Zengwang Jin,Yanning Zhang,Yanyan Hu,Changyin Sun,Chenhao Xu

DOI: https://doi.org/10.1109/YAC59482.2023.10401762

2023-08-27

Abstract:Deep learning provides better personalized services by training specific models through massive amounts of data. However, due to the problem of gradient leakage during model training, the original data uploaded by the users is restored and privacy leakage occurs. In order to prevent data leakage, this paper introduces a federated learning method to deal with the privacy issues brought by multi-user joint modeling. Gradients generated by the user’s local model training are uploaded to the aggregation server without being trained directly using the original user data. Under such a framework setting, the users’ original data still has a certain risk of being leaked. In order to strengthen the protection of users’ privacy, the training process is encrypted by combining the differential privacy mechanism and the federated learning system. The model parameters are stochastic to ensure that they cannot be acquired by adversaries. By adding Gaussian mechanism and Laplace mechanism, the influence of differential privacy on the convergence of federated learning model is analyzed. The Laplace mechanism is a strict definition of differential privacy, while the Gaussian mechanism is a relaxed definition and allows adding less noise for privacy protection. The simulation results show that both mechanisms can achieve good model convergence effect and verify that differential privacy can produce better privacy protection effect with lower communication cost.

Computer Science

Zhiqiang Wang,Xinyue Yu,Qianli Huang,Yongguang Gong

2024-08-13

Abstract:Differential privacy is one of the methods to solve the problem of privacy protection in federated learning. Setting the same privacy budget for each round will result in reduced accuracy in training. The existing methods of the adjustment of privacy budget consider fewer influencing factors and tend to ignore the boundaries, resulting in unreasonable privacy budgets. Therefore, we proposed an adaptive differential privacy method based on federated learning. The method sets the adjustment coefficient and scoring function according to accuracy, loss, training rounds, and the number of datasets and clients. And the privacy budget is adjusted based on them. Then the local model update is processed according to the scaling factor and the noise. Fi-nally, the server aggregates the noised local model update and distributes the noised global model. The range of parameters and the privacy of the method are analyzed. Through the experimental evaluation, it can reduce the privacy budget by about 16%, while the accuracy remains roughly the same.

Cryptography and Security,Artificial Intelligence,Distributed, Parallel, and Cluster Computing

Xinyi Wang,Jincheng Wang,Xue Ma,Chenglin Wen

DOI: https://doi.org/10.3390/s22072424

2022-03-22

Abstract:As an emerging artificial intelligence technology, federated learning plays a significant role in privacy preservation in machine learning, although its main objective is to prevent peers from peeping data. However, attackers from the outside can steal metadata in transit and through data reconstruction or other techniques to obtain the original data, which poses a great threat to the security of the federated learning system. In this paper, we propose a differential privacy strategy including encryption and decryption methods based on local features of non-Gaussian noise, which aggregates the noisy metadata through a sequential Kalman filter in federated learning scenarios to increase the reliability of the federated learning method. We name the local features of non-Gaussian noise as the non-Gaussian noise fragments. Compared with the traditional methods, the proposed method shows stronger security performance for two reasons. Firstly, non-Gaussian noise fragments contain more complex statistics, making them more difficult for attackers to identify. Secondly, in order to obtain accurate statistical features, attackers must aggregate all of the noise fragments, which is very difficult due to the increasing number of clients. We conduct experiments that demonstrate that the proposed method can greatly enhanced the system's security.

Yang Li,Jin Xu,Jianming Zhu,Youwei Wang

DOI: https://doi.org/10.1007/978-981-99-5968-6_23

2023-01-01

Abstract:With the explosive growth of personal data in the era of big data, federated learning has broader application prospects, in order to solve the problem of data island and preserve user data privacy, a federated learning model based on differential privacy (DP) is proposed. Participants share the parameters after adding noise to the central server for parameter aggregation by training local data. However, there are two problems in this model: on the one hand, the data information in the process of broadcasting parameters by the central server is still compromised, with the risk of user privacy leakage; on the other hand, adding too much noise to parameters will reduce the quality of parameter aggregation and affect the model accuracy of federated learning finally. Therefore, a novel federated learning approach with bidirectional adaptive differential privacy (FedBADP) is proposed, it can adaptively add noise to the gradients transmitted by participants and central server, and protects data security without affecting model accuracy. In addition, considering the performance limitations of the participants’ hardware devices, this model samples their gradients to reduce communication overhead, and uses RMSprop to accelerate the convergence of the model on the participants and central server to improve the ac-curacy of the model. Experiments show that our novel model can not only obtain better results in accuracy, but also enhance user privacy preserving while reducing communication overhead.

Mengchu Li,Ye Tian,Yang Feng,Yi Yu

2024-04-09

Abstract:Federated learning is gaining increasing popularity, with data heterogeneity and privacy being two prominent challenges. In this paper, we address both issues within a federated transfer learning framework, aiming to enhance learning on a target data set by leveraging information from multiple heterogeneous source data sets while adhering to privacy constraints. We rigorously formulate the notion of \textit{federated differential privacy}, which offers privacy guarantees for each data set without assuming a trusted central server. Under this privacy constraint, we study three classical statistical problems, namely univariate mean estimation, low-dimensional linear regression, and high-dimensional linear regression. By investigating the minimax rates and identifying the costs of privacy for these problems, we show that federated differential privacy is an intermediate privacy model between the well-established local and central models of differential privacy. Our analyses incorporate data heterogeneity and privacy, highlighting the fundamental costs of both in federated learning and underscoring the benefit of knowledge transfer across data sets.

Machine Learning,Cryptography and Security,Statistics Theory,Methodology

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

Shengnan Guo,Jianfeng Yang,Shigong Long,Xibin Wang,Guangyuan Liu

DOI: https://doi.org/10.1038/s41598-024-77428-0

IF: 4.6

2024-11-07

Scientific Reports

Abstract:Spurred by the simultaneous need for data privacy protection and data sharing, federated learning (FL) has been proposed. However, it still poses a risk of privacy leakage in it. This paper, an improved Differential Privacy (DP) algorithm to protect the federated learning model. Additionally, the Fast Fourier Transform (FFT) is used in the computation of the privacy budget , to minimize the impact of limited arithmetic resources and numerous users on the effectiveness of training model. Moreover, instead of direct analyses of the privacy budget through various methods, Privacy Loss Distribution (PLD) and privacy curves are adopted, while the number of artificial assignments hyperparameters is reduced, and the grid parameters delineated for FFT use are improved. The improved algorithm tightens parameter bounds and minimizes human factors' influence with minimal efficiency impact. It decreases the errors caused by truncation and discreteness of PLDs while expanding the discreteness interval to reduce the calculation workload. Furthermore, an improved activation function using a temper sigmoid with only one parameter , smooths the accuracy curve and mitigates drastically fluctuating scenarios during model training. Finally, simulation results on real datasets show that our improved DP algorithm, which accounts for long trailing, facilitates a better balance between privacy and utility in federated learning models.

multidisciplinary sciences

Mang Ye,Wenke Huang,Xiyuan Yang

Abstract:Personalized federated learning with differential privacy has been considered a feasible solution to address non-IID distribution of data and privacy leakage risks. However, current personalized federated learning methods suffer from inflexible personalization and convergence difficulties due to two main factors: 1) Firstly, we observe that the prevailing personalization methods mainly achieve this by personalizing a fixed portion of the model, which lacks flexibility. 2) Moreover, we further demonstrate that the default gradient calculation is sensitive to the widely-used clipping operations in differential privacy, resulting in difficulties in convergence. Considering that Fisher information values can serve as an effective measure for estimating the information content of parameters by reflecting the model sensitivity to parameters, we aim to leverage this property to address the aforementioned challenges. In this paper, we propose a novel federated learning method with D ynamic Fisher P ersonalization and A daptive Constraint (FedDPA) to handle these challenges. Firstly, by using layer-wise Fisher information to measure the information content of local parameters, we retain local parameters with high Fisher values during the personalization process, which are considered informative, simultaneously prevent these parameters from noise perturbation. Secondly, we introduce an adaptive approach by applying differential constraint strategies to personalized parameters and shared parameters identified in the previous for better convergence. Our method boosts performance through flexible personalization while mitigating the slow convergence caused by clipping operations. Experimental results on CIFAR-10, FEMNIST and SVHN dataset demonstrate the effectiveness of our approach in achieving better performance and robustness against clipping, under personalized federated learning with differential privacy.

Computer Science

Jie Ling,Junchang Zheng,Jiahui Chen

DOI: https://doi.org/10.1016/j.cose.2024.103715

IF: 5.105

2024-01-24

Computers & Security

Abstract:Federated learning (FL) is a distributed machine learning method that effectively protects personal data. Many studies on federated learning assumed that all clients have consistent privacy parameters. However, in practice, different clients have different privacy requirements, and heterogeneous differential privacy can personalize privacy protection according to each client's privacy budget and requirements. In this study, we propose an improved efficient FL privacy preservation method with heterogeneous differential privacy, which can compute the corresponding privacy budget weights for each client according to noise size using the secure differential privacy stochastic gradient descent protocol, histogram of oriented gradients feature extraction and weighted averaging of the heterogeneous privacy budgets. Through this method, the noisier clients are given smaller privacy budgets weights to mitigate their negative impact on the aggregation model. Experiments comparing the baseline method were performed on the MNIST, fMNIST and cifar10 datasets. More precisely, the experimental results showed that our method improves the model accuracy by 6.68% and 7.18% of 20 to 50 clients and 16.08% and 17.37% of 60 to 100 clients, respectively. Moreover, the communication overhead time was reduced by 23.85%, which validates the effectiveness and usability of the proposed method.

computer science, information systems

Jianzhe Zhao,Keming Mao,Chenxi Huang,Yuyang Zeng

DOI: https://doi.org/10.1155/2021/3344862

IF: 1.4

2021-01-01

Discrete Dynamics in Nature and Society

Abstract:Secure and trusted cross-platform knowledge sharing is significant for modern intelligent data analysis. To address the trade-off problems between privacy and utility in complex federated learning, a novel differentially private federated learning framework is proposed. First, the impact of data heterogeneity of participants on global model accuracy is analyzed quantitatively based on 1-Wasserstein distance. Then, we design a multilevel and multiparticipant dynamic allocation method of privacy budget to reduce the injected noise, and the utility can be improved efficiently. Finally, they are integrated, and a novel adaptive differentially private federated learning algorithm (A-DPFL) is designed. Comprehensive experiments on redefined non-I.I.D MNIST and CIFAR-10 datasets are conducted, and the results demonstrate the superiority of model accuracy, convergence, and robustness.

Xiuting Gu,Tianqing Zhu,Jie Li,Tao Zhang,Wei Ren

DOI: https://doi.org/10.1007/978-3-030-65745-1_25

2020-01-01

Abstract:Federated learning is a machine learning framework where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. Naively minimizing an aggregate loss function in such a network may disproportionately advantage or disadvantage some of the clients. Thus, federated learning could raise "unfairness" according to some fairness metrics. Differential privacy is a privacy model used to protect privacy in federated learning with bounded leakage about the presence of a specific point in the training data. Previous work showed that a reduction in accuracy induced by deep private models disproportionately impacts underrepresented groups. This motivates us to analyze the impact of differential privacy on model fairness in federated learning. In this work, we conduct extensive experiments to evaluate the impact of differential privacy on model fairness in federated learning. Experiments show that, with a proper choice of parameters, differential privacy might improve fairness with an ignoble reduction on accuracy.

Yan Hong,Zhiqing Huang,Chenyang Zhang

DOI: https://doi.org/10.1117/12.2684744

2023-01-01

Abstract:Federated learning is a new privacy protection framework for machine learning. The central server aggregates multiple participants to decentralized optimized parameters, then distributes the generated model to the client, and finally converges the global model. The model obtained by performance approaching centralized data training is trained under the condition that the data is not leave local. However, many studies have shown that this centralized federation system is vulnerable to confidentiality attacks by "honest but curious" attackers, using the gradient parameter information transmitted during federation model training to carry out reconstruction attacks or inference attacks, obtain the privacy data of participants or deduce some member information, which poses a severe challenge to the privacy protection of federated learning. In this paper, a hybrid defense strategy based on confusion self-encoder combined with localized differential privacy is proposed. On the one hand, the labels of the participants' local data are confused through the self-encoder network, so as to cut off the relationship between the gradient information and the original data. On the other hand, the localized differential privacy mechanism is used to disturb the transmitted gradient parameter information, and a model performance loss constraint mechanism is designed to reduce the impact of noise addition on the model performance. Experiments show that the hybrid defense strategy proposed in this paper can effectively resist reconstruction attacks and inference attacks in the process of federated learning model training, and achieve a better balance among computing overhead, model performance and privacy security.

TANG Ling-tao,WANG Di,ZHANG Lu-fei,LIU Sheng-yun

DOI: https://doi.org/10.11896/jsjkx.210800108

2022-01-01

Computer Science

Abstract:Federated learning provides a novel solution to collaborative learning among untrusted entities. Through a local-trai-ning-and-central-aggregation pattern,the federated learning algorithm trains a global model while protects local data privacy of each entity. However,recent studies show that local models uploaded by clients and global models produced by the server may still leak users' private information. Secure multi-party computation and differential privacy are two mainstream privacy-preserving techniques,which are used to protect the privacy of computation process and computation outputs respectively. There are few works that exploit the benefits of these two techniques at the same time. This paper proposes a privacy-preserving federated learning scheme for deep learning by combining secure multi-party computation and differential privacy. Clients add noise to local models,and secret share them to multiple servers. Servers aggregate these model shares by secure multi-party computation to obtain a private global model. The proposed scheme not only protects the privacy of local model updates uploaded by clients,but also prevents adversaries from inferring sensitive information from globally shared data such as aggregated models. The scheme also allows dropout of unstable clients and is compatible with complex aggregation functions. In addition,it can be naturally extended to the decentralized setting for real-world applications where no trusted centers exist. We implement our system in Python and Pytorch. Experiments validate that the proposed scheme achieves the same level of efficiency and accuracy as plaintext fede-rated learning.

Peihao Liu,Yongliang Xu,Meiqing Wang,Peng Cao

DOI: https://doi.org/10.1109/icmlca63499.2024.10754499

2024-01-01

Abstract:Federated Learning, as a typical paradigm of collaborative learning, effectively mediates the contradictions between model training and data privacy. However, the data heterogeneity and privacy leakage problems undermine the availability of federated learning. Existing studies focus solely on one of the problems. In this work, we manage to handle these two challenges simultaneously, by utilizing contrastive learning and differential privacy in local training, the federated learning system can stay safe and robust. The contrastive loss item pushes the local model towards the global model and a random noise generated by differential privacy is added to the model to protect the sensitive information hidden in the models. Extensive experiment results demonstrate that our method can exceed the baseline around 1%~2% in term of test accuracy.

Lefeng Zhang,Tianqing Zhu,Ping Xiong,Wanlei Zhou,Philip S. Yu,Philip Yu

DOI: https://doi.org/10.1109/tkde.2021.3140131

IF: 9.235

2022-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Federated learning is a promising distributed machine learning paradigm that has been playing a significant role in providing privacy-preserving learning solutions. However, alongside all its achievements, there are also limitations. First, traditional frameworks assume that all the clients are voluntary and so will want to participate in training only for improving the model’s accuracy. However, in reality, clients usually want to be adequately compensated for the data and resources they will use before participating. Second, today’s frameworks do not offer sufficient protection against malicious participants who try to skew a jointly trained model with poisoned updates. To address these concerns, we have developed a more robust federated learning scheme based on joint differential privacy. The framework provides two game-theoretic mechanisms to motivate clients to participate in training. These mechanisms are dominant-strategy truthful, individual rational, and budget-balanced. Further, the influence an adversarial client can have is quantified and restricted, and data privacy is similarly guaranteed in quantitative terms. Experiments with different training models on real-word datasets demonstrate the effectiveness of the proposed approach.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Xia Wu,Lei Xu,Liehuang Zhu

DOI: https://doi.org/10.3390/app13074168

2023-01-01

Applied Sciences

Abstract:Federated learning is a distributed machine learning paradigm, which utilizes multiple clients’ data to train a model. Although federated learning does not require clients to disclose their original data, studies have shown that attackers can infer clients’ privacy by analyzing the local models shared by clients. Local differential privacy (LDP) can help to solve the above privacy issue. However, most of the existing federated learning studies based on LDP, rarely consider the diverse privacy requirements of clients. In this paper, we propose an LDP-based federated learning framework, that can meet the personalized privacy requirements of clients. We consider both independent identically distributed (IID) datasets and non-independent identically distributed (non-IID) datasets, and design model perturbation methods, respectively. Moreover, we propose two model aggregation methods, namely weighted average method and probability-based selection method. The main idea, is to weaken the impact of those privacy-conscious clients, who choose relatively small privacy budgets, on the federated model. Experiments on three commonly used datasets, namely MNIST, Fashion-MNIST, and forest cover-types, show that the proposed aggregation methods perform better than the classic arithmetic average method, in the personalized privacy preserving scenario.

Dayin Zhang,Xiaojun Chen,Jinqiao Shi

DOI: https://doi.org/10.1007/978-3-031-23098-1_11

2022-01-01

Abstract:Federated learning can complete the neural network model training without uploading users' private data. However, the deep leakage from gradients (DLG) and the compensatory reconstruction attack (CRA) can reconstruct the training data according to the gradients uploaded by users. We propose an efficient federated convolutional neural network scheme with differential privacy to solve this problem. By adding Gaussian noise to the fully connected layers of the convolutional neural network, the attacker cannot identify the critical gradients that cause privacy leakage. The cumulative privacy loss is tracked using the analytical moments accountant technique. We conduct extensive experiments on the MNIST and CIFAR10 datasets to evaluate our defense algorithm. After selecting appropriate parameters, the results show that our defense algorithm can defend against DLG and CRA while maintaining a high model accuracy.

Xinpeng Ling,Jie Fu,Kuncan Wang,Huifa Li,Tong Cheng,Zhili Chen

2024-08-19

Abstract:Federated learning (FL) is a new machine learning paradigm to overcome the challenge of data silos and has garnered significant attention. However, federated learning faces challenges in fairness and data privacy. To address both of the above challenges simultaneously, we first propose a fairness-aware federated learning algorithm, termed FedFair. Then based on FedFair, we introduce differential privacy protection to form the FedFDP algorithm to address the trade-offs among fairness, privacy protection, and model performance. In FedFDP, we designed an fairness-aware gradient clipping technique to identify the relationship between fairness and differential privacy. Through convergence analysis, we determined the optimal fairness adjustment parameters to simultaneously achieve the best model performance and fairness. Additionally, for the extra uploaded loss values, we present an adaptive clipping method to minimize privacy budget consumption. Extensive experimental results demonstrate that FedFDP significantly outperforms state-of-the-art solutions in terms of model performance and fairness. Codes and datasets will be made public after acceptance.

Cryptography and Security

Yi Zhang,Yunfan Lu,Fengxia Liu

DOI: https://doi.org/10.4236/jis.2023.142008

2023-01-01

Journal of Information Security

Abstract:Federated learning is a distributed machine learning technique that trains a global model by exchanging model parameters or intermediate results among multiple data sources.Although federated learning achieves physical isolation of data, the local data of federated learning clients are still at risk of leakage under the attack of malicious individuals.For this reason, combining data protection techniques (e.g., differential privacy techniques) with federated learning is a sure way to further improve the data security of federated learning models.In this survey, we review recent advances in the research of differentially-private federated learning models.First, we introduce the workflow of federated learning and the theoretical basis of differential privacy.Then, we review three differentially-private federated learning paradigms: central differential privacy, local differential privacy, and distributed differential privacy.After this, we review the algorithmic optimization and communication cost optimization of federated learning models with differential privacy.Finally, we review the applications of federated learning models with differential privacy in various domains.By systematically summarizing the existing research, we propose future research opportunities.