Niousha Nazemi,Omid Tavallaie,Shuaijun Chen,Albert Y. Zomaya,Ralph Holz

2024-05-02

Abstract:Federated Learning (FL) is a decentralized machine learning approach where client devices train models locally and send them to a server that performs aggregation to generate a global model. FL is vulnerable to model inversion attacks, where the server can infer sensitive client data from trained models. Google's Secure Aggregation (SecAgg) protocol addresses this data privacy issue by masking each client's trained model using shared secrets and individual elements generated locally on the client's device. Although SecAgg effectively preserves privacy, it imposes considerable communication and computation overhead, especially as network size increases. Building upon SecAgg, this poster introduces a Communication-Efficient Secure Aggregation (CESA) protocol that substantially reduces this overhead by using only two shared secrets per client to mask the model. We propose our method for stable networks with low delay variation and limited client dropouts. CESA is independent of the data distribution and network size (for higher than 6 nodes), preventing the honest-but-curious server from accessing unmasked models. Our initial evaluation reveals that CESA significantly reduces the communication cost compared to SecAgg.

Cryptography and Security

Xincheng Li,Jianting Ning,Geong Sen Poh,Leo Yu Zhang,Xinchun Yin,Tianwei Zhang

DOI: https://doi.org/10.48550/arXiv.2403.06143

2024-03-10

Abstract:Federated learning (FL) facilitates collaborative training of machine learning models among a large number of clients while safeguarding the privacy of their local datasets. However, FL remains susceptible to vulnerabilities such as privacy inference and inversion attacks. Single-server secure aggregation schemes were proposed to address these threats. Nonetheless, they encounter practical constraints due to their round and communication complexities. This work introduces Fluent, a round and communication-efficient secure aggregation scheme for private FL. Fluent has several improvements compared to state-of-the-art solutions like Bell et al. (CCS 2020) and Ma et al. (SP 2023): (1) it eliminates frequent handshakes and secret sharing operations by efficiently reusing the shares across multiple training iterations without leaking any private information; (2) it accomplishes both the consistency check and gradient unmasking in one logical step, thereby reducing another round of communication. With these innovations, Fluent achieves the fewest communication rounds (i.e., two in the collection phase) in the malicious server setting, in contrast to at least three rounds in existing schemes. This significantly minimizes the latency for geographically distributed clients; (3) Fluent also introduces Fluent-Dynamic with a participant selection algorithm and an alternative secret sharing scheme. This can facilitate dynamic client joining and enhance the system flexibility and scalability. We implemented Fluent and compared it with existing solutions. Experimental results show that Fluent improves the computational cost by at least 75% and communication overhead by at least 25% for normal clients. Fluent also reduces the communication overhead for the server at the expense of a marginal increase in computational cost.

Cryptography and Security,Artificial Intelligence

Yanling Li,Junzuo Lai,Rong Zhang,Meng Sun

DOI: https://doi.org/10.1016/j.ins.2023.119830

IF: 8.1

2024-01-01

Information Sciences

Abstract:Federated learning (FL) is a distributed machine learning framework that aims to provide privacy for local datasets while learning a global machine learning model. However, the updates exchanged in FL may indirectly reveal information about the local training datasets. To protect the confidentiality of updates, various solutions using cryptographic schemes such as secret sharing, differential privacy, and homomorphic encryption have been developed. The solutions using secret sharing often have high communication costs, while those using differential privacy require a trade-off between accuracy and privacy. Homomorphic encryption has been used to address these challenges to reduce communication costs and provide provable security. However, existing solutions based on homomorphic encryption require clients to use the same public-private key pair, which may lead to local updates disclosure. To address the existing challenges, we propose a secure and efficient multi-key aggregation protocol (MKAgg) that utilizes homomorphic encryption. The protocol allows clients to drop out at any point during the process. We construct MKAgg based on a two-server model and adopt a proxy re-encryption scheme with additively homomorphic properties to implement secure and efficient ciphertext transformation and calculation. We provide security proof to demonstrate that our MKAgg protocol meets the required security standards. Furthermore, we perform an efficiency analysis of MKAgg and evaluate its performance on various datasets. The results affirm that MKAgg is both effective and efficient for aggregation in the multi-key setting. We then apply MKAgg in FL and develop a multi-key privacy-preserving neural network scheme called MKPNFL. We analyze the security of MKPNFL and conduct tests using real-world datasets. The results demonstrate that MKPNFL is secure and practical for real-world applications.

Fucai Luo,Saif Al-Kuwari,Haiyan Wang,Xingfu Yan

2023-05-22

Abstract:Federated learning (FL) allows a large number of clients to collaboratively train machine learning (ML) models by sending only their local gradients to a central server for aggregation in each training iteration, without sending their raw training data. Unfortunately, recent attacks on FL demonstrate that local gradients may leak information about local training data. In response to such attacks, Bonawitz \textit{et al.} (CCS 2017) proposed a secure aggregation protocol that allows a server to compute the sum of clients' local gradients in a secure manner. However, their secure aggregation protocol requires at least 4 rounds of communication between each client and the server in each training iteration. The number of communication rounds is closely related not only to the total communication cost but also the ML model accuracy, as the number of communication rounds affects client dropouts. In this paper, we propose FSSA, a 3-round secure aggregation protocol, that is efficient in terms of computation and communication, and resilient to client dropouts. We prove the security of FSSA in honest-but-curious setting and show that the security can be maintained even if an arbitrarily chosen subset of clients drop out at any time. We evaluate the performance of FSSA and show that its computation and communication overhead remains low even on large datasets. Furthermore, we conduct an experimental comparison between FSSA and Bonawitz \textit{et al.}'s protocol. The comparison results show that, in addition to reducing the number of communication rounds, FSSA achieves a significant improvement in computational efficiency.

Cryptography and Security

He Huang,Li Duan,Chao Li,Wei Ni

DOI: https://doi.org/10.1109/icws62655.2024.00066

2024-01-01

Abstract:Federated learning (FL), typically coordinated by a centralized server, faces the risk of a single-point failure during the model aggregation process. Moreover, existing privacy protection methods for FL model parameters, such as homomorphic encryption (HE) and differential privacy (DP), still suffer from high computational costs or reduced model availability. Malicious trainers can also transmit erroneous model parameters in FL systems. To address these issues, this paper proposes a secure and efficient model aggregation approach with privacy protection for blockchain-based FL, named SLABFL. The method employs a blockchain network to establish a fully decentralized distributed FL (D-FL) framework, integrating a hybrid privacy protection strategy comprising DP and multi-key homomorphic encryption (MK-HE). This approach ensures the confidentiality of model parameters while achieving precise aggregation. Additionally, a reputation mechanism is introduced to deter malicious participant behavior. The paper concludes with experiments on the MNIST dataset, which show that our proposed SLABFL can achieve accuracy similar to Fedavg and reduce the time overhead caused by HE.

Rouzbeh Behnia,Mohammadreza Ebrahimi,Arman Riasi,Sherman S. M. Chow,Balaji Padmanabhan,Thang Hoang

2023-08-31

Abstract:Secure aggregation protocols ensure the privacy of users' data in the federated learning settings by preventing the disclosure of users' local gradients. Despite their merits, existing aggregation protocols often incur high communication and computation overheads on the participants and might not be optimized to handle the large update vectors for machine learning models efficiently. This paper presents e-SeaFL, an efficient, verifiable secure aggregation protocol taking one communication round in aggregation. e-SeaFL allows the aggregation server to generate proof of honest aggregation for the participants. Our core idea is to employ a set of assisting nodes to help the aggregation server, under similar trust assumptions existing works placed upon the participating users. For verifiability, e-SeaFL uses authenticated homomorphic vector commitments. Our experiments show that the user enjoys five orders of magnitude higher efficiency than the state of the art (PPML 2022) for a gradient vector of a high dimension up to $100,000$.

Cryptography and Security

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.

Jinhyun So,Ramy E. Ali,Basak Guler,Jiantao Jiao,Salman Avestimehr

2023-07-27

Abstract:Secure aggregation is a critical component in federated learning (FL), which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of FL. In fact, we show that the conventional random user selection strategies in FL lead to leaking users' individual models within number of rounds that is linear in the number of users. To address this challenge, we introduce a secure aggregation framework, Multi-RoundSecAgg, with multi-round privacy guarantees. In particular, we introduce a new metric to quantify the privacy guarantees of FL over multiple training rounds, and develop a structured user selection strategy that guarantees the long-term privacy of each user (over any number of training rounds). Our framework also carefully accounts for the fairness and the average number of participating users at each round. Our experiments on MNIST and CIFAR-10 datasets in the IID and the non-IID settings demonstrate the performance improvement over the baselines, both in terms of privacy protection and test accuracy.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Wei Yang,Yuan Yang,Yingjie Xi,Hailong Zhang,Wei Xiang

DOI: https://doi.org/10.1007/s10489-024-05521-y

IF: 5.3

2024-05-28

Applied Intelligence

Abstract:Within the federated learning (FL) framework, the client collaboratively trains the model in coordination with a central server, while the training data can be kept locally on the client. Thus, the FL framework mitigates the privacy disclosure and costs related to conventional centralized machine learning. Nevertheless, current surveys indicate that FL still has problems in terms of communication efficiency and privacy risks. In this paper, to solve these problems, we develop an FL framework with communication-efficient and privacy-preserving (FLCP). To realize the FLCP, we design a novel compression algorithm with efficient communication, namely, adaptive weight compression FedAvg (AWC-FedAvg). On the basis of the non-independent and identically distributed (non-IID) and unbalanced data distribution in FL, a specific compression rate is provided for each client, and homomorphic encryption (HE) and differential privacy (DP) are integrated to provide demonstrable privacy protection and maintain the desirability of the model. Therefore, our proposed FLCP smoothly balances communication efficiency and privacy risks, and we prove its security against "honest-but-curious" servers and extreme collusion under the defined threat model. We evaluate the scheme by comparing it with state-of-the-art results on the MNIST and CIFAR-10 datasets. The results show that the FLCP performs better in terms of training efficiency and model accuracy than the baseline method.

computer science, artificial intelligence

Jiao Zhang,Xiong Li,Ke Gu,Wei Liang,Kuanching Li

DOI: https://doi.org/10.1109/tce.2023.3330501

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Privacy-preserving federated learning (PPFL) is vital for Industry 5.0 digital ecosystems due to the increasing number of interconnected devices and the volume of shared sensitive data. Secure aggregation (SA) protocols are essential components to fulfill the privacy properties of PPFL. However, there are still fundamental challenges to be tackled. For example, statistical and model heterogeneous characteristics across terminal devices, communication bottlenecks, and the requirement of inputting integers rather than real values in cryptographic operations. To overcome these problems, we propose RF-HFL, a novel secure aggregation scheme for PPFL in digital ecosystems with the capability to act on non-independent and identically distributed (non-IID) data. The scheme distills Representative Factors from each edge device through a self-attention-based neural network and transfers the average of these factors to the server for aggregation. The central model is then sent back to the devices for regularizing decentralized training models. The data transmitted between the devices and server are greatly reduced, henceforth significantly decreasing the communication overhead in PPFL. Theoretical analyses are provided for correctness, security and convergence. We set a benchmark for comparing our proposed scheme with several state-of-the-art SA protocols or algorithms in heterogeneous PPFL. Results demonstrate the effectiveness and efficiency of RF-HFL on multiple datasets.

Jiao Zhang,Xiong Li,Wei Liang,Pandi Vijayakumar,Fayez Alqahtani,Amr Tolba

DOI: https://doi.org/10.1109/jiot.2024.3400389

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:As a typical privacy-aware machine learning paradigm, federated learning (FL) provides facilities to individually train edge clients with their private data and aggregate the central global model. In this way, privacy leakage can be prevented. Massive communication overhead caused by exchanging updated weights between clients and the server is one of the main obstacles in this strategy. Prior work advocates compressing the weights by employing quantization, gradient sparsification, and knowledge distillation approaches. However, most of them cannot be readily applied to secure aggregation in privacy-aware FL. Some research has made great progress in directly utilizing benchmark secure aggregation protocols on top of the non-privacy-aware FL. Graph-based and gradient-based sparsification has been widely adopted in previous studies. However, the results of reducing communication costs are still unsatisfactory. In this paper, we present a novel communication-efficient privacy-ware FL algorithm from a distinct perspective. We design a new Two-Phase Sparsification with Secure Aggregation (TPSSA) algorithm. In the subnetwork phase, we identify sparse subnetworks by freezing the initial random weights in sufficiently overparametrized networks. All edge clients collaboratively train to discover their subnetwork inside a dense randomly weighted neural network. Then the server aggregates to compute the global model. In the gradient phase, for each pair of edge clients, we introduce pairwise multiplicative random masks to identify the sparsification pattern. Then updates from surviving clients can be correctly cancelled out during the aggregation process in the server. Theoretical analysis reveals convergence, privacy and performance guarantee. We show improvements in accuracy, communication, and computation over traditional and sparsified secure aggregation benchmarks on two real-world datasets.

Qihao Dong,Shengyuan Yang,Zhiyang Dai,Yansong Gao,Shang Wang,Yuan Cao,Anmin Fu,Willy Susilo

DOI: https://doi.org/10.1109/tifs.2024.3477912

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Byzantine-robust federated learning (FL) endeavors to empower service providers in acquiring a precise global model, even in the presence of potentially malicious FL clients. While considerable strides have been taken in the development of robust aggregation algorithms for FL in recent years, their efficacy is confined to addressing particular forms of Byzantine attacks, and they exhibit vulnerabilities when confronted with a spectrum of attack vectors. Notably, a prevailing issue lies in the heavy reliance of these algorithms on the examination of local model gradients. It is worth noting that an attacker possesses the ability to manipulate a carefully chosen small gradient of a model within a context where there could be millions of gradients available, thereby facilitating adaptive attacks. Drawing inspiration from the foundational Shapley value methodology in game theory, we introduce an effective FL scheme named CareFL. This scheme is designed to provide robustness against a spectrum of state-of-the-art Byzantine attacks. Unlike approaches that rely on the examination of gradients, CareFL employs a universal metric, the loss of the local model-independent of specific gradients, to identify potentially malicious clients. Specifically, in each aggregation round, the FL server trains a reference model using a small auxiliary dataset- the auxiliary dataset can be removed with a slight defense degradation trade-off. It employs the Shapley value to assess the contribution of each client-submitted model in minimizing the global model loss. Subsequently, the server selects client models closer to the reference model in terms of Shapley values for the global model update. To reduce the computational overhead of CareFL when the number of clients is relatively scaled-up, we construct its variant, namely CareFL+ generally by grouping clients. Extensive experimentation conducted on well-established MNIST and CIFAR-10 datasets, encompassing diverse model architectures, including AlexNet, demonstrates that CareFL consistently achieves accuracy levels comparable to those attained under attack-free conditions when faced with five formidable attacks. CareFL and CareFL+ outperform six existing state-of-the-art Byzantine-robust FL aggregation methods, including FLTrust, across both IID and non-IID data distribution settings.

Yinbin Miao,Ziteng Liu,Xinghua Li,Meng Li,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tdsc.2023.3304788

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Federated Learning (FL) ensures collaborative learning among multiple clients while maintaining data locally. However, the traditional synchronous FL solutions have lower accuracy and require more communication time in scenarios where most devices drop out during learning. Therefore, we propose an Asy nchronous F ederated L earning (AsyFL) scheme using time-weighted and stale model aggregation, which effectively solves the problem of poor model performance due to the heterogeneity of devices. Then, we integrate Symmetric Homomorphic Encryption (SHE) into AsyFL to propose Asy nchronous P rivacy- P reserving F ederated L earning (Asy-PPFL), which protects the privacy of clients and achieves lightweight computing. Privacy analysis shows that Asy-PPFL is indistinguishable under Known Plaintext Attack (KPA) and convergence analysis proves the effectiveness of our schemes. A large number of experiments show that AsyFL and Asy-PPFL can achieve the highest accuracy of 58.40% and 58.26% on Cifar-10 dataset when most clients (i.e., 80%) are offline or delayed, respectively.

Natalie Lang,Nir Shlezinger,Rafael G. L. D'Oliveira,Salim El Rouayheb

2023-08-01

Abstract:Federated learning (FL) is an emerging paradigm that allows a central server to train machine learning models using remote users' data. Despite its growing popularity, FL faces challenges in preserving the privacy of local datasets, its sensitivity to poisoning attacks by malicious users, and its communication overhead. The latter is additionally considerably dominant in large-scale networks. These limitations are often individually mitigated by local differential privacy (LDP) mechanisms, robust aggregation, compression, and user selection techniques, which typically come at the cost of accuracy. In this work, we present compressed private aggregation (CPA), that allows massive deployments to simultaneously communicate at extremely low bit rates while achieving privacy, anonymity, and resilience to malicious users. CPA randomizes a codebook for compressing the data into a few bits using nested lattice quantizers, while ensuring anonymity and robustness, with a subsequent perturbation to hold LDP. The proposed CPA is proven to result in FL convergence in the same asymptotic rate as FL without privacy, compression, and robustness considerations, while satisfying both anonymity and LDP requirements. These analytical properties are empirically confirmed in a numerical study, where we demonstrate the performance gains of CPA compared with separate mechanisms for compression and privacy for training different image classification models, as well as its robustness in mitigating the harmful effects of malicious users.

Cryptography and Security

Yiran Liu,Ye Dong,Hao Wang,Han Jiang,Qiuliang Xu

DOI: https://doi.org/10.1109/jiot.2022.3176305

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL), as a prospective way to process and analyze the massive data from the Internet of Things (IoT) devices, has attracted increasing attention from academia and industry. However, considering the unreliable nature of IoT devices, ensuring the efficiency of FL while protecting the privacy of devices’ input data is a challenging task. To address these issues, we propose a secure aggregation protocol based on efficient additive secret sharing in the fog-computing (FC) setting. As the secure aggregation is performed frequently in the training process of FL, the protocol should have low communication and computation overhead. First, we use a fog node (FN) as an intermediate processing unit to provide local services which can assist the cloud server aggregated the sum during the training process. Second, we design a light Request-then-Broadcast method to ensure our protocol has the robustness to dropped-out clients. Our protocol also provides two simple new client selection methods. The security and performance of our protocol are analyzed and compared with existed schemes. We conduct experiments on high-dimensional inputs, and our experimental results demonstrate about 24– $168\times $ improvement in computation overhead and 87– $287\times $ improvement in communication overhead compared to Google’s secure aggregation protocol (Bonwatiwz et al. CCS17).

Lvjun Chen,Di Xiao,Xiangli Xiao,Yushu Zhang

DOI: https://doi.org/10.1109/tifs.2024.3486611

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) facilitates collaborative training of a global model without sharing the participants’ raw data. Nevertheless, existing FL approaches still face three major issues: 1) How to propose a more efficient and secure privacy-preserving method; 2) How to verify the identity of participants to ensure they are not impersonators; 3) How to reduce the significant communication cost. To address the aforementioned concerns, several schemes have been proposed. However, these schemes suffer from flaws in security, efficiency, and functionality. Furthermore, few researches have considered the possibility of adversaries impersonating legitimate participants to undermine the integrity and availability of the model or launch a free-riding attack. In this paper, we first combine the advantages of secret sharing, Diffie-Hellman key agreement, and functional encryption to develop an authenticable secure multi-party computing algorithm (SDF-ASMC). This algorithm can guarantee the security of transmitted data and provide authentication functionality in the absence of a trusted third party. Moreover, an efficient, secure, and authenticable FL algorithm (ESAFL), which leverages compressed sensing and all-or-nothing transform, is introduced to reduce the transmission and encryption of local gradients. Then, only the final element of the transformed measurements is encrypted by our proposed SDF-ASMC to protect all the measurements. This method effectively improves the efficiency of our algorithm. In addition, ESAFL also tolerates participants’ dropout. Security analysis demonstrates that our proposed algorithms can securely aggregate local gradients. Finally, the extensive experiments demonstrate the practical performance of our proposed algorithms.

Xiaoyi Yang,Yanqi Zhao,Dian Chen,Yong Yu,Xiaojiang Du,Mohsen Guizani

DOI: https://doi.org/10.1109/mnet.001.2200214

IF: 10.294

2022-01-01

IEEE Network

Abstract:In the Internet of things (IoT) networks, largescale IoT devices are connected to the Internet to collect users' data. As a distributed machine learning paradigm, federated learning (FL) collaboratively trains the global model by utilizing large-scale distributed devices, while protecting the privacy of the local data sets of each participant. Federated learning with secure aggregation employs an aggregation server (aggregator) to compute a multiparty sum of model parameter updates of each participants in a secure manner and further realizes the updates. However, existing schemes are usually based on semi-honest assumptions, which make them vulnerable to malicious clients. In addition, they address the random client dropouts problem by increasing the data size, which brings a large communication overhead. To solve these issues, we propose an accountable and verifiable secure aggregation for federated learning framework. Specifically, we employ an SMC protocol based on homomorphic proxy re-authenticators and homomorphic proxy re-encryption to execute secure aggregation, while integrating the blockchain to realize the function of penalty for malicious behavior. Our framework can guarantee the verifiability of data provenance and is accountable for malicious clients. To demonstrate the usability of our framework, we evaluate the specific cryptography schemes and develop a blockchain-based prototype system by using solidity language to test the performance of the framework.

Yanli Ren,Yerong Li,Guorui Feng,Xinpeng Zhang

DOI: https://doi.org/10.1109/jiot.2022.3194930

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a distributed machine learning framework, which allows multiple users to collaboratively train and obtain a global model with high accuracy. Currently, FL is paid more attention by researchers and a growing number of protocols are proposed. This article first analyzes the security vulnerabilities of the VerifyNet and VeriFL protocols, and proposes a new aggregation protocol for FL. We use additive homomorphic encryption and double masking to simultaneously protect the user’s local model and the aggregated global model while most of the existing protocols only consider the privacy of the local model. Also, linear homomorphic hash and digital signature are used to achieve traceable verification, which means the users can not only verify the aggregation results, but also be able to identify the wrong epoch if the results are wrong. In summary, our protocol can realize the privacy of the local model and global model and achieve verification traceability even if the cloud server colludes with malicious users. The experimental results show that the proposed protocol improves the security of FL without decreasing the efficiency of the users and classification accuracy of the training model.

Xinchi Qiu,Heng Pan,Wanru Zhao,Chenyang Ma,Pedro Porto Buarque de Gusmão,Nicholas D. Lane

2023-05-19

Abstract:The majority of work in privacy-preserving federated learning (FL) has been focusing on horizontally partitioned datasets where clients share the same sets of features and can train complete models independently. However, in many interesting problems, such as financial fraud detection and disease detection, individual data points are scattered across different clients/organizations in vertical federated learning. Solutions for this type of FL require the exchange of gradients between participants and rarely consider privacy and security concerns, posing a potential risk of privacy leakage. In this work, we present a novel design for training vertical FL securely and efficiently using state-of-the-art security modules for secure aggregation. We demonstrate empirically that our method does not impact training performance whilst obtaining 9.1e2 ~3.8e4 speedup compared to homomorphic encryption (HE).

Machine Learning,Artificial Intelligence,Cryptography and Security

Zihan Chen,Kai Fong Ernest Chong,Tony Q. S. Quek

DOI: https://doi.org/10.48550/arXiv.2108.05765

2021-08-12

Abstract:Federated learning (FL) offers a solution to train a global machine learning model while still maintaining data privacy, without needing access to data stored locally at the clients. However, FL suffers performance degradation when client data distribution is non-IID, and a longer training duration to combat this degradation may not necessarily be feasible due to communication limitations. To address this challenge, we propose a new adaptive training algorithm $\texttt{AdaFL}$, which comprises two components: (i) an attention-based client selection mechanism for a fairer training scheme among the clients; and (ii) a dynamic fraction method to balance the trade-off between performance stability and communication efficiency. Experimental results show that our $\texttt{AdaFL}$ algorithm outperforms the usual $\texttt{FedAvg}$ algorithm, and can be incorporated to further improve various state-of-the-art FL algorithms, with respect to three aspects: model accuracy, performance stability, and communication efficiency.

Machine Learning,Distributed, Parallel, and Cluster Computing