vulnerabilities within current federated learning architectures. Finally, the directions of development in this area are further discussed in the context of current advanced defence solutions, for which we provide a summary and comparison.

computer science, artificial intelligence

Juan Mao,Chunjie Cao,LongJuan Wang,Jun Ye,WenJie Zhong

DOI: https://doi.org/10.1088/1742-6596/1757/1/012192

2021-01-01

Journal of Physics Conference Series

Abstract:With the emergence of data islands and the popular awareness of privacy, federated learning, as an emerging data sharing and exchange model, can realize multi-party collaboration under the premise of protecting data privacy and security because the data distributed in multiple devices cannot be sent locally. To achieve benefits for all parties involved, it has been widely used in many fields such as finance, medical care, and education. However, FL also has various security and privacy issues. Starting from the overview of federated learning, this article describes in detail the threat model and existing security issues, including replay attacks, poisoning attacks, reasoning attacks, etc., and then makes a certain analysis of FL privacy protection security technologies. Compared with SMC and HE, differential privacy is excellent in terms of efficiency. Finally, we discussed the challenges of privacy protection and security issues and future research directions.

Jianzhe Zhao,Keming Mao,Chenxi Huang,Yuyang Zeng

DOI: https://doi.org/10.1155/2021/3344862

IF: 1.4

2021-01-01

Discrete Dynamics in Nature and Society

Abstract:Secure and trusted cross-platform knowledge sharing is significant for modern intelligent data analysis. To address the trade-off problems between privacy and utility in complex federated learning, a novel differentially private federated learning framework is proposed. First, the impact of data heterogeneity of participants on global model accuracy is analyzed quantitatively based on 1-Wasserstein distance. Then, we design a multilevel and multiparticipant dynamic allocation method of privacy budget to reduce the injected noise, and the utility can be improved efficiently. Finally, they are integrated, and a novel adaptive differentially private federated learning algorithm (A-DPFL) is designed. Comprehensive experiments on redefined non-I.I.D MNIST and CIFAR-10 datasets are conducted, and the results demonstrate the superiority of model accuracy, convergence, and robustness.

Xu Ma,Xiaoqian Sun,Yuduo Wu,Zheli Liu,Xiaofeng Chen,Changyu Dong

DOI: https://doi.org/10.1109/tpds.2022.3167434

IF: 5.3

2022-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Federated learning is a collaborative machine learning framework where a global model is trained by different organizations under the privacy restrictions. Promising as it is, privacy and robustness issues emerge when an adversary attempts to infer the private information from the exchanged parameters or compromise the global model. Various protocols have been proposed to counter the security risks, however, it becomes challenging when one wants to make federated learning protocols robust against Byzantine adversaries while preserving the privacy of the individual participant. In this article, we propose a differentially private Byzantine-robust federated learning scheme (DPBFL) with high computation and communication efficiency. The proposed scheme is effective in preventing adversarial attacks launched by the Byzantine participants and achieves differential privacy through a novel aggregation protocol in the shuffle model. The theoretical analysis indicates that the proposed scheme converges to the approximate optimal solution with the learning error dependent on the differential privacy budget and the number of Byzantine participants. Experimental results on MNIST, FashionMNIST and CIFAR10 demonstrate that the proposed scheme is effective and efficient.

Hashan Ratnayake,Lin Chen,Xiaofeng Ding

DOI: https://doi.org/10.1007/s10844-023-00797-x

2023-01-01

Journal of Intelligent Information Systems

Abstract:The data generated and stored in mobile devices owned by individuals as well as in various organizations contains a large amount of valuable and important information that can be used to improve service quality, user experience, and satisfaction. However, due to privacy concerns, many entities are reluctant to share their data with others, and this is a major barrier to developing comprehensive models that can provide accurate predictions. Federated learning is a state-of-the-art distributed machine learning approach where multiple clients are allowed to collaboratively train a model while keeping their private training data locally. Although federated learning seems to be a viable solution for jointly training a machine learning model without compromising privacy, sensitive privacy information may still be leaked through shared model parameters and query results. Over the past six years, the researchers have extensively studied privacy protection enhancements of federated learning, and they have revealed that general privacy protection mechanisms can be adopted to mitigate privacy issues of federated learning. However, protecting privacy through federated learning while maintaining data utility is still an open issue. This article provides an overview of federated learning while discussing privacy leakages, possible defense mechanisms, and future research directions of privacy-preserved federated learning.

Qinbin Li,Zeyi Wen,Zhaomin Wu,Sixu Hu,Naibo Wang,Yuan Li,Xu Liu,Bingsheng He

DOI: https://doi.org/10.1109/tkde.2021.3124599

IF: 9.235

2021-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:As data privacy increasingly becomes a critical societal concern, federated learning has been a hot research topic in enabling the collaborative training of machine learning models among different organizations under the privacy restrictions. As researchers try to support more machine learning models with different privacy-preserving approaches, there is a requirement in developing systems and infrastructures to ease the development of various federated learning algorithms. Similar to deep learning systems such as PyTorch and TensorFlow that boost the development of deep learning, federated learning systems (FLSs) are equivalently important, and face challenges from various aspects such as effectiveness, efficiency, and privacy. In this survey, we conduct a comprehensive review on federated learning systems. To understand the key design system components and guide future research, we introduce the definition of federated learning systems and analyze the system components. Moreover, we provide a thorough categorization for federated learning systems according to six different aspects, including data distribution, machine learning model, privacy mechanism, communication architecture, scale of federation and motivation of federation. The categorization can help the design of federated learning systems as shown in our case studies. By systematically summarizing the existing federated learning systems, we present the design factors, case studies, and future research opportunities.

computer science, information systems, artificial intelligence,engineering, electrical & electronic