Private FLI: Anti-Gradient Leakage Recovery Data Privacy Architecture

Huichao Wang,Wei Yang,Bangzhou Xin,Yangyang Geng,Zhenbo Shi,Liusheng Huang
DOI: https://doi.org/10.1109/IJCNN52387.2021.9533501
2021-01-01
Abstract:While machine learning brings convenience, it also faces the issue of data privacy. For privacy issues, most researches focus on implementing homomorphic encryption or differential privacy to protect data, while ignoring the potential threats caused by the leakage of model parameters. However, a malicious attacker can still recover sensitive data information through model parameters. On the one hand, traditional methods cannot take both high accuracy and low computation time into account. On the other hand, they cannot resist the reconstruction attack from the model's parameter. In order to address this problem, this paper designs a privacy protection framework named FLI, which is inspired by public key infrastructure. In FLI, all participants and the server are trained and aggregated under one framework based on federated learning, which includes key exchange and shares with the idea of homomorphic encryption. Under the algorithm we design, the malicious adversary cannot recover effective information after obtaining the transformed parameters, while the server can still perform effective parameter aggregation. To evaluate the performance of FLI, we conduct extensive experiments. The experimental results show that the computation time is within an acceptable range while ensuring high accuracy.
What problem does this paper attempt to address?