Wenshao Yang,Pengfei Kang,Chao Wei

DOI: https://doi.org/10.1109/access.2024.3353131

IF: 3.9

2024-01-01

IEEE Access

Abstract:With the development of data science, AI and data transaction, an increasing number of users are utilizing multi-party data for federated machine learning to obtain their desired models. Therefore, scholars have proposed numerous federated learning frameworks to address practical issues. However, there are still three issues that need to be addressed in current federated learning frameworks: 1) privacy protection, 2) poisoning attack, and 3) protection of the interests of participants. To address these issues, this paper proposes a novel federated learning framework MS-FL based on multiple security strategies. The framework’s algorithms guarantee that data providers need not worry about data privacy leakage. At the same time, it can defend against poisoning attack from malicious nodes. Finally, to ensure the interests of all parties are protected, a blockchain protocol is utilized. The theoretical derivation proves the effectiveness of this framework. Experimental results show that the algorithm designed in this paper outperforms other algorithms.

computer science, information systems,telecommunications,engineering, electrical & electronic

Rakib Ul Haque,A. S. M. Touhidul Hasan,Mohammed Ali Mohammed Al-Hababi,Yuqing Zhang,Dianxiang Xu

DOI: https://doi.org/10.1016/j.jpdc.2024.104907

IF: 4.542

2024-01-01

Journal of Parallel and Distributed Computing

Abstract:Traditional federated learning (FL) raises security and privacy concerns such as identity fraud, data poisoning attacks, membership inference attacks, and model inversion attacks. In the conventional FL, any entity can falsify its identity and initiate data poisoning attacks. Besides, adversaries (AD) holding the updated global model parameters can retrieve the plain text of the dataset by initiating membership inference attacks and model inversion attacks. To the best of our knowledge, this is the first work to propose a self-sovereign identity (SSI) and differential privacy (DP) based FL namely SSI−FL for addressing all the above issues. The first step in the SSI−FL framework involves establishing a secure connection based on blockchain-based SSI. This secure connection protects against unauthorized access attacks of any AD and ensures the transmitted data's authenticity, integrity, and availability. The second step applies DP to protect against model inversion attacks and membership inference attacks. The third step focuses on establishing FL with a novel hybrid deep learning to achieve better scores than conventional methods. The SSI−FL performance analysis is done based on security, formal, scalability, and score analysis. Moreover, the proposed method outperforms all the state-of-art techniques.

Lvjun Chen,Di Xiao,Zhuyang Yu,Maolan Zhang

DOI: https://doi.org/10.1016/j.ins.2024.120481

IF: 8.1

2024-03-21

Information Sciences

Abstract:Federated learning (FL) enables the full utilization of decentralized training without raw data. However, various attacks still threaten the training process of FL. To address these concerns, differential privacy (DP) and secure multi-party computation (SMC) are applied, but these methods may result in low accuracy and heavy training load. Moreover, the high communication consumption of FL in resource-constrained devices is also a challenging problem. In this paper, we propose a novel SMC algorithm for the FL (FL- IPFE) to protect the local gradients. It does not require a trusted third party (TTP) and is more suitable for FL. Furthermore, we propose a secure and efficient FL algorithm (SEFL), which applies compressed sensing (CS) and all-or-nothing transform (AONT) to minimize the number of transmitted and encrypted model updates. Additionally, our FL-IPFE is used to encrypt the last element of the preprocessed parameters for guaranteeing the security of the entire local model updates. Meanwhile, the issue of participant dropouts is also taken into account. Theoretical analyses demonstrate that our proposed algorithms can aggregate model updates with high security. Finally, experimental evaluation reveals that our SEFL possesses higher efficiency compared to other state-of-the-art works, while providing comparable model accuracy and strong privacy guarantees.

computer science, information systems

Lvjun Chen,Di Xiao,Xiangli Xiao,Yushu Zhang

DOI: https://doi.org/10.1109/tifs.2024.3486611

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) facilitates collaborative training of a global model without sharing the participants’ raw data. Nevertheless, existing FL approaches still face three major issues: 1) How to propose a more efficient and secure privacy-preserving method; 2) How to verify the identity of participants to ensure they are not impersonators; 3) How to reduce the significant communication cost. To address the aforementioned concerns, several schemes have been proposed. However, these schemes suffer from flaws in security, efficiency, and functionality. Furthermore, few researches have considered the possibility of adversaries impersonating legitimate participants to undermine the integrity and availability of the model or launch a free-riding attack. In this paper, we first combine the advantages of secret sharing, Diffie-Hellman key agreement, and functional encryption to develop an authenticable secure multi-party computing algorithm (SDF-ASMC). This algorithm can guarantee the security of transmitted data and provide authentication functionality in the absence of a trusted third party. Moreover, an efficient, secure, and authenticable FL algorithm (ESAFL), which leverages compressed sensing and all-or-nothing transform, is introduced to reduce the transmission and encryption of local gradients. Then, only the final element of the transformed measurements is encrypted by our proposed SDF-ASMC to protect all the measurements. This method effectively improves the efficiency of our algorithm. In addition, ESAFL also tolerates participants’ dropout. Security analysis demonstrates that our proposed algorithms can securely aggregate local gradients. Finally, the extensive experiments demonstrate the practical performance of our proposed algorithms.

Xiaohui Wei,Mingkai Hou,Chenghao Ren,Xiang Li,Hengshan Yue

DOI: https://doi.org/10.1007/978-3-031-10986-7_14

2022-01-01

Abstract:Federated Learning (FL) is an emerging distributed machine learning framework that allows edge devices to collaborative train a shared global model without transmitting their sensitive data to centralized servers. However, it is extremely challenging to apply FL in practical scenarios because the statistics of the data across edge devices are usually not independent and identically distributed (Non-HD), which will introduce the bias to global model. To solve the above data heterogeneity issue, we propose a novel Multi-Stage Semi-Asynchronous Federated Learning (MSSA-FL) framework. MSSA-FL benefits convergence accuracy through making the local model complete multi-stage training within the group guided by combination module. To improve the training efficiency of the framework, MSSA-FL adopts a semi-asynchronous update method. Meanwhile, proposed model assignment strategy and model aggregation method further boost the performance of MSSA-FL. Experiments on several public datasets show that MSSA-FL achieves higher accuracy and faster convergence than the comparison algorithms.

Juan Mao,Chunjie Cao,LongJuan Wang,Jun Ye,WenJie Zhong

DOI: https://doi.org/10.1088/1742-6596/1757/1/012192

2021-01-01

Journal of Physics Conference Series

Abstract:With the emergence of data islands and the popular awareness of privacy, federated learning, as an emerging data sharing and exchange model, can realize multi-party collaboration under the premise of protecting data privacy and security because the data distributed in multiple devices cannot be sent locally. To achieve benefits for all parties involved, it has been widely used in many fields such as finance, medical care, and education. However, FL also has various security and privacy issues. Starting from the overview of federated learning, this article describes in detail the threat model and existing security issues, including replay attacks, poisoning attacks, reasoning attacks, etc., and then makes a certain analysis of FL privacy protection security technologies. Compared with SMC and HE, differential privacy is excellent in terms of efficiency. Finally, we discussed the challenges of privacy protection and security issues and future research directions.

Qingdi Han,Siqi Lu,Wenhao Wang,Haipeng Qu,Jingsheng Li,Yang Gao

DOI: https://doi.org/10.1002/cpe.8084

2024-03-20

Concurrency and Computation Practice and Experience

Abstract:Summary Federated learning (FL) has emerged as a promising solution to address the challenges posed by data silos and the need for global data fusion. It offers a distributed machine learning framework with privacy‐preserving features, allowing model training without the need to collect user data. However, FL also presents significant security and privacy threats that hinder its widespread adoption. The requirements of privacy and security in FL are inherently conflicting. Privacy necessitates the concealment of individual client updates, while security requires the disclosure of client updates to detect anomalies. While most existing research focused on the privacy and security aspects of FL, very few studies have addressed the compatibility of these two demands. In this work, we aim to bridge this gap by proposing a comprehensive defense scheme that ensures privacy, security, and compatibility in FL. We categorize the existing literature into two key directions: privacy defense and security defense. Privacy defense includes methods based on additive masks, differential privacy, homomorphic encryption, and trusted execution environment, whereas security defense encompasses distance‐, performance‐, clustering‐, and similarity‐based anomaly detection techniques and statistical information‐based anomaly update bypassing techniques when the server is trusted and privacy‐compatible anomaly update detection techniques when the server is not trusted. In addition, this article presents decentralized FL solutions based on blockchain. For each direction, we discuss specific technical solutions, their advantages, and disadvantages. By evaluating various defense methods, we identify the most suitable approach to address the primary challenge of "achieving a secure and robust FL system against malicious adversaries while protecting users' privacy." We then propose a theoretical reference framework for end‐to‐end protection of privacy and security in FL for the key problem, which summarizes the attack surface of FL systems from the client to the server under the security model where the client and server are malicious. Leveraging the strengths and characteristics of existing schemes, our proposed framework integrates multiple techniques to strike a balance between privacy, usability, and efficiency. This framework serves as a valuable reference and provides insights for future work in the field. Finally, we also provide recommendations for future research directions in this field.

computer science, theory & methods, software engineering

Zan Zhou,Changqiao Xu,Mingze Wang,Xiaohui Kuang,Yirong Zhuang,Shui Yu

DOI: https://doi.org/10.1109/tdsc.2022.3215574

2023-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Albeit the popularity of federated learning (FL), recently emerging model-inversion and poisoning attacks arouse extensive concerns towards privacy or model integrity, which catalyzes the developments of secure federated learning (SFL) methods. Nonetheless, the collisions between its privacy and integrity, two equally crucial elements in collaborative learning scenarios, are relatively underexplored. Individuals’ wish to “hide in the crowd” for privacy frequently clashes with aggregators’ need to resist abnormal participants for integrity (i.e., the incompatibility between Byzantine robustness and differential privacy). The dilemma prompts researchers to reflect on how to build mutual confidence between individuals and aggregators. Against the backdrop, this paper proposes a multi-shuffler secure federated learning (MSFL) framework, based on which we further propound three modules (hierarchical shuffling mechanism, malice evaluation module, and composite defense strategy) to jointly guarantee strong privacy protection, efficient poisoning resistance, and agile adversary elimination. Extensive experiments on standard datasets exhibited the method's effectiveness in thwarting different FL poisoning attack paradigms with a minimal cost of privacy breaches.

Yang Ming,Shan Wang,Chenhao Wang,Hang Liu,Yutong Deng,Yi Zhao,Jie Feng

DOI: https://doi.org/10.1016/j.sysarc.2024.103279

IF: 5.836

2024-01-01

Journal of Systems Architecture

Abstract:As a novel distributed learning framework for protecting personal data privacy, federated learning, (FL) has attained widespread attention through sharing gradients among users without collecting their data. However, an untrusted cloud server may infer users' individual information from gradients and global model. In addition, it may even forge incorrect aggregated results to save resources. To deal with these issues, despite that the existing works can protect local model privacy and achieve verifiability of aggregated results, they are defective in protecting global model privacy, guaranteeing verifiability if collusion attacks occur, and suffer from high computation cost. To further tackle the above challenges, a verifiable and collusion-resistant secure aggregation scheme for FL is proposed, named VCSA. Concretely, we combine symmetric homomorphic encryption with single masking to protect model privacy. Meanwhile, we adopt verifiable multi-secret sharing and generalized Pedersen commitment to achieve verifiability and prevent users from uploading incorrect shares. Furthermore, high model accuracy can be ensured even if some users go offline. Security analysis illustrates that our VCSA enhances the security of FL, realizes verifiability despite collusion attacks and robustness to dropout. Performance evaluation displays that our VCSA can reduce at least 28.27% and 79.15% regarding computation cost compared to existing schemes.

Jiahui Wu,Weizhe Zhang,Fucai Luo

DOI: https://doi.org/10.1109/tifs.2023.3331274

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Zhang et al. (2023) recently proposed a secure federated learning (FL) scheme named LSFL to guarantee Byzantine robustness while protecting privacy in FL. In this work, we show that LSFL breaches privacy it claimed. Specifically, we demonstrate that the secure Byzantine robustness procedure of LSFL exposes significant information of all participant models and data to a semi-honest server, thereby damaging privacy. Then, we analyze the reason for this security issue and give a suggestion to prevent privacy breaches in LSFL.

Helio N. Cunha Neto,Jernej Hribar,Ivana Dusparic,Natalia C. Fernandes,Diogo M.F. Mattos

DOI: https://doi.org/10.1016/j.comnet.2024.110351

IF: 5.493

2024-05-01

Computer Networks

Abstract:Federated Learning (FL) is a decentralized machine learning approach in which multiple participants collaboratively train a model. Participants keep data locally, train their local models, and aggregate them in a single global model in a federated server. Collaborative FL-based Intrusion Detection Systems face challenges on an uneven statistical distribution of data and malicious participants trying to subvert the learning process. The statistical hurdles associated with imbalanced data and malicious participants pose a risk of skewing the training with biased or random data. The inability to effectively manage these statistical inconsistencies may degrade system performance, leading to false intrusion detection or opening avenues for cybersecurity breaches. To overcome these challenges, we propose a training method that employs score-based participant selection and utilizes global momentum for model aggregation. Our method improves the global model performance while mitigating the risks posed by malicious participants. The proposal incorporates a scoring system based on an information gain variant to evaluate each participant’s contribution. The scoring system and an epsilon greedy selection method ensure robust participant selection in each aggregation round. Furthermore, incorporating a global momentum term helps preserve previous knowledge at each aggregation round, contributing to model stability and overall learning. The proposed solution has demonstrated superior performance, delivering 80% F1-Score and 90% accuracy on experiments even in the presence of malicious participants, revealing the robustness and effectiveness of the proposal in mitigating statistical challenges. Consequently, the proposed method significantly enhances the performance of federated learning models, leading to more secure and efficient collaborative intrusion detection systems.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shanshan Han,Baturalp Buyukates,Zijian Hu,Han Jin,Weizhao Jin,Lichao Sun,Xiaoyang Wang,Wenxuan Wu,Chulin Xie,Yuhang Yao,Kai Zhang,Qifan Zhang,Yuhui Zhang,Carlee Joe-Wong,Salman Avestimehr,Chaoyang He

2024-06-21

Abstract:This paper introduces FedSecurity, an end-to-end benchmark that serves as a supplementary component of the FedML library for simulating adversarial attacks and corresponding defense mechanisms in Federated Learning (FL). FedSecurity eliminates the need for implementing the fundamental FL procedures, e.g., FL training and data loading, from scratch, thus enables users to focus on developing their own attack and defense strategies. It contains two key components, including FedAttacker that conducts a variety of attacks during FL training, and FedDefender that implements defensive mechanisms to counteract these attacks. FedSecurity has the following features: i) It offers extensive customization options to accommodate a broad range of machine learning models (e.g., Logistic Regression, ResNet, and GAN) and FL optimizers (e.g., FedAVG, FedOPT, and FedNOVA); ii) it enables exploring the effectiveness of attacks and defenses across different datasets and models; and iii) it supports flexible configuration and customization through a configuration file and some APIs. We further demonstrate FedSecurity's utility and adaptability through federated training of Large Language Models (LLMs) to showcase its potential on a wide range of complex applications.

Cryptography and Security,Artificial Intelligence

Sheng Lin,Chenghong Wang,Hongjia Li,Jieren Deng,Yanzhi Wang,Caiwen Ding

DOI: https://doi.org/10.48550/arXiv.2009.01867

2021-03-04

Abstract:Nowadays, Deep Neural Networks are widely applied to various domains. However, massive data collection required for deep neural network reveals the potential privacy issues and also consumes large mounts of communication bandwidth. To address these problems, we propose a privacy-preserving method for the federated learning distributed system, operated on Intel Software Guard Extensions, a set of instructions that increase the security of application code and data. Meanwhile, the encrypted models make the transmission overhead larger. Hence, we reduce the commutation cost by sparsification and it can achieve reasonable accuracy with different model architectures.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Zhuangzhuang Zhang,Libing Wu,Chuanguo Ma,Jianxin Li,Jing Wang,Qian Wang,Shui Yu

DOI: https://doi.org/10.1109/tifs.2022.3221899

IF: 7.231

2022-12-10

IEEE Transactions on Information Forensics and Security

Abstract:Nowadays, many edge computing service providers expect to leverage the computational power and data of edge nodes to improve their models without transmitting data. Federated learning facilitates collaborative training of global models among distributed edge nodes without sharing their training data. Unfortunately, existing privacy-preserving federated learning applied to this scenario still faces three challenges: 1) It typically employs complex cryptographic algorithms, which results in excessive training overhead; 2) It cannot guarantee Byzantine robustness while preserving data privacy; and 3) Edge nodes have limited computing power and may drop out frequently. As a result, the privacy-preserving federated learning cannot be effectively applied to edge computing scenarios. Therefore, we propose a lightweight and secure federated learning scheme LSFL, which combines the features of privacy-preserving and Byzantine-Robustness. Specifically, we design the Lightweight Two-Server Secure Aggregation protocol, which utilizes two servers to enable secure Byzantine robustness and model aggregation. This scheme protects data privacy and prevents Byzantine nodes from influencing model aggregation. We implement and evaluate LSFL in a LAN environment, and the experiment results show that LSFL meets fidelity, security, and efficiency design goals, and maintains model accuracy compared to the popular FedAvg scheme.

computer science, theory & methods,engineering, electrical & electronic

Junpeng Zhang,Hui Zhu,Fengwei Wang,Jiaqi Zhao,Qi Xu,Hui Li

DOI: https://doi.org/10.1155/2022/2886795

IF: 1.968

2022-09-30

Security and Communication Networks

Abstract:Federated learning (FL) has nourished a promising method for data silos, which enables multiple participants to construct a joint model collaboratively without centralizing data. The security and privacy considerations of FL are focused on ensuring the robustness of the global model and the privacy of participants' information. However, the FL paradigm is under various security threats from the adversary aggregator and participants. Therefore, it is necessary to comprehensively identify and classify potential threats to provide a theoretical basis for FL with security guarantees. In this paper, a unique classification of attacks, which reviews state-of-the-art research on security and privacy issues for FL, is constructed from the perspective of malicious threats based on different computing parties. Specifically, we categorize attacks with respect to performed by aggregator and participant, highlighting the Deep Gradients Leakage attacks and Generative Adversarial Networks attacks. Following an overview of attack methods, we discuss the primary mitigation techniques against security risks and privacy breaches, especially the application of blockchain and Trusted Execution Environments. Finally, several promising directions for future research are discussed.

computer science, information systems,telecommunications

Shanshan Han,Baturalp Buyukates,Zijian Hu,Han Jin,Weizhao Jin,Lichao Sun,Xiaoyang Wang,Wenxuan Wu,Chulin Xie,Yuhang Yao,Kai Zhang,Qifan Zhang,Yuhui Zhang,Carlee Joe-Wong,Salman Avestimehr,Chaoyang He

DOI: https://doi.org/10.1145/3637528.3671545

2024-01-01

Abstract:This paper introduces FedSecurity, an end-to-end benchmark that serves as asupplementary component of the FedML library for simulating adversarial attacksand corresponding defense mechanisms in Federated Learning (FL). FedSecurityeliminates the need for implementing the fundamental FL procedures, e.g., FLtraining and data loading, from scratch, thus enables users to focus ondeveloping their own attack and defense strategies. It contains two keycomponents, including FedAttacker that conducts a variety of attacks during FLtraining, and FedDefender that implements defensive mechanisms to counteractthese attacks. FedSecurity has the following features: i) It offers extensivecustomization options to accommodate a broad range of machine learning models(e.g., Logistic Regression, ResNet, and GAN) and FL optimizers (e.g., FedAVG,FedOPT, and FedNOVA); ii) it enables exploring the effectiveness of attacks anddefenses across different datasets and models; and iii) it supports flexibleconfiguration and customization through a configuration file and some APIs. Wefurther demonstrate FedSecurity's utility and adaptability through federatedtraining of Large Language Models (LLMs) to showcase its potential on a widerange of complex applications.

Junkai Wang,Ling Xiong,Zhicai Liu,Huan Wang,Chunlin Li

DOI: https://doi.org/10.1016/j.compeleceng.2024.109189

IF: 4.152

2024-03-21

Computers & Electrical Engineering

Abstract:Machine Learning as a Service (MLaaS) has been widely used, such as logistic regression models trained in the cloud to provide people with classification predictions. However, these services allow the cloud to collect data from a large number of users, which could raise privacy concerns. With sharing of local models rather than user data, Federated Learning (FL) alleviates data privacy. But, in FL setting the difference between the predictive value provided by the optimal model and the shared global model (called maturing model) that approximates it is not significant, which still raises a security risk. In this paper, we design a flexible and privacy-preserving FL system to tackle these issues. This system makes the training process divide into two stages by analyzing whether the metrics of the iterative global gradient reach a set threshold or not. The two stages are implemented with Re-Encryption and CKKS homomorphism, which not only enables a secure aggregation in the cloud, but also maintains the security of the maturing model. Through detailed analysis, we prove the security of our protocol. Moreover, quantitative comparisons in the final experiments demonstrates that our scheme can achieve trade-off between accuracy, training time cost and communication overhead.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yinbin Miao,Wei Zheng,Xinghua Li,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2023.3282574

IF: 7.231

2023-06-13

IEEE Transactions on Information Forensics and Security

Abstract:Federated Learning (FL) has been widely used in various fields such as financial risk control, e-government and smart healthcare. To protect data privacy, many privacy-preserving FL approaches have been designed and implemented in various scenarios. However, existing works incur high communication burdens on clients, and affect the training model accuracy due to non-Independently and Identically Distributed (non-IID) data samples separately owned by clients. To solve these issues, in this paper we propose a secure Model-Contrastive Federated Learning with improved Compressive Sensing (MCFL-CS) scheme, motivated by contrastive learning. We combine model-contrastive loss and cross-entropy loss to design the local network architecture of our scheme, which can alleviate the impact of data heterogeneity on model accuracy. Then we utilize improved compressive sensing and local differential privacy to reduce communication costs and prevent clients' privacy leakage. The formal security analysis shows that our scheme satisfies -differential privacy. And extensive experiments using five benchmark datasets demonstrate that our scheme improves the model accuracy by 3.45% on average of all datasets under the non-IID setting and reduces the communication costs by more than 95%, when compared with FedAvg.

computer science, theory & methods,engineering, electrical & electronic

Cong Shen,Wei Zhang,Tanping Zhou,Lingling Zhang

DOI: https://doi.org/10.3390/math12131993

IF: 2.4

2024-06-28

Mathematics

Abstract:Although federated learning is gaining prevalence in smart sensor networks, substantial risks to data privacy and security persist. An improper application of federated learning techniques can lead to critical privacy breaches. Practical and effective privacy-enhanced federated learning (PEPFL) is a widely used federated learning framework characterized by low communication overhead and efficient encryption and decryption processes. Initially, our analysis scrutinized security vulnerabilities within the PEPFL framework and identified an effective attack strategy. This strategy enables the server to derive private keys from content uploaded by participants, achieving a 100% success rate in extracting participants' private information. Moreover, when the number of participants does not exceed 300, the attack time does not surpass 3.72 s. Secondly, this paper proposes a federated learning model that integrates homomorphic encryption and secret sharing. By using secret sharing among participants instead of secure multi-party computation, the amount of effective information available to servers is reduced, thereby effectively preventing servers from inferring participants' private gradients. Finally, the scheme was validated through experiments, and it was found to significantly reduce the inherent collusion risks unique to the federated learning scenario. Moreover, even if some participants are unavailable, the reconstructable nature of secret sharing ensures that the decryption process can continue uninterrupted, allowing the remaining users to proceed with further training. Importantly, our proposed scheme exerts a negligible impact on the accuracy of model training.

mathematics