Yixuan Guan,Xuefeng Liu,Tao Ren,Jianwei Niu

DOI: https://doi.org/10.1109/infocom53939.2023.10229032

2023-01-01

Abstract:Federated learning (FL) trains a shared global model by periodically aggregating gradients from local devices. Communication overhead becomes a principal bottleneck in FL since participating devices usually suffer from limited bandwidth and unreliable connections in uplink transmission. To address this problem, the gradient compression methods based on compressed sensing (CS) theory have been put forward recently. However, most existing CS-based works compress gradients independently, ignoring the gradient correlations between participants or adjacent communication rounds, which constrains the achievement of higher compression rates. In view of the above observation, we propose a novel gradient compression scheme named FedDCS, guided by distributed compressed sensing (DCS) theory. Following the design philosophy of separate encoding and joint decoding in DCS, FedDCS compresses gradients for participants in each round separately while reconstructing them at the central server jointly via fully exploiting correlated gradients from the previous round, which are known as side information (SI). Benefiting from this design, reconstruction performance is significantly improved with fewer decoding errors also iterations under the identical compression rate, and the total uploading bits to achieve model convergence are considerably reduced. Theoretical analysis and extensive experiments conducted on MNIST and Fashion-MNIST both verify the effectiveness of our approach.

Danni Chen,Ming Lei,Ming-Min Zhao,An Liu,Sikai Sheng

DOI: https://doi.org/10.1109/vtc2023-fall60731.2023.10333645

2023-01-01

Abstract:Federated learning (FL) is an edge learning framework that has received significant attention recently. However, the cost of communication has become a major challenge for FL as the number of edge devices grows and the complexity of training models increases. Besides, data samples across all edge devices are usually not independent and identically distributed (non-IID), posing additional challenges to the convergence and model accuracy of FL. Therefore, we propose a novel personalized FL framework based on deep coded over-the-air computation, named DipFL. In this framework, we design a deep AirComp aggregation (DACA) module for n-to-1 information aggregation. Besides, a joint source-channel coding (JSCC) module is designed based on the variational auto-encoder (VAE) model, which not only encodes the transmitted data, but also reduces the bias of local samples by introducing certain regularisation terms. In addition, we propose a personalized mix module that allows local models to be more personalized by mixing the global model and the local models. Simulation results confirm that the proposed DipFL framework is able to significantly reduce the amount of transmitted data, while improving FL performance especially at low signal-to-noise regimes.

Yahao Ding,Mohammad Shikh-Bahaei,Chongwen Huang,Weijie Yuan

DOI: https://doi.org/10.1109/iccworkshops57953.2023.10283697

2023-01-01

Abstract:Although federated Learning (FL) has become very popular recently, FL is vulnerable to gradient leakage attacks. Recent studies have shown that clients' private data can be reconstructed from shared models or gradients by attackers. Many existing works focus on adding privacy protection mechanisms to prevent user privacy leakage, such as differential privacy (DP) and homomorphic encryption. However, these defenses may cause an increase of computation and communication costs or degrade the performance of FL, and do not consider the impact of wireless network resources on the FL training process. Herein, we propose a defense method, weight compression, to prevent gradient leakage attacks for FL over wireless networks. The gradient compression matrix is determined by the user's location and channel conditions. Moreover, we also add Gaussian noise to the compressed gradients to strengthen the defense. This joint learning, wireless resource allocation and weight compression matrix is formulated as an optimization problem with the objective of minimizing the FL loss function. To find the solution, we first analyze the convergence rate of FL and quantify the effect of the weight matrix on FL convergence. Then, we seek the optimal resource block (RB) allocation by exhaustive search or ant colony optimization (ACO), and then use CVX toolbox to obtain the optimal weight matrix to minimize the optimization function. Our simulation results show that the optimized RB can accelerate the convergence of FL.

Di Xiao,Pengcen Jiang,Min Li

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys57074.2022.00236

2022-01-01

Abstract:Federal learning (FL), as a new technology with privacy protection capabilities, has been widely used. However, the protection capabilities of FL are limited and a lot of communication overhead is required, which is often limited by communication environments. In order to improve the privacy protection and reduce the communication burden, we combine secure multi-party computing(SMC) and compressed sensing(CS) to propose a new chained federated learning scheme called Chain-FL via CS (Chain-FL-CS). We first design a heuristic compression transmission strategy for the model based on CS so that the model can be compressed with a lower loss. Then we use a chained-SMC to perform lossless and secure aggregation of the calculation results. This technology mainly uses masking mechanism for communication. Compared with other schemes, ours has lower complexity. We have conducted experiments using a Deep Neural Network Model (DNN). Experimental results show that our scheme can guarantee the convergence of model under the premise of high transmission efficiency, and it has certain privacy protection capability.

Yinbin Miao,Rongpeng Xie,Xinghua Li,Ximeng Liu,Zhuo Ma,Robert H. Deng

DOI: https://doi.org/10.1145/3564625.3567973

2022-01-01

Abstract:Federated learning (FL) was once considered secure for keeping clients’ raw data locally without relaying on a central server. However, the transmitted model weights or gradients still reveal private information, which can be exploited to launch various inference attacks. Moreover, FL based on deep neural networks is prone to the curse of dimensionality. In this paper, we propose a compressed and privacy-preserving FL scheme in DNN architecture by using Compressive sensing and Adaptive local differential privacy (called as CAFL). Specifically, we first compress the local models by using Compressive Sensing (CS), then adaptively perturb the remaining weights according to their different centers of variation ranges in different layers and their own offsets from corresponding range centers by using Local Differential Privacy (LDP), finally reconstruct the global model almost perfectly by using the reconstruction algorithm of CS. Formal security analysis shows that our scheme achieves ϵ-LDP security and introduces zero bias to estimating average weights. Extensive experiments using MINIST and Fashion-MINIST datasets demonstrate that our scheme with minimum compression ratio 0.05 can reduce the number of parameters by 95%, and with a lower privacy budget ϵ = 1 can improve the accuracy by 80% on MINIST and 12.7% on Fashion-MINIST compared with state-of-the-art schemes.

Lvjun Chen,Di Xiao,Zhuyang Yu,Maolan Zhang

DOI: https://doi.org/10.1016/j.ins.2024.120481

IF: 8.1

2024-03-21

Information Sciences

Abstract:Federated learning (FL) enables the full utilization of decentralized training without raw data. However, various attacks still threaten the training process of FL. To address these concerns, differential privacy (DP) and secure multi-party computation (SMC) are applied, but these methods may result in low accuracy and heavy training load. Moreover, the high communication consumption of FL in resource-constrained devices is also a challenging problem. In this paper, we propose a novel SMC algorithm for the FL (FL- IPFE) to protect the local gradients. It does not require a trusted third party (TTP) and is more suitable for FL. Furthermore, we propose a secure and efficient FL algorithm (SEFL), which applies compressed sensing (CS) and all-or-nothing transform (AONT) to minimize the number of transmitted and encrypted model updates. Additionally, our FL-IPFE is used to encrypt the last element of the preprocessed parameters for guaranteeing the security of the entire local model updates. Meanwhile, the issue of participant dropouts is also taken into account. Theoretical analyses demonstrate that our proposed algorithms can aggregate model updates with high security. Finally, experimental evaluation reveals that our SEFL possesses higher efficiency compared to other state-of-the-art works, while providing comparable model accuracy and strong privacy guarantees.

computer science, information systems

Yinbin Miao,Wei Zheng,Xinghua Li,Hongwei Li,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tifs.2023.3282574

IF: 7.231

2023-06-13

IEEE Transactions on Information Forensics and Security

Abstract:Federated Learning (FL) has been widely used in various fields such as financial risk control, e-government and smart healthcare. To protect data privacy, many privacy-preserving FL approaches have been designed and implemented in various scenarios. However, existing works incur high communication burdens on clients, and affect the training model accuracy due to non-Independently and Identically Distributed (non-IID) data samples separately owned by clients. To solve these issues, in this paper we propose a secure Model-Contrastive Federated Learning with improved Compressive Sensing (MCFL-CS) scheme, motivated by contrastive learning. We combine model-contrastive loss and cross-entropy loss to design the local network architecture of our scheme, which can alleviate the impact of data heterogeneity on model accuracy. Then we utilize improved compressive sensing and local differential privacy to reduce communication costs and prevent clients' privacy leakage. The formal security analysis shows that our scheme satisfies -differential privacy. And extensive experiments using five benchmark datasets demonstrate that our scheme improves the model accuracy by 3.45% on average of all datasets under the non-IID setting and reduces the communication costs by more than 95%, when compared with FedAvg.

computer science, theory & methods,engineering, electrical & electronic

DING Yahao,Mohammad SHIKH?BAHAEI,YANG Zhaohui,HUANG Chongwen,YUAN Weijie

DOI: https://doi.org/10.12142/ztecom.202301006

2023-01-01

Abstract:Although federated learning (FL) has become very popular recently, it is vulnerable to gradient leakage attacks. Recent studies have shown that attackers can reconstruct clients' private data from shared models or gradients. Many existing works focus on adding privacy protection mechanisms to prevent user privacy leakages, such as differential privacy (DP) and homomorphic encryption. These defenses may cause an increase in computation and communication costs or degrade the performance of FL. Besides, they do not consider the impact of wireless network resources on the FL training process. Herein, we propose weight compression, a defense method to prevent gradient leakage attacks for FL over wireless networks. The gradient compression matrix is determined by the user's location and channel conditions. We also add Gaussian noise to the compressed gradients to strengthen the defense. This joint learning of wireless resource allocation and weight com-pression matrix is formulated as an optimization problem with the objective of minimizing the FL loss function. To find the solution, we first analyze the convergence rate of FL and quantify the effect of the weight matrix on FL convergence. Then, we seek the optimal resource block (RB) allocation by exhaustive search or ant colony optimization (ACO) and then use the CVX toolbox to obtain the optimal weight matrix to minimize the optimization function. The simulation results show that the optimized RB can accelerate the convergence of FL.

Lvjun Chen,Di Xiao,Xiangli Xiao,Yushu Zhang

DOI: https://doi.org/10.1109/tifs.2024.3486611

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning (FL) facilitates collaborative training of a global model without sharing the participants’ raw data. Nevertheless, existing FL approaches still face three major issues: 1) How to propose a more efficient and secure privacy-preserving method; 2) How to verify the identity of participants to ensure they are not impersonators; 3) How to reduce the significant communication cost. To address the aforementioned concerns, several schemes have been proposed. However, these schemes suffer from flaws in security, efficiency, and functionality. Furthermore, few researches have considered the possibility of adversaries impersonating legitimate participants to undermine the integrity and availability of the model or launch a free-riding attack. In this paper, we first combine the advantages of secret sharing, Diffie-Hellman key agreement, and functional encryption to develop an authenticable secure multi-party computing algorithm (SDF-ASMC). This algorithm can guarantee the security of transmitted data and provide authentication functionality in the absence of a trusted third party. Moreover, an efficient, secure, and authenticable FL algorithm (ESAFL), which leverages compressed sensing and all-or-nothing transform, is introduced to reduce the transmission and encryption of local gradients. Then, only the final element of the transformed measurements is encrypted by our proposed SDF-ASMC to protect all the measurements. This method effectively improves the efficiency of our algorithm. In addition, ESAFL also tolerates participants’ dropout. Security analysis demonstrates that our proposed algorithms can securely aggregate local gradients. Finally, the extensive experiments demonstrate the practical performance of our proposed algorithms.

Yifan Zhang,Yinbin Miao,Xinghua Li,Linfeng Wei,Zhiquan Liu,Kim-Kwang Raymond Choo,Robert H. Deng

DOI: https://doi.org/10.1109/tii.2023.3297596

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:To solve the data silos issue in distributed machine learning with privacy leakage, privacy-preserving federated learning (PPFL) has been extensively explored in both academic and industrial fields. However, the existing PPFL solutions still suffer from high computation and communication overheads, which result in excessive consumption of communication bandwidth and slow down the training process of FL. To address these issues, we propose a secure and communication-efficient FL scheme using improved compressed sensing and CKKS homomorphic encryption. Specifically, we implement a lossy compression of the model by using discrete cosine transform, then use CKKS homomorphic encryption to encrypt the data transmitted between clients and center server due to its high efficiency and support for batch encryption. Formal security analysis proves that our scheme is secure against indistinguishability under chosen plaintext attack and extensive experiments demonstrate that our scheme achieves a high accuracy at 0.05% compression rate.

Leming Wu,Yaochu Jin,Kuangrong Hao

DOI: https://doi.org/10.1016/j.knosys.2023.110805

IF: 8.139

2023-01-01

Knowledge-Based Systems

Abstract:In recent years, data privacy preservation has received increased attention in artificial intelligence. Federated learning, as a paradigm for privacy-preserving machine learning, can considerably reduce the risk of privacy leakage by training models on local data. In federated learning, however, the clients and server must interact twice in each round of federated training, consuming abundant communication resources. To address the above issue, this work proposes an enhanced compressed sensing federated learning algorithm, which compresses and reconstructs the local network models trained on the clients using compressed sensing. To enhance the accuracy of the reconstructed models, we optimize the measurement matrix in compressed sensing using a genetic algorithm. In addition, we suggest an interleaving training and reconstruction method to improve the learning performance of the compressed models. Through a large number of experiments, we demonstrate that the proposed method is capable of maintaining high learning accuracy while accomplishing a large compression ratio for deep network models in federated learning.

Jiali Zheng,Jing Tang

DOI: https://doi.org/10.1007/s10489-024-05979-w

IF: 5.3

2024-12-11

Applied Intelligence

Abstract:Most existing work on Federated Learning (FL) transmits full-precision weights, which contain a significant amount of redundant information, leading to a substantial communication burden. This issue is particularly pronounced with the growing prevalence of smart mobile and Internet of Things (IoT) devices, where data sharing generates a large communication cost. To address this issue, we propose a communication-efficient Federated Learning algorithm, FedCSTQ, based on compressed sensing (CS) and ternary quantization.FedCSTQ introduces a heuristic sparsification method that enhances information selection, thereby mitigating the accuracy degradation typically associated with CS. Additionally, the algorithm incorporates ternary quantization to process residuals after sparsity, further reducing the impact of accuracy degradation due to sparsity while guaranteeing a small amount of communication overhead. Experiments conducted on the publicly available datasets reveal that FedCSTQ outperforms the standard FL (FedAvg), SignSGD with a majority vote, FL using dithering(CEP-FL), and FL based on Compressed Sensing (CS-FL). Ablation studies further demonstrate the effectiveness of our method.

computer science, artificial intelligence

Yan Feng,Tao Xiong,Ruofan Wu,Yuan Qi

2021-01-01

Abstract:Federated learning (FL) is a technique that trains machine learning models from decentralized data sources. We study FL under local differential privacy constraints, which provides strong protection against sensitive data disclosures via obfuscating the data before leaving the client. We identify two major concerns in designing practical privacy-preserving FL algorithms: communication efficiency and high-dimensional compatibility. We then develop a gradient-based learning algorithm called \emph{sqSGD} (selective quantized stochastic gradient descent) that addresses both concerns. The proposed algorithm is based on a novel privacy-preserving quantization scheme that uses a constant number of bits per dimension per client. Then we improve the base algorithm in two ways: first, we apply a gradient subsampling strategy that offers simultaneously better training performance and smaller communication costs under a fixed privacy budget. Secondly, we utilize randomized rotation as a preprocessing step to reduce quantization error. We also initialize a discussion about the role of quantization and perturbation in FL algorithm design with privacy and communication constraints. Finally, the practicality of the proposed framework is demonstrated on benchmark datasets. Experiment results show that sqSGD successfully learns large models like LeNet and ResNet with local privacy constraints. In addition, with fixed privacy and communication level, the performance of sqSGD significantly dominates that of baseline algorithms.

Leming Wu,Yaochu Jin,Yuping Yan,Kuangrong Hao

DOI: https://doi.org/10.1016/j.knosys.2024.111534

IF: 8.139

2024-01-01

Knowledge-Based Systems

Abstract:In recent years, federated learning has made significant progress in preserving data privacy. In this paradigm, clients train local models without sharing their raw data, thereby substantially mitigating the vulnerability to private data exposure. However, it is still possible to infer clients’ raw data by leveraging the gradient parameters exchanged between the clients and the server. To address this problem, this paper proposes a novel algorithm that introduces deep compressed sensing into federated learning to support one time encryption, called FL-OTCSEnc, to secure the communication data exchanged between the clients and the server. The process starts by creating a dataset of deep learning model parameters and training a system for both encryption and decryption using deep compressed sensing. This system is then used to secure the communication between clients and the server in federated learning, by encrypting and decrypting the data exchanged. To enhance the security of the proposed algorithm, we introduce an assessment method for evaluating the security level of the clients, facilitating the selection of suitable candidates for deployment within distributed training encryption and decryption models that are updated in real time. To enhance the accuracy of the decrypted deep network model, we introduce a tandem loss function in the training process. Moreover, this paper proves that the proposed end-to-end encryption method satisfies additive homomorphic encryption properties. Extensive experiments demonstrate that the deep compressed sensing encryption in federated learning achieves promising results without increasing the computational complexity.

Yongjeong Oh,Namyoon Lee,Yo-Seb Jeon,H. Vincent Poor

DOI: https://doi.org/10.1109/twc.2022.3201207

IF: 10.4

2023-02-16

IEEE Transactions on Wireless Communications

Abstract:In this paper, we present a communication-efficient federated learning framework inspired by quantized compressed sensing. The presented framework consists of gradient compression for wireless devices and gradient reconstruction for a parameter server (PS). Our strategy for gradient compression is to sequentially perform block sparsification, dimensional reduction, and quantization. By leveraging both dimension reduction and quantization, our strategy can achieve a higher compression ratio than one-bit gradient compression. For accurate aggregation of local gradients from the compressed signals, we put forth an approximate minimum mean square error (MMSE) approach for gradient reconstruction using the expectation-maximization generalized-approximate-message-passing (EM-GAMP) algorithm. Assuming Bernoulli Gaussian-mixture prior, this algorithm iteratively updates the posterior mean and variance of local gradients from the compressed signals. We also present a low-complexity approach for the gradient reconstruction. In this approach, we use the Bussgang theorem to aggregate local gradients from the compressed signals, then compute an approximate MMSE estimate of the aggregated gradient using the EM-GAMP algorithm. We also provide a convergence rate analysis of the presented framework. Using the MNIST dataset, we demonstrate that the presented framework achieves almost identical performance with the case that performs no compression, while significantly reducing communication overhead for federated learning.

telecommunications,engineering, electrical & electronic

Min Li,Di Xiao,Jia Liang,Hui Huang

DOI: https://doi.org/10.1109/lcomm.2022.3180113

IF: 3.5529

2022-01-01

IEEE Communications Letters

Abstract:Federated learning, as a novel paradigm of machine learning, is facing a series of challenges such as efficiency, privacy and robustness. The recently proposed EF-DP- SIGNSGD provides theoretical privacy protection for SIGNSGD with majority vote but weakens the capability to resist Byzantine attacks to some extent. To overcome this shortcoming and further greatly improve the communication efficiency, a new method called PCS-DP- SIGNSGD is proposed via using parallel compressed sensing. Simulation and analysis demonstrate that compared with EF-DP- SIGNSGD, PCS-DP- SIGNSGD can match or even improve the accuracy and enjoy stronger Byzantine robustness with 50% to 80% improvement in the uplink communication efficiency.

Xinchen Lyu,Xinyun Hou,Chenshan Ren,Xin Ge,Penglin Yang,Qimei Cui,Xiaofeng Tao

DOI: https://doi.org/10.1109/tifs.2024.3374590

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Federated learning is a popular distributed machine learning paradigm that enables collaborative model training at multiple entities via exchanging intermediate learning results. Security and communication efficiency are crucial for successful applications of federated learning in various privacy-sensitive services. However, existing work focused on gradient defense and communication efficiency separately, and also incurred additional computation, signaling, and accuracy overhead. A lightweight (in terms of time-complexity and signaling) technique that simultaneously achieves security and communication efficiency is critical for massive resource-constrained devices (e.g., Internet-of-Things generating the data), but has yet to be established. This paper proposes a secure and efficient federated learning framework with provable communication-accuracy-security performance guarantees. A low-complexity and signaling-free stochastic quantization module is added at the client side that quantizes the original local gradients to discrete values for communication-efficient global aggregation. The stochastic quantization module is shown to be interpreted as triangular or Gaussian-multiply-triangular noises under uniform or Gaussian distributions of local gradients, hence protecting data privacy. We prove that the proposed framework exhibits an { O (log 2 1/δ), O (δ 2 ), O (1/δ)}-tradeoff between the communication overhead, model accuracy, and data protection, where δ is an adjustable quantization interval. Experimental results validate the tradeoff and the superiority of the proposed stochastic quantization technique in terms of communication efficiency (only 14.1% of differential privacy and 0.2% of homomorphic encryption) and computation complexity (similar to differential privacy and only 0.03% of homomorphic encryption). Under the same data protection performance, the proposed approach also outperforms (in terms of accuracy) differential privacy in all the 9 comparison settings on CIFAR10 dataset.

Xin Fan,Yue Wang,Yan Huo,Zhi Tian

DOI: https://doi.org/10.1109/iccworkshops50388.2021.9473872

2021-01-01

Abstract:This paper studies communication-efficient federated learning (FL) over the air, which is based on 1-bit compressive sensing (CS) and analog aggregation transmissions. To analyze the impact of these two communication efficiency oriented technologies on FL, we derive a closed-form expression for the expected convergence rate of the FL algorithm. Our theoretical result implies that the communication efficiency comes at the expense of the performance degradation due to the aggregation errors caused by sparsification, dimension reduction, quantization, signal reconstruction and noise. Then, we formulate a joint optimization problem to mitigate the impact of these aggregation errors on FL by an optimal scheduling and power scaling policy. An enumerated method is proposed to solve this non-convex problem, which is optimal but becomes computationally infeasible as the number of devices increases. Hence, we further propose a suboptimal solution based on the alternating direction method of multiplier to reduce the complexity when applied in large-scale networks. Simulation results show that our proposed 1-bit CS based FL over the air achieves comparable performance to the ideal case where conventional FL without compression and quantification is applied over error-free aggregation, at much reduced communication overhead and transmission latency.

Guiqiang Hu,Hongwei Li,Wenshu Fan,Yushu Zhang

DOI: https://doi.org/10.1109/jiot.2023.3314748

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Data privacy and resistance against poisoning attack (Byzantine-robustness) are two critical concerns of Federated Learning (FL). Addressing the two issues simultaneously is challenging, since privacy-preserving mechanism tends to make the data be indistinguishable, whereas Byzantine-robustness methods require access for the data to make comprehensive analysis. To solve this problem, in this paper, we propose a novel defender for privacy-ensured Byzantine-robust FL on compressive domain. Unlike existing works that mainly using computation-intensive techniques, our method leverages Compressive Sensing (CS) as a lightweight encryption to protect the data privacy, while maintaining the possibility of Byzantine-robustness analysis on the encrypted (compressive) model update (i.e., gradient). Our key insight is that the cosine similarity can be approximately measured on the compressive measurements of any two normalized vectors, thus makes it be feasible to identify the malicious gradients on the CS compressive domain. We theoretically prove the correctness of our method. Notably, due to the dimensionality reduction of CS, the computation and communication overhead of our system can be significantly reduced. This makes our scheme be fit for applying in the applications with resource-constrained devices, such as Internet of Things (IoT). Experimental results demonstrate the effectiveness and efficiency of our method.