Li Zhaorui,Huang Zhicong,Chen Chaochao,Hong Cheng

2019-01-01

Abstract: With the growing emphasis on users' privacy, federated learning has become more and more popular. Many architectures have been raised for a better security. Most architecture work on the assumption that data's gradient could not leak information. However, some work, recently, has shown such gradients may lead to leakage of the training data. In this paper, we discuss the leakage based on a federated approximated logistic regression model and show that such gradient's leakage could leak the complete training data if all elements of the inputs are either 0 or 1.

Mingyuan Fan,Yang Liu,Cen Chen,Chengyu Wang,Minghui Qiu,Wenmeng Zhou

DOI: https://doi.org/10.1145/3616855.3635758

2024-01-01

Abstract:Federated learning is a privacy-focused learning paradigm, which trains a global model with gradients uploaded from multiple participants, circumventing explicit exposure of private data. However, previous research of gradient leakage attacks suggests that gradients alone are sufficient to reconstruct private data, rendering the privacy protection mechanism of federated learning unreliable. Existing defenses commonly craft transformed gradients based on ground-truth gradients to obfuscate the attacks, but often are less capable of maintaining good model performance together with satisfactory privacy protection. In this paper, we propose a novel yet effective defense framework named guarding against gradient leakage (Guardian) that produces transformed gradients by jointly optimizing two theoretically-derived metrics associated with gradients for performance maintenance and privacy protection. In this way, the transformed gradients produced via Guardian can achieve minimal privacy leakage in theory with the given performance maintenance level. Moreover, we design an ingenious initialization strategy for faster generation of transformed gradients to enhance the practicality of Guardian in real-world applications, while demonstrating theoretical convergence of Guardian to the performance of the global model. Extensive experiments on various tasks show that, without sacrificing much accuracy, Guardian can effectively defend state-of-the-art gradient leakage attacks, compared with the slight effects of baseline defense approaches.

Kai Yue,Richeng Jin,Chau-Wai Wong,Dror Baron,Huaiyu Dai

DOI: https://doi.org/10.48550/arXiv.2206.04055

2022-10-14

Abstract:Federated learning has been proposed as a privacy-preserving machine learning framework that enables multiple clients to collaborate without sharing raw data. However, client privacy protection is not guaranteed by design in this framework. Prior work has shown that the gradient sharing strategies in federated learning can be vulnerable to data reconstruction attacks. In practice, though, clients may not transmit raw gradients considering the high communication cost or due to privacy enhancement requirements. Empirical studies have demonstrated that gradient obfuscation, including intentional obfuscation via gradient noise injection and unintentional obfuscation via gradient compression, can provide more privacy protection against reconstruction attacks. In this work, we present a new data reconstruction attack framework targeting the image classification task in federated learning. We show that commonly adopted gradient postprocessing procedures, such as gradient quantization, gradient sparsification, and gradient perturbation, may give a false sense of security in federated learning. Contrary to prior studies, we argue that privacy enhancement should not be treated as a byproduct of gradient compression. Additionally, we design a new method under the proposed framework to reconstruct the image at the semantic level. We quantify the semantic privacy leakage and compare with conventional based on image similarity scores. Our comparisons challenge the image data leakage evaluation schemes in the literature. The results emphasize the importance of revisiting and redesigning the privacy protection mechanisms for client data in existing federated learning algorithms.

Cryptography and Security,Artificial Intelligence,Distributed, Parallel, and Cluster Computing,Machine Learning

Jiguang Lv,Shuchun Xu,Xiaodong Zhan,Tao Liu,Dapeng Man,Wu Yang

DOI: https://doi.org/10.1007/978-3-031-69766-1_27

2024-01-01

Abstract:Gradient leakage attack allow attackers to infer Privacy data, which raises concerns about data leakage. To solve this problem, a series of methods have been proposed, while previously proposed methods have two weaknesses. First, adding noise (e.g., Differential privacy) to client-shared gradients reduces Privacy data leaks but harms performance of model and leaves room for data recovery attack(e.g., Gradient leak attacks). Second, encrypting shared gradients (e.g., Homomorphic encryption) enhances security but demands high computational costs, making it impractical for resource-constrained edge devices. This work proposes a novel federated learning method that leverages generative adversarial networks and gradient smoothing, which generates pseudodata through Wasserstein GAN(WGAN) and retains classification characteristics. Gradient smoothing can suppress gradients with high frequency changes; To improve the diversity of training data, launching data augmentation by mixup. Experiments show that compared with common defense methods, the MES-I of noise and gradient clipping are 0.5278 and 0.1036, respectively, while the MES-I of FedGG is 0.6422.

Dun Zeng,Shiyu Liu,Siqi Liang,Zonghang Li,Hui Wang,Irwin King,Zenglin Xu

DOI: https://doi.org/10.48550/arXiv.2205.13216

2023-02-25

Abstract:Federated learning enables isolated clients to train a shared model collaboratively by aggregating the locally-computed gradient updates. However, privacy information could be leaked from uploaded gradients and be exposed to malicious attackers or an honest-but-curious server. Although the additive homomorphic encryption technique guarantees the security of this process, it brings unacceptable computation and communication burdens to FL participants. To mitigate this cost of secure aggregation and maintain the learning performance, we propose a new framework called Encoded Gradient Aggregation (\emph{EGA}). In detail, EGA first encodes local gradient updates into an encoded domain with injected noises in each client before the aggregation in the server. Then, the encoded gradients aggregation results can be recovered for the global model update via a decoding function. This scheme could prevent the raw gradients of a single client from exposing on the internet and keep them unknown to the server. EGA could provide optimization and communication benefits under different noise levels and defend against gradient leakage. We further provide a theoretical analysis of the approximation error and its impacts on federated optimization. Moreover, EGA is compatible with the most federated optimization algorithms. We conduct intensive experiments to evaluate EGA in real-world federated settings, and the results have demonstrated its efficacy.

Cryptography and Security,Machine Learning

YU Shengxing,CHEN Zhong

DOI: https://doi.org/10.11959/j.issn.1000−436x.2023015

2023-01-01

Abstract:In order to solve the problems of data security and communication overhead in federated learning, an efficient and secure federated aggregation framework based on homomorphic encryption was proposed.In the process of federated learning, the privacy and security issues of user data need to be solved urgently.However, the computational cost and communication overhead caused by the encryption scheme would affect the training efficiency.Firstly, in the case of protecting data security and ensuring training efficiency, the Top-K gradient selection method was used to screen model gradients, reducing the number of gradients that need to be uploaded.A candidate quantization protocol suitable for multi-edge terminals and a secure candidate index merging algorithm were proposed to further reduce communication overhead and accelerate homomorphic encryption calculations.Secondly, since model parameters of each layer of neural networks had characteristics of the Gaussian distribution, the selected model gradients were clipped and quantized, and the gradient unsigned quantization protocol was adopted to speed up the homomorphic encryption calculation.Finally, the experimental results show that in the federated learning scenario, the proposed framework can protect data privacy, and has high accuracy and efficient performance.

Hanchi Ren,Jingjing Deng,Xianghua Xie,Xiaoke Ma,Jianfeng Ma

DOI: https://doi.org/10.48550/arXiv.2305.04095

2023-05-07

Abstract:Federated Learning (FL) is a widely adopted privacy-preserving machine learning approach where private data remains local, enabling secure computations and the exchange of local model gradients between local clients and third-party parameter servers. However, recent findings reveal that privacy may be compromised and sensitive information potentially recovered from shared gradients. In this study, we offer detailed analysis and a novel perspective on understanding the gradient leakage problem. These theoretical works lead to a new gradient leakage defense technique that secures arbitrary model architectures using a private key-lock module. Only the locked gradient is transmitted to the parameter server for global model aggregation. Our proposed learning method is resistant to gradient leakage attacks, and the key-lock module is designed and trained to ensure that, without the private information of the key-lock module: a) reconstructing private training data from the shared gradient is infeasible; and b) the global model's inference performance is significantly compromised. We discuss the theoretical underpinnings of why gradients can leak private information and provide theoretical proof of our method's effectiveness. We conducted extensive empirical evaluations with a total of forty-four models on several popular benchmarks, demonstrating the robustness of our proposed approach in both maintaining model performance and defending against gradient leakage attacks.

Machine Learning,Artificial Intelligence,Computer Vision and Pattern Recognition

Wenqi Wei,Ling Liu,Yanzhao Wu,Gong Su,Arun Iyengar

DOI: https://doi.org/10.48550/arXiv.2107.01154

2021-07-02

Abstract:Federated learning(FL) is an emerging distributed learning paradigm with default client privacy because clients can keep sensitive data on their devices and only share local training parameter updates with the federated server. However, recent studies reveal that gradient leakages in FL may compromise the privacy of client training data. This paper presents a gradient leakage resilient approach to privacy-preserving federated learning with per training example-based client differential privacy, coined as Fed-CDP. It makes three original contributions. First, we identify three types of client gradient leakage threats in federated learning even with encrypted client-server communications. We articulate when and why the conventional server coordinated differential privacy approach, coined as Fed-SDP, is insufficient to protect the privacy of the training data. Second, we introduce Fed-CDP, the per example-based client differential privacy algorithm, and provide a formal analysis of Fed-CDP with the $(\epsilon, \delta)$ differential privacy guarantee, and a formal comparison between Fed-CDP and Fed-SDP in terms of privacy accounting. Third, we formally analyze the privacy-utility trade-off for providing differential privacy guarantee by Fed-CDP and present a dynamic decay noise-injection policy to further improve the accuracy and resiliency of Fed-CDP. We evaluate and compare Fed-CDP and Fed-CDP(decay) with Fed-SDP in terms of differential privacy guarantee and gradient leakage resilience over five benchmark datasets. The results show that the Fed-CDP approach outperforms conventional Fed-SDP in terms of resilience to client gradient leakages while offering competitive accuracy performance in federated learning.

Machine Learning,Cryptography and Security

Junxiao Wang,Song Guo,Xin Xie,Heng Qi

DOI: https://doi.org/10.1109/infocom48880.2022.9796841

2022-01-01

Abstract:Federated Learning (FL) is susceptible to gradient leakage attacks, as recent studies show the feasibility of obtaining private training data on clients from publicly shared gradients. Existing work solves this problem by incorporating a series of privacy protection mechanisms, such as homomorphic encryption and local differential privacy to prevent data leakage. However, these solutions either incur significant communication and computation costs, or significant training accuracy loss. In this paper, we show that the sensitivity of gradient changes w.r.t. training data is an essential measure of information leakage risk. Based on this observation, we present a novel defense, whose intuition is perturbing gradients to match information leakage risk such that the defense overhead is lightweight while privacy protection is adequate. Our another key observation is that global correlations of gradients could compensate for this perturbation. Based on such compensation, training can achieve guaranteed accuracy. We conduct experiments on MNIST, Fashion-MNIST and CIFAR-10 for defending against two gradient leakage attacks. Without sacrificing accuracy, the results demonstrate that our lightweight defense can decrease the PSNR and SSIM between the reconstructed images and raw images by up to more than 60% for both two attacks, compared with baseline defensive methods.

Wenqi Wei,Ling Liu,Margaret Loper,Ka-Ho Chow,Mehmet Emre Gursoy,Stacey Truex,Yanzhao Wu

DOI: https://doi.org/10.48550/arXiv.2004.10397

2020-04-23

Abstract:Federated learning (FL) is an emerging distributed machine learning framework for collaborative model training with a network of clients (edge devices). FL offers default client privacy by allowing clients to keep their sensitive data on local devices and to only share local training parameter updates with the federated server. However, recent studies have shown that even sharing local parameter updates from a client to the federated server may be susceptible to gradient leakage attacks and intrude the client privacy regarding its training data. In this paper, we present a principled framework for evaluating and comparing different forms of client privacy leakage attacks. We first provide formal and experimental analysis to show how adversaries can reconstruct the private local training data by simply analyzing the shared parameter update from local training (e.g., local gradient or weight update vector). We then analyze how different hyperparameter configurations in federated learning and different settings of the attack algorithm may impact on both attack effectiveness and attack cost. Our framework also measures, evaluates, and analyzes the effectiveness of client privacy leakage attacks under different gradient compression ratios when using communication efficient FL protocols. Our experiments also include some preliminary mitigation strategies to highlight the importance of providing a systematic attack evaluation framework towards an in-depth understanding of the various forms of client privacy leakage threats in federated learning and developing theoretical foundations for attack mitigation.

Machine Learning,Cryptography and Security

Janis Adamek,Moritz Schulze Darup

2024-07-19

Abstract:Federated learning (FL) schemes allow multiple participants to collaboratively train neural networks without the need to directly share the underlying data.However, in early schemes, all participants eventually obtain the same model. Moreover, the aggregation is typically carried out by a third party, who obtains combined gradients or weights, which may reveal the model. These downsides underscore the demand for fair and privacy-preserving FL schemes. Here, collaborative fairness asks for individual model quality depending on the individual data contribution. Privacy is demanded with respect to any kind of data outsourced to the third party. Now, there already exist some approaches aiming for either fair or privacy-preserving FL and a few works even address both features. In our paper, we build upon these seminal works and present a novel, fair and privacy-preserving FL scheme. Our approach, which mainly relies on homomorphic encryption, stands out for exclusively using local gradients. This increases the usability in comparison to state-of-the-art approaches and thereby opens the door to applications in control.

Machine Learning,Cryptography and Security,Systems and Control

Shiwei Lu,Ruihu Li,Wenbin Liu

DOI: https://doi.org/10.1007/s11704-023-2283-x

IF: 2.6688

2024-01-23

Frontiers of Computer Science

Abstract:Federated learning (FL) has emerged to break data-silo and protect clients' privacy in the field of artificial intelligence. However, deep leakage from gradient (DLG) attack can fully reconstruct clients' data from the submitted gradient, which threatens the fundamental privacy of FL. Although cryptology and differential privacy prevent privacy leakage from gradient, they bring negative effect on communication overhead or model performance. Moreover, the original distribution of local gradient has been changed in these schemes, which makes it difficult to defend against adversarial attack. In this paper, we propose a novel federated learning framework with model decomposition, aggregation and assembling (FedDAA), along with a training algorithm, to train federated model, where local gradient is decomposed into multiple blocks and sent to different proxy servers to complete aggregation. To bring better privacy protection performance to FedDAA, an indicator is designed based on image structural similarity to measure privacy leakage under DLG attack and an optimization method is given to protect privacy with the least proxy servers. In addition, we give defense schemes against adversarial attack in FedDAA and design an algorithm to verify the correctness of aggregated results. Experimental results demonstrate that FedDAA can reduce the structural similarity between the reconstructed image and the original image to 0.014 and remain model convergence accuracy as 0.952, thus having the best privacy protection performance and model training effect. More importantly, defense schemes against adversarial attack are compatible with privacy protection in FedDAA and the defense effects are not weaker than those in the traditional FL. Moreover, verification algorithm of aggregation results brings about negligible overhead to FedDAA.

computer science, information systems, theory & methods, software engineering

Shilu Wang,Junhong Wang,Xiangjun Li,Lizhen Hong

DOI: https://doi.org/10.1109/iciscae55891.2022.9927588

2022-01-01

Abstract:To address the 3 major problems of gradient privacy leakage during local model gradient collection and global model gradient aggregation update, the non-verifiability of aggregation results, and the huge overhead of applying homomorphic encryption techniques in existing federal learning techniques. In this paper, an efficient and verifiable privacy-preserving federal learning framework is investigated and proposed by combining neural networks, batch encryption techniques and aggregation principles. The iterative algorithm in this model training process uses stochastic gradient descent + extreme value convergence method. In each iteration, the weights of each data source are first trained locally using fully connected network, Alexnet, and LSTM, and then the weights of each data source are encrypted using batch crypt technology (BatchCrypt) and delivered to the cloud server, which aggregates the encrypted weights received from all clients using the average aggregation principle and then distributes the latest The cloud server uses the average aggregation principle to aggregate the encrypted weights received from all clients and then distributes the latest encrypted weights to each client, and each client decrypts the weights using the corresponding keys to obtain the weights and update the weights of the overall model. Our BatchCrypt encryption framework greatly reduces the encryption and decryption time consumption compared with Tencent's mainstream solutions, and the cost difference between Loss and Accuracy under different Epochs is very small, and the security and stability are higher under the “poison test”. The security and stability are higher under the “poison test”.

Zhen Liu,Changsong Yang,Yong Ding,Hai Liang,Yujue Wang

DOI: https://doi.org/10.1109/jiot.2024.3478208

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The emergence of Big Data and Artificial Intelligence (AI) marks a significant milestone in technological advancement, impacting various sectors and transforming the essence of public and personal activities. Traditional machine learning, known as centralized learning, involves collecting data from multiple sources for model development, which poses significant privacy risks. To address the conflict between the need for data sharing and the protection of privacy, federated learning has emerged as a promising solution. This approach allows for the continuous sharing of model updates between a central server and numerous local devices, fostering collaborative model development. However, it also brings about considerable communication costs and raises privacy concerns due to the potential for sensitive information leakage from the central server and local devices. To address these issues, we propose a lightweight and accuracy-lossless privacy-preserving federated learning scheme based on gradient clipping. The central server introduces noise to the global model to prevent clients from extracting valuable information, and then the local devices train these models using their data. To reduce the communication load, parameters with less impact on the model are removed using the Fisher information matrix. Additionally, to enhance privacy protection, the client-computed parameters are perturbed using the Diffie-Hellman key exchange method. Our experiments show that this approach greatly reduces the communication load for clients and the server, while effectively safeguarding client privacy and maintaining the model’s accuracy.

Jing Wu,Munawar Hayat,Mingyi Zhou,Mehrtash Harandi

2023-12-14

Abstract:Federated Learning (FL) is a distributed learning paradigm that enhances users privacy by eliminating the need for clients to share raw, private data with the server. Despite the success, recent studies expose the vulnerability of FL to model inversion attacks, where adversaries reconstruct users private data via eavesdropping on the shared gradient information. We hypothesize that a key factor in the success of such attacks is the low entanglement among gradients per data within the batch during stochastic optimization. This creates a vulnerability that an adversary can exploit to reconstruct the sensitive data. Building upon this insight, we present a simple, yet effective defense strategy that obfuscates the gradients of the sensitive data with concealed samples. To achieve this, we propose synthesizing concealed samples to mimic the sensitive data at the gradient level while ensuring their visual dissimilarity from the actual sensitive data. Compared to the previous art, our empirical evaluations suggest that the proposed technique provides the strongest protection while simultaneously maintaining the FL performance.

Machine Learning,Cryptography and Security,Computer Vision and Pattern Recognition

H. Yi,H. Ren,C. Hu,Y. Li,J. Deng,X. Xie

2024-10-11

Abstract:Federated Learning (FL) has become a cornerstone of privacy protection, shifting the paradigm towards localizing sensitive data while only sending model gradients to a central server. This strategy is designed to reinforce privacy protections and minimize the vulnerabilities inherent in centralized data storage systems. Despite its innovative approach, recent empirical studies have highlighted potential weaknesses in FL, notably regarding the exchange of gradients. In response, this study introduces a novel, efficacious method aimed at safeguarding against gradient leakage, namely, ``AdaDefense". Following the idea that model convergence can be achieved by using different types of optimization methods, we suggest using a local stand-in rather than the actual local gradient for global gradient aggregation on the central server. This proposed approach not only effectively prevents gradient leakage, but also ensures that the overall performance of the model remains largely unaffected. Delving into the theoretical dimensions, we explore how gradients may inadvertently leak private information and present a theoretical framework supporting the efficacy of our proposed method. Extensive empirical tests, supported by popular benchmark experiments, validate that our approach maintains model integrity and is robust against gradient leakage, marking an important step in our pursuit of safe and efficient FL.

Machine Learning,Computer Vision and Pattern Recognition

Haomiao Yang,Mengyu Ge,Dongyun Xue,Hongwei Li,Kunlan Xiang,Rongxing Lu

DOI: https://doi.org/10.1109/MNET.001.2300140

IF: 10.294

2024-03-01

IEEE Network

Abstract:Federated learning (FL) is a distributed deep learning framework that has become increasingly popular in recent years. Essentially, FL supports numerous participants and the parameter server to co-train a deep learning model through shared gradients without revealing the private training data. Recent studies, however, have shown that a potential adversary (either the parameter server or participants) can recover private training data from the shared gradients, and such behavior is called gradient leakage attacks (GLAs). In this study, we first present an overview of FL systems and outline the GLA philosophy. We classify the existing GLAs into two paradigms: optimizationbased and analytics-based attacks. In particular, the optimization-based approach defines the attack process as an optimization problem, whereas the analytics-based approach defines the attack as a problem of solving multiple linear equations. We present a comprehensive review of the state-of-the-art GLA algorithms followed by a detailed comparison. Based on the observations of the shortcomings of the existing optimization-based and analytics-based methods, we devise a new generation-based GLA paradigm. We demonstrate the superiority of the proposed GLA in terms of data reconstruction performance and efficiency, thus posing a greater potential threat to federated learning protocols. Finally, we pinpoint a variety of promising future directions for GLA.

Computer Science

Wenhan Chang,Tianqing Zhu

DOI: https://doi.org/10.1016/j.cose.2024.103744

IF: 5.105

2024-02-04

Computers & Security

Abstract:Research on federated learning has continued to develop over the past few years. Many federated learning algorithms and frameworks have been developed to ensure model accuracy and protect client data privacy, which has been extensively beneficial for the development of artificial intelligence security technology. However, it is possible to recover private training data from publicly shared gradients, which is referred to as a data leakage attack. In this paper, we propose two feasible defense methods, based on gradient sparsification and pseudo-gradient, to defend against the state-of-the-art attack methods and achieve maximum protection of the private data of all federated learning participants. Both methods use cosine similarity to measure the angular difference between the gradients updated by the clients during training and the gradients sent back by the server. Taking the cosine similarity as a reference and aiming to protect clients' privacy while maintaining the accuracy of the global model, the clients can choose an appropriate strategy for disguising their uploaded gradient. Through extensive experiments, we demonstrate that both defense methods can protect users' private data while preserving the accuracy of the global model in federated learning.

computer science, information systems

Cong Shen,Wei Zhang,Tanping Zhou,Lingling Zhang

DOI: https://doi.org/10.3390/math12131993

IF: 2.4

2024-06-28

Mathematics

Abstract:Although federated learning is gaining prevalence in smart sensor networks, substantial risks to data privacy and security persist. An improper application of federated learning techniques can lead to critical privacy breaches. Practical and effective privacy-enhanced federated learning (PEPFL) is a widely used federated learning framework characterized by low communication overhead and efficient encryption and decryption processes. Initially, our analysis scrutinized security vulnerabilities within the PEPFL framework and identified an effective attack strategy. This strategy enables the server to derive private keys from content uploaded by participants, achieving a 100% success rate in extracting participants' private information. Moreover, when the number of participants does not exceed 300, the attack time does not surpass 3.72 s. Secondly, this paper proposes a federated learning model that integrates homomorphic encryption and secret sharing. By using secret sharing among participants instead of secure multi-party computation, the amount of effective information available to servers is reduced, thereby effectively preventing servers from inferring participants' private gradients. Finally, the scheme was validated through experiments, and it was found to significantly reduce the inherent collusion risks unique to the federated learning scenario. Moreover, even if some participants are unavailable, the reconstructable nature of secret sharing ensures that the decryption process can continue uninterrupted, allowing the remaining users to proceed with further training. Importantly, our proposed scheme exerts a negligible impact on the accuracy of model training.

mathematics

Pengxin Guo,Shuang Zeng,Wenhao Chen,Xiaodan Zhang,Weihong Ren,Yuyin Zhou,Liangqiong Qu

2024-12-10

Abstract:Federated Learning (FL) aims to protect data privacy by enabling clients to collectively train machine learning models without sharing their raw data. However, recent studies demonstrate that information exchanged during FL is subject to Gradient Inversion Attacks (GIA) and, consequently, a variety of privacy-preserving methods have been integrated into FL to thwart such attacks, such as Secure Multi-party Computing (SMC), Homomorphic Encryption (HE), and Differential Privacy (DP). Despite their ability to protect data privacy, these approaches inherently involve substantial privacy-utility trade-offs. By revisiting the key to privacy exposure in FL under GIA, which lies in the frequent sharing of model gradients that contain private data, we take a new perspective by designing a novel privacy preserve FL framework that effectively ``breaks the direct connection'' between the shared parameters and the local private data to defend against GIA. Specifically, we propose a Hypernetwork Federated Learning (HyperFL) framework that utilizes hypernetworks to generate the parameters of the local model and only the hypernetwork parameters are uploaded to the server for aggregation. Theoretical analyses demonstrate the convergence rate of the proposed HyperFL, while extensive experimental results show the privacy-preserving capability and comparable performance of HyperFL. Code is available at <a class="link-external link-https" href="https://github.com/Pengxin-Guo/HyperFL" rel="external noopener nofollow">this https URL</a>.

Machine Learning,Cryptography and Security