Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Lifeng Liu,Yifan Hu,Jiawei Yu,Fengda Zhang,Gang Huang,Jun Xiao,Chao Wu

DOI: https://doi.org/10.1145/3387168.3387211

2019-01-01

Abstract:Currently, training neural networks often requires a large corpus of data from multiple parties. However, data owners are reluctant to share their sensitive data to third parties for modelling in many cases. Therefore, Federated Learning (FL) has arisen as an alternative to enable collaborative training of models without sharing raw data, by distributing modelling tasks to multiple data owners. Based on FL, we premodel sent a novel and decentralized approach to training encrypted models with privacy-preserved data on Blockchain. In our approach, Blockchain is adopted as the machine learning environment where different actors (i.e., the model provider, the data provider) collaborate on the training task. During the training process, an encryption algorithm is used to protect the privacy of data and the trained model. Our experiments demonstrate that our approach is practical in real-world applications.

Shuang Zhao,Yalun Wu,Rui Sun,Xiaoai Qian,Dong Zi,Zhiqiang Xie,Endong Tong,Wenjia Niu,Jiqiang Liu,Zhen Han

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys53884.2021.00150

2021-01-01

Abstract:To solve the data silos and data security dilemma faced by machine learning (ML), the concept of federated learning (FL) was first proposed, and federated learning has also attracted great attention from the information security community in recent years, where the most concerned issue is the security of data and models in federated learning. The current centralized federated learning scheme is prone to single point of failure as well as central server evil problem, so blockchain is used to replace the central server, but the blockchain network is not immune to poisoning attacks by participants on the global model and inference attacks on participants' local data. To this end, in this paper, we propose a blockchain-based federated learning security and privacy protection framework (BFLSP), design a model storage scheme on the blockchain, and add a node scoring mechanism as well as a node election scheme to ensure the security of the model and data during the training process while guaranteeing the accuracy of the model. Finally, we design experiments to confirm the feasibility as well as the security of the framework.

Nanqing Dong,Zhipeng Wang,Jiahao Sun,Michael Kampffmeyer,William Knottenbelt,Eric Xing

2024-03-12

Abstract:In the era of deep learning, federated learning (FL) presents a promising approach that allows multi-institutional data owners, or clients, to collaboratively train machine learning models without compromising data privacy. However, most existing FL approaches rely on a centralized server for global model aggregation, leading to a single point of failure. This makes the system vulnerable to malicious attacks when dealing with dishonest clients. In this work, we address this problem by proposing a secure and reliable FL system based on blockchain and distributed ledger technology. Our system incorporates a peer-to-peer voting mechanism and a reward-and-slash mechanism, which are powered by on-chain smart contracts, to detect and deter malicious behaviors. Both theoretical and empirical analyses are presented to demonstrate the effectiveness of the proposed approach, showing that our framework is robust against malicious client-side behaviors.

Machine Learning,Artificial Intelligence,Cryptography and Security,Computer Science and Game Theory

Z. H. Qin,Shuiguang Deng,Xin Yan,Schahram Dustdar,Albert Y. Zomaya

DOI: https://doi.org/10.48550/arxiv.2205.10568

2022-01-01

Abstract:Federated learning (FL) is a promising technical support to the vision of ubiquitous artificial intelligence in the sixth generation (6G) wireless communication network. However, traditional FL heavily relies on a trusted centralized server. Besides, FL is vulnerable to poisoning attacks, and the global aggregation of model updates makes the private training data under the risk of being reconstructed. What's more, FL suffers from efficiency problem due to heavy communication cost. Although decentralized FL eliminates the problem of the central dependence of traditional FL, it makes other problems more serious. In this paper, we propose BlockDFL, an efficient fully peer-to-peer (P2P) framework for decentralized FL. It integrates gradient compression and our designed voting mechanism with blockchain to efficiently coordinate multiple peer participants without mutual trust to carry out decentralized FL, while preventing data from being reconstructed according to transmitted model updates. Extensive experiments conducted on two real-world datasets exhibit that BlockDFL obtains competitive accuracy compared to centralized FL and can defend against poisoning attacks while achieving efficiency and scalability. Especially when the proportion of malicious participants is as high as 40 percent, BlockDFL can still preserve the accuracy of FL, which outperforms existing fully decentralized FL frameworks.

Xiaodong Wang,Zhitao Guan,Longfei Wu,Keke Gai

DOI: https://doi.org/10.1109/mnet.2024.3369406

IF: 10.294

2024-01-01

IEEE Network

Abstract:Federated learning (FL) offers a promising solution for effectively leveraging the data scattered across the distributed cloud system. Despite its potential, the huge communication overhead greatly burdens the distributed cloud system. Federated distillation (FD) is a novel distributed learning technique with low communication cost, in which the clients communicate only the model logits rather than the model parameters. However, FD faces challenges related to data heterogeneity and security. Additionally, the conventional aggregation method in FD is vulnerable to malicious uploads. In this article, we discuss the limitations of FL and the challenges of FD in the context of distributed cloud system. To address these issues, we propose a blockchain-based framework to achieve secure and robust FD. Specifically, we develop a pre-training data preparation method to reduce data distribution heterogeneity and an aggregation method to enhance the robustness of the aggregation process. Moreover, a committee/workers selection strategy is devised to optimize the task allocation among clients. Experimental evaluations are conducted to evaluate the effectiveness of the proposed framework.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zheng Yuan,Youliang Tian,Jinbo Xiong,Linjie Wang

DOI: https://doi.org/10.1109/nana63151.2024.00009

2024-01-01

Abstract:Federated learning has garnered considerable attention for its capacity to aggregate efficient and accurate models while preserving user’s data privacy. Nonetheless, conventional federated learning frameworks remain susceptible to malicious threats like collusion and inference attacks. We design a robust and resilient enhancing privacy-preserving federated learning framework based on blockchain (EPFL) to address these threats. Initially, we meticulously design a two-round encryption scheme that allows users to upload encryption gradients while the server can still perform aggregation. Subsequently, a secure communication protocol termed the “server-blockchain-user” is devised based on blockchain architecture. This protocol guarantees the openness, transparency, and traceability of the entire training process, while also offering resilience in users’ drop-out and joining that may arise during the aggregation process. Finally, experimental assessments are conducted to appraise the robustness and accuracy of EPFL. The empirical findings demonstrate that EPFL not only demonstrates robustness against collusion and inference attacks, but also adeptly handles user exits and entries without compromising the confidentiality of user keys. Moreover, EPFL attains model accuracy commensurate with the FedAvg.

Xudong Zhu,Hui Li

DOI: https://doi.org/10.1145/3472634.3472642

2021-01-01

Abstract:Deep learning has achieved the high-accuracy of state-of-the-art algorithms in long-standing AI tasks. Due to the obvious privacy issues of deep learning, Google proposes Federal Deep Learning (FDL), in which distributed participants only upload local gradients and and a centralized server updates parameters based on the collected gradients. But few users are willing to participate in federated learning due to the lack of contribution evaluation and reward mechanisms. So a decentralized federated deep learning, called DFDL, has been proposed by introducing blockchain to form an effective incentive mechanism for participants. However, DFDL still faces serious privacy issues as blockchain does not guarantee the privacy of training data and model. In this paper, in order to address the aforementioned issues, we propose a new Privacy-preserving DFDL scheme, called PDFDL. With PDFDL, parties can securely learn a global model with their local gradients in the assistance of blockchain, and the parties’ sensitive data and the global model are well protected. Specifically, with a secure multi-party aggregation computing, all local gradients are encrypted by their owners before being sent to the smart contract, and can be directly aggregated without decryption. Detailed security analysis shows that PDFDL can resist various known security threats. Moreover, we give an implementation prototype by integrating deep learning module with a Blockchain development platform (Ethereum V1.6.4). We demonstrate the encryption performance and the training accuracy of our PDFDL on benchmark datasets.

Xinru Yan,Yinbin Miao,Xinghua Li,Kim-Kwang Raymond Choo,Xiangdong Meng,Robert H. H. Deng

DOI: https://doi.org/10.1109/jiot.2023.3262546

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:To solve the data island issue in the distributed Internet of Things (IoT) without privacy leakage, privacy-preserving federated learning (PPFL) has been extensively explored in both academic and industrial fields. However, existing PPFL solutions still suffer from a single point of failure and incur untrusted aggregation results caused by a malicious central server, and even cause a loss of model accuracy in an asynchronous setting. To solve these issues, we propose a privacy-preserving asynchronous federated learning scheme by using blockchain. Specifically, we use blockchain to address single points of failure and untrustworthy aggregation results, implement reliable model aggregation utilizing a practical byzantine fault-tolerant protocol in an asynchronous setting, and leverage differential privacy to improve system robustness. Formal security analysis and convergence analysis demonstrate that the proposed scheme is secure and robust, and extensive experiments demonstrate that our scheme can effectively ensure the accuracy of the system when compared with state-of-the-art schemes.

Xuyang Ma,Du Xu,Katinka Wolter

DOI: https://doi.org/10.1016/j.ins.2024.120368

IF: 8.1

2024-02-29

Information Sciences

Abstract:The conventional machine learning process typically operates under the premise of centralized data aggregation, where all data is collected at a central location for model training. However, this raises substantial privacy concerns when the data contains private information. In this context, federated learning has emerged as a prominent solution for preserving privacy in machine learning. This innovative paradigm allows multiple data owners, or clients, to collaboratively train a machine learning model while keeping their local data unshared. A federated learning task is typically initiated by companies, often referred to as model owners, who do not possess enough training data and are willing to financially remunerate clients who contribute to the development of the federated learning model. This situation demands a trading platform that enables model owners to effectively select clients, while ensuring robustness against malicious clients who execute poisoning attacks for unfair financial gain. To address these issues, we design a contribution-based exploration-exploitation mechanism implemented as a smart contract. This mechanism cherry-picks clients with high data quality based on the Shapley value, which is calculated based on local models to evaluate the contribution of each client. Unlike other state-of-the-art security mechanisms, the proposed mechanism can adapt to various scenarios with heterogeneous data distribution and various attacks, while mitigating the effect of malicious behaviors without compromising training accuracy. To accelerate the time-consuming calculation of the Shapley value, we design a parallel computing algorithm that partitions blockchain nodes into multiple shards and distributes calculation tasks among them. The algorithm improves efficiency and tolerates potential false calculation results from malicious nodes.

computer science, information systems

Xiaodong Wang,Zhitao Guan,Longfei Wu,Keke Gai

DOI: https://doi.org/10.1109/mnet.2024.3369406

IF: 10.294

2024-01-01

IEEE Network

Abstract:Federated learning (FL) offers a promising solution for effectively leveraging the data scattered across the distributed cloud system. Despite its potential, the huge communication overhead greatly burdens the distributed cloud system. Federated distillation (FD) is a novel distributed learning technique with low communication cost, in which the clients communicate only the model logits rather than the model parameters. However, FD faces challenges related to data heterogeneity and security. Additionally, the conventional aggregation method in FD is vulnerable to malicious uploads. In this article, we discuss the limitations of FL and the challenges of FD in the context of distributed cloud system. To address these issues, we propose a blockchain-based framework to achieve secure and robust FD. Specifically, we develop a pre-training data preparation method to reduce data distribution heterogeneity and an aggregation method to enhance the robustness of the aggregation process. Moreover, a committee/workers selection strategy is devised to optimize the task allocation among clients. Experimental evaluations are conducted to evaluate the effectiveness of the proposed framework.

Xun Liu,Jiangming Li,Siyang Chen,Xiaofeng Jiang,Feng Yang,Jian Yang

DOI: https://doi.org/10.1145/3661725.3661726

2024-01-01

Abstract:Federated Learning (FL) is a learning architecture in which multiple clients use local data to train gradients and submit them to a server for global aggregation. However, achieving reliable federated learning in untrusted environments is challenging. Malicious users and servers can perform Byzantine attacks to manipulate the global model, and curious servers can also extract user privacy from update gradients. Privacy-preserving methods usually consume many communication and computing resources and are difficult to combine with robust aggregation mechanisms. In this paper, we propose an anomaly gradient detection approach based on cosine distance detection using Shamir secret sharing, which can detect anomalous gradients without exposing the real gradients. Furthermore, we use the blockchain to build a decentralized hierarchical FL framework, eliminating the risk of malicious servers and reducing communication overhead. The experimental results show that our approach can protect user privacy and the reliability of aggregation results simultaneously, and the layered framework can effectively reduce communication overhead.

Ruizhe Yang,Tonghui Zhao,F. Richard Yu,Meng Li,Dajun Zhang,Xuehui Zhao

DOI: https://doi.org/10.1109/jiot.2024.3379395

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning, leveraging distributed data from multiple nodes to train a common model, allows for the use of more data to improve the model while also protecting the privacy of original data. However, challenges still exist in ensuring privacy and security within the interactions. To address these issues, this paper proposes a federated learning approach that incorporates blockchain, homomorphic encryption, and reputation. Using homomorphic encryption, edge nodes possessing local data can complete the training of ciphertext models, with their contributions to the aggregation being evaluated by a reputation mechanism. Both models and reputations are documented and verified on the blockchain through consensus process, which then determines the rewards based on the incentive mechanism. This approach not only incentivizes participation in training, but also ensures the privacy of data and models through encryption. Additionally, it addresses security risks associated with both data and network attacks, ultimately leading to a highly accurate trained model. To enhance the efficiency of learning and the performance of the model, a joint adaptive aggregation and resource optimization algorithm is introduced. Finally, simulations and analyses demonstrate that the proposed scheme enhances learning accuracy while maintaining privacy and security.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chuan Ma, Jun Li, Long Shi, Ming Ding, Taotao Wang, Zhu Han, H Vincent Poor

2022-07-19

Abstract:Motivated by the increasingly powerful computing capabilities of end-user equipment, and by the growing privacy concerns over sharing sensitive raw data, a distributed machine learning paradigm known as federated learning (FL) has emerged. By training models locally at each client and aggregating learning models at a central server, FL has the capability to avoid sharing data directly, thereby reducing privacy leakage. However, the conventional FL framework relies heavily on a single central server, and it may fail if such a server behaves maliciously. To address this single point of failure, in this work, a blockchain-assisted decentralized FL framework is investigated, which can prevent malicious clients from poisoning the learning process, and thus provides a self-motivated and reliable learning environment for clients. In this framework, the model aggregation process is fully decentralized and the tasks of …

Sheng Gao,Liping Yuan,Jianming Zhu,Xindi Ma,Rui Zhang,Jianfeng Ma

DOI: https://doi.org/10.1360/ssi-2021-0087

2021-01-01

Abstract:Federated learning enables the joint training of machine learning models by utilizing distributed data and computing resources while protecting local data privacy.The existing asynchronous federated learning can effectively solve the problems such as waste of computing resources and low training efficiency caused by synchronous learning.However, it aggregates local models from different nodes and updates the global model through the central server,which makes it endogenously subject to the centralized trust mode and suffers from some issues such as single point of failure andprivacy leakage. In this paper, we propose a blockchain-based privacy-preserving asynchronous federated learning,which ensures the trustability by storing local models into the blockchain and generating the global model through the consensus algorithm.In order to guarantee the privacy of federated learning and improve the model utility,the exponential mechanism of differential privacy is used to select model gradients with high contribution at high probability,and a lower privacy budget is allocated to ensure the model privacy.In addition, in order to solve the problem of clock desynchronization in asynchronous federated learning,we propose a two-factor adjustment mechanism to further improve the global model utility. Finally,theoretical analysis and experimental results demonstrate that our proposed scheme can effectively guarantee the trustability and privacy of the asynchronous federated learning while improving the model utility.

Juan Mao,Chunjie Cao,LongJuan Wang,Jun Ye,WenJie Zhong

DOI: https://doi.org/10.1088/1742-6596/1757/1/012192

2021-01-01

Journal of Physics Conference Series

Abstract:With the emergence of data islands and the popular awareness of privacy, federated learning, as an emerging data sharing and exchange model, can realize multi-party collaboration under the premise of protecting data privacy and security because the data distributed in multiple devices cannot be sent locally. To achieve benefits for all parties involved, it has been widely used in many fields such as finance, medical care, and education. However, FL also has various security and privacy issues. Starting from the overview of federated learning, this article describes in detail the threat model and existing security issues, including replay attacks, poisoning attacks, reasoning attacks, etc., and then makes a certain analysis of FL privacy protection security technologies. Compared with SMC and HE, differential privacy is excellent in terms of efficiency. Finally, we discussed the challenges of privacy protection and security issues and future research directions.

Yang Li,Chunhe Xia,Wanshuang Lin,Tianbo Wang

2024-01-08

Abstract:With the rapid development of machine learning and a growing concern for data privacy, federated learning has become a focal point of attention. However, attacks on model parameters and a lack of incentive mechanisms hinder the effectiveness of federated learning. Therefore, we propose A Privacy Protected Blockchain-based Federated Learning Model (PPBFL) to enhance the security of federated learning and encourage active participation of nodes in model training. Blockchain technology ensures the integrity of model parameters stored in the InterPlanetary File System (IPFS), providing protection against tampering. Within the blockchain, we introduce a Proof of Training Work (PoTW) consensus algorithm tailored for federated learning, aiming to incentive training nodes. This algorithm rewards nodes with greater computational power, promoting increased participation and effort in the federated learning process. A novel adaptive differential privacy algorithm is simultaneously applied to local and global models. This safeguards the privacy of local data at training clients, preventing malicious nodes from launching inference attacks. Additionally, it enhances the security of the global model, preventing potential security degradation resulting from the combination of numerous local models. The possibility of security degradation is derived from the composition theorem. By introducing reverse noise in the global model, a zero-bias estimate of differential privacy noise between local and global models is achieved. Furthermore, we propose a new mix transactions mechanism utilizing ring signature technology to better protect the identity privacy of local training clients. Security analysis and experimental results demonstrate that PPBFL, compared to baseline methods, not only exhibits superior model performance but also achieves higher security.

Cryptography and Security,Artificial Intelligence

Yan Hong,Zhiqing Huang,Chenyang Zhang

DOI: https://doi.org/10.1117/12.2684744

2023-01-01

Abstract:Federated learning is a new privacy protection framework for machine learning. The central server aggregates multiple participants to decentralized optimized parameters, then distributes the generated model to the client, and finally converges the global model. The model obtained by performance approaching centralized data training is trained under the condition that the data is not leave local. However, many studies have shown that this centralized federation system is vulnerable to confidentiality attacks by "honest but curious" attackers, using the gradient parameter information transmitted during federation model training to carry out reconstruction attacks or inference attacks, obtain the privacy data of participants or deduce some member information, which poses a severe challenge to the privacy protection of federated learning. In this paper, a hybrid defense strategy based on confusion self-encoder combined with localized differential privacy is proposed. On the one hand, the labels of the participants' local data are confused through the self-encoder network, so as to cut off the relationship between the gradient information and the original data. On the other hand, the localized differential privacy mechanism is used to disturb the transmitted gradient parameter information, and a model performance loss constraint mechanism is designed to reduce the impact of noise addition on the model performance. Experiments show that the hybrid defense strategy proposed in this paper can effectively resist reconstruction attacks and inference attacks in the process of federated learning model training, and achieve a better balance among computing overhead, model performance and privacy security.

Jianan Su,Ai Gu,Xiaowei Liu,Xiaohui Li,Siting Lv

DOI: https://doi.org/10.1109/WCNC57260.2024.10570990

2024-04-21

Abstract:With the emergence of distributed machine learning, federated learning has become a prevalent paradigm for multi-party collaborative training scenarios. To address security vulnerabilities such as imperfect encryption and incapability to with-stand attacks within existing federated learning architectures, a blockchain-based trustworthy federated learning architecture is proposed. The architecture utilizes a threshold variant of the Paillier encryption scheme to protect the local and global model updates. A flexible Multi-Krum selection scheme is also proposed for balancing the utility of the overall architecture while ensuring safe federated learning training processes. Based on theoretical analysis and experimental results, the proposed architecture demonstrates a high level of security and the feasibility of the scheme is supported.

Engineering,Computer Science

Xin Wu,Zhi Wang,Jian Zhao,Yan Zhang,Yu Wu

DOI: https://doi.org/10.1109/icaica50127.2020.9182705

2020-01-01

Abstract:Federated learning enables participants to collaborate on model training without directly exchanging raw data. Existing federated learning methods often follow the parameter server architecture, using third-party collaborators to provide aggregation and key management. In this case, the central node obtains information uploaded by other nodes. Studies have shown that with this information, the central node can infer important information, which leads to data privacy leakage. In addition, the failure on the server node can also cause the entire system to fail. We designed a completely decentralized federated learning framework based on blockchain, thereby avoiding the privacy and failure risk of the centralized structure. Moreover, we develop the corresponding model training approach. Compared with the existing methods, our framework performs better in terms of accuracy, robustness, and privacy.