Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Kangkang Sun,Xiaojin Zhang,Xi Lin,Gaolei Li,Jing Wang,Jianhua Li

DOI: https://doi.org/10.48550/arXiv.2311.18190

2023-11-30

Abstract:Federated Learning (FL) is a novel privacy-protection distributed machine learning paradigm that guarantees user privacy and prevents the risk of data leakage due to the advantage of the client's local training. Researchers have struggled to design fair FL systems that ensure fairness of results. However, the interplay between fairness and privacy has been less studied. Increasing the fairness of FL systems can have an impact on user privacy, while an increase in user privacy can affect fairness. In this work, on the client side, we use fairness metrics, such as Demographic Parity (DemP), Equalized Odds (EOs), and Disparate Impact (DI), to construct the local fair model. To protect the privacy of the client model, we propose a privacy-protection fairness FL method. The results show that the accuracy of the fair model with privacy increases because privacy breaks the constraints of the fairness metrics. In our experiments, we conclude the relationship between privacy, fairness and utility, and there is a tradeoff between these.

Machine Learning,Artificial Intelligence

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kang Wei,Jun Li,Ming Ding,Chuan Ma,Hang Su,Bo Zhang,H. Vincent Poor

2020-01-01

Abstract:As a means of decentralized machine learning, federated learning (FL) has recently drawn considerable attentions. One of the prominent advantages of FL is its capability of preventing clients' data from being directly exposed to external adversaries. Nevertheless, via a viewpoint of information theory, it is still possible for an attacker to steal private information from eavesdropping upon the shared models uploaded by FL clients. In order to address this problem, we develop a novel privacy preserving FL framework based on the concept of differential privacy (DP). To be specific, we first borrow the concept of local DP and introduce a client-level DP (CDP) by adding artificial noises to the shared models before uploading them to servers. Then, we prove that our proposed CDP algorithm can satisfy the DP guarantee with adjustable privacy protection levels by varying the variances of the artificial noises. More importantly, we derive a theoretical convergence upper-bound of the CDP algorithm. Our derived upper-bound reveals that there exists an optimal number of communication rounds to achieve the best convergence performance in terms of loss function values for a given privacy protection level. Furthermore, to obtain this optimal number of communication rounds, which cannot be derived in a closed-form expression, we propose a communication rounds discounting (CRD) method. Compared with the heuristic searching method, our proposed CRD can achieve a much better trade-off between the computational complexity of searching for the optimal number and the convergence performance. Extensive experiments indicate that our CDP algorithm with an optimization on the number of communication rounds using the proposed CRD can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Jianzhe Zhao,Keming Mao,Chenxi Huang,Yuyang Zeng

DOI: https://doi.org/10.1155/2021/3344862

IF: 1.4

2021-01-01

Discrete Dynamics in Nature and Society

Abstract:Secure and trusted cross-platform knowledge sharing is significant for modern intelligent data analysis. To address the trade-off problems between privacy and utility in complex federated learning, a novel differentially private federated learning framework is proposed. First, the impact of data heterogeneity of participants on global model accuracy is analyzed quantitatively based on 1-Wasserstein distance. Then, we design a multilevel and multiparticipant dynamic allocation method of privacy budget to reduce the injected noise, and the utility can be improved efficiently. Finally, they are integrated, and a novel adaptive differentially private federated learning algorithm (A-DPFL) is designed. Comprehensive experiments on redefined non-I.I.D MNIST and CIFAR-10 datasets are conducted, and the results demonstrate the superiority of model accuracy, convergence, and robustness.

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Tongxin Yin,Xuwei Tan,Xueru Zhang,Mohammad Mahdi Khalili,Mingyan Liu

2024-10-01

Abstract:Federated learning (FL) is a distributed learning paradigm that allows multiple decentralized clients to collaboratively learn a common model without sharing local data. Although local data is not exposed directly, privacy concerns nonetheless exist as clients' sensitive information can be inferred from intermediate computations. Moreover, such information leakage accumulates substantially over time as the same data is repeatedly used during the iterative learning process. As a result, it can be particularly difficult to balance the privacy-accuracy trade-off when designing privacy-preserving FL algorithms. This paper introduces Upcycled-FL, a simple yet effective strategy that applies first-order approximation at every even round of model update. Under this strategy, half of the FL updates incur no information leakage and require much less computational and transmission costs. We first conduct the theoretical analysis on the convergence (rate) of Upcycled-FL and then apply two perturbation mechanisms to preserve privacy. Extensive experiments on both synthetic and real-world data show that the Upcycled-FL strategy can be adapted to many existing FL frameworks and consistently improve the privacy-accuracy trade-off.

Machine Learning

Qingjie Tan,Shuhui Wu,Yuanhong Tao

DOI: https://doi.org/10.3390/math11194123

IF: 2.4

2023-01-01

Mathematics

Abstract:Federated learning (FL) allows the collaborative training of a collective model by a vast number of decentralized clients while ensuring that these clients’ data remain private and are not shared. In practical situations, the training data utilized in FL often exhibit non-IID characteristics, hence diminishing the efficacy of FL. Our study presents a novel privacy-preserving FL algorithm, HW-DPFL, which leverages data label distribution similarity as a basis for its design. Our proposed approach achieves this objective without incurring any additional overhead communication. In this study, we provide evidence to support the assertion that our approach improves the privacy guarantee and convergence of FL both theoretically and empirically.

Xiaojin Zhang,Yan Kang,Kai Chen,Lixin Fan,Qiang Yang

DOI: https://doi.org/10.1145/3595185

IF: 5

2023-05-05

ACM Transactions on Intelligent Systems and Technology

Abstract:Federated learning (FL) enables participating parties to collaboratively build a global model with boosted utility without disclosing private data information. Appropriate protection mechanisms have to be adopted to fulfill the opposing requirements in preserving privacy and maintaining high model utility . In addition, it is a mandate for a federated learning system to achieve high efficiency in order to enable large-scale model training and deployment. We propose a unified federated learning framework that reconciles horizontal and vertical federated learning. Based on this framework, we formulate and quantify the trade-offs between privacy leakage, utility loss, and efficiency reduction, which leads us to the No-Free-Lunch (NFL) theorem for the federated learning system. NFL indicates that it is unrealistic to expect an FL algorithm to simultaneously provide excellent privacy, utility, and efficiency in certain scenarios. We then analyze the lower bounds for the privacy leakage, utility loss, and efficiency reduction for several widely-adopted protection mechanisms, including Randomization , Homomorphic Encryption , Secret Sharing and Compression . Our analysis could serve as a guide for selecting protection parameters to meet particular requirements.

computer science, information systems, artificial intelligence

Xuehua Sun,Zengsen Yuan,Xianguang Kong,Liang Xue,Lang He,Ying Lin

DOI: https://doi.org/10.1109/jiot.2024.3396217

IF: 10.6

2024-07-27

IEEE Internet of Things Journal

Abstract:Federated learning (FL) aims to protect data privacy while aggregating models. Existing works rarely focus simultaneously on the three issues of communication efficiency, privacy, and utility, which are the three main challenges facing FL. Specifically, sensitive information about the training data can still be inferred from the model parameters shared in FL. In recent years, differential privacy (DP) has been applied in FL to protect data privacy. The challenge of implementing DP in FL lies in the detrimental impact of DP noise on model accuracy. The DP noise affects the convergence of the model, leading to additional communication overhead. Moreover, considering the inherently high-communication costs of FL, FL process can be inefficient or even infeasible. In view of these, we propose a novel differentially private FL (DPFL) scheme named Adap-FedITK, which aims to achieve low-communication overhead and high-model accuracy while guaranteeing client-level DP. Specifically, we dynamically adjust the gradient clipping threshold for different clients in each round, based on the heterogeneity of gradients. This approach aims to mitigate the negative impact of DP and achieve a privacy-utility tradeoff. To alleviate the high-communication overhead problem in FL, we introduce an improved top-k algorithm, which utilizes sparsity and quantization to compress the model eliminates communication redundancy, and it also integrates coding techniques to further reduce communication. Extensive experimental results demonstrate that our method achieves the privacy-utility tradeoff and improves communication efficiency while ensuring client-level DPFL.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kang Wei,Jun Li,Chuan Ma,Ming Ding,H. Vincent Poor

DOI: https://doi.org/10.1007/978-3-030-70604-3_3

2021-01-01

Abstract:Federated learning (FL), a type of collaborative machine learning framework, is capable of helping protect users’ private data while training the data into useful models. Nevertheless, privacy leakage may still happen by analyzing the exchanged parameters, e.g., weights and biases in deep neural networks, between the central server and clients. In this chapter, to effectively prevent information leakage, we investigate a differential privacy mechanism in which, at the clients’ side, artificial noises are added to parameters before uploading. Moreover, we propose a K-client random scheduling policy, in which K clients are randomly selected from a total of N clients to participate in each communication round. Furthermore, a theoretical convergence bound is derived from the loss function of the trained FL model. In detail, considering a fixed privacy level, the theoretical bound reveals that there exists an optimal number of clients K that can achieve the best convergence performance due to the tradeoff between the volume of user data and the variances of aggregated artificial noises. To optimize this tradeoff, we further provide a differentially private FL based client selection (DP-FedCS) algorithm, which can dynamically select the number of training clients. Our experimental results validate our theoretical conclusions and also show that the proposed algorithm can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Zhe Li,Honglong Chen,Zhichen Ni,Huajie Shao

DOI: https://doi.org/10.48550/arxiv.2302.08044

2023-01-01

Abstract: Federated learning (FL) aims to collaboratively train the global model in a distributed manner by sharing the model parameters from local clients to a central server, thereby potentially protecting users' private information. Nevertheless, recent studies have illustrated that FL still suffers from information leakage as adversaries try to recover the training data by analyzing shared parameters from local clients. To deal with this issue, differential privacy (DP) is adopted to add noise to the gradients of local models before aggregation. It, however, results in the poor performance of gradient-based interpretability methods, since some weights capturing the salient region in feature map will be perturbed. To overcome this problem, we propose a simple yet effective adaptive differential privacy (ADP) mechanism that selectively adds noisy perturbations to the gradients of client models in FL. We also theoretically analyze the impact of gradient perturbation on the model interpretability. Finally, extensive experiments on both IID and Non-IID data demonstrate that the proposed ADP can achieve a good trade-off between privacy and interpretability in FL.

Wenjun Qian,Qingni Shen,Xiaoyi Chen,Cong Li,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1093/comjnl/bxae081

2024-01-01

Abstract:Federated learning (FL) as a privacy-preserving technology enables multiple clients to collaboratively train models on decentralized data. However, transmitting model parameters between local clients and the central server can potentially result in information leakage. Differentially private federated learning (DPFL) has emerged as a promising solution to enhance privacy. Nevertheless, existing DPFL schemes suffer from two issues: (i) most schemes that aim to achieve desired model accuracy may incur a high privacy budget. (ii) several schemes that consider the trade-off between privacy and accuracy by utilizing linear clipping bound may distort numerous model parameters. In this paper, we first propose FDP-FL, a flexible differential privacy approach for FL. FDP-FL introduces a novel series sum privacy budget allocation instead of uniform allocation and enables adaptive and nonlinear noise scale decay. In this way, a tight bound for cumulative privacy loss can be achieved while optimizing model accuracy. Then in order to mitigate gradient leakages caused by honest-but-curious clients and server, we further design client-level FDP-FL and record-level FDP-FL, respectively. Experimental results demonstrate that our FDP-FL improves model accuracy by $\sim $13.3% compared with the basic DP-FL under a fixed privacy budget and outperforms existing trade-off schemes with the same hyperparameter setting.

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.

Jinhao Zhou,Zhou Su,Jianbing Ni,Yuntao Wang,Yanghe Pan,Rui Xing

DOI: https://doi.org/10.1109/globecom48099.2022.10000793

2022-01-01

Abstract:The emerging federated learning (FL) offers a feasible solution for the privacy preservation of users' sensitive data in training artificial intelligence (AI) models. Meanwhile, differential privacy (DP) is widely used in FL to ensure that data privacy is not disclosed during model training. However, in the practical deployment of DP in FL, a prominent challenge is that most existing FL solutions set the same privacy level for different users, resulting in over-protection for some users while insufficient protection for others. In this paper, we propose a novel federated learning framework with user-level personalized privacy protection (named FLUP) to meet the personalized privacy requirements of different users while maintaining high data utility. In this framework, we propose a user-level personalized DP mechanism that combines a personalized sampling algorithm and Gaussian perturbation to meet each user's personalized differential privacy corresponding to their privacy parameters. Then, we qualitatively analyze the impact of the sampling threshold on model performance. Furthermore, to balance user privacy requirements and AI model performance, we design a utility-aware game model to distributively determine the optimized sampling threshold and the users' differential privacy parameters. Finally, by conducting validation experiments, we demonstrate the feasibility and effectiveness of our proposed framework in terms of model performance as well as user privacy preservation.

Jiawei Shao,Zijian Li,Wenqiang Sun,Tailin Zhou,Yuchang Sun,Lumin Liu,Zehong Lin,Yuyi Mao,Jun Zhang

2024-02-18

Abstract:Federated learning (FL) has emerged as a secure paradigm for collaborative training among clients. Without data centralization, FL allows clients to share local information in a privacy-preserving manner. This approach has gained considerable attention, promoting numerous surveys to summarize the related works. However, the majority of these surveys concentrate on FL methods that share model parameters during the training process, while overlooking the possibility of sharing local information in other forms. In this paper, we present a systematic survey from a new perspective of what to share in FL, with an emphasis on the model utility, privacy leakage, and communication efficiency. First, we present a new taxonomy of FL methods in terms of three sharing methods, which respectively share model, synthetic data, and knowledge. Second, we analyze the vulnerability of different sharing methods to privacy attacks and review the defense mechanisms. Third, we conduct extensive experiments to compare the learning performance and communication overhead of various sharing methods in FL. Besides, we assess the potential privacy leakage through model inversion and membership inference attacks, while comparing the effectiveness of various defense approaches. Finally, we identify future research directions and conclude the survey.

Machine Learning,Cryptography and Security

Chenfei Nie,Qiang Li,Yuxin Yang,Yuede Ji,Binghui Wang

2024-07-29

Abstract:Federated learning (FL) is an emerging distributed learning paradigm without sharing participating clients' private data. However, existing works show that FL is vulnerable to both Byzantine (security) attacks and data reconstruction (privacy) attacks. Almost all the existing FL defenses only address one of the two attacks. A few defenses address the two attacks, but they are not efficient and effective enough. We propose BPFL, an efficient Byzantine-robust and provably privacy-preserving FL method that addresses all the issues. Specifically, we draw on state-of-the-art Byzantine-robust FL methods and use similarity metrics to measure the robustness of each participating client in FL. The validity of clients are formulated as circuit constraints on similarity metrics and verified via a zero-knowledge proof. Moreover, the client models are masked by a shared random vector, which is generated based on homomorphic encryption. In doing so, the server receives the masked client models rather than the true ones, which are proven to be private. BPFL is also efficient due to the usage of non-interactive zero-knowledge proof. Experimental results on various datasets show that our BPFL is efficient, Byzantine-robust, and privacy-preserving.

Cryptography and Security

Hanlin Gu,Xinyuan Zhao,Gongxi Zhu,Yuxing Han,Yan Kang,Lixin Fan,Qiang Yang

DOI: https://doi.org/10.48550/arXiv.2312.16554

IF: 5.414

2023-12-27

Machine Learning

Abstract:Federated learning (FL) enables multiple clients to collaboratively learn a shared model without sharing their individual data. Concerns about utility, privacy, and training efficiency in FL have garnered significant research attention. Differential privacy has emerged as a prevalent technique in FL, safeguarding the privacy of individual user data while impacting utility and training efficiency. Within Differential Privacy Federated Learning (DPFL), previous studies have primarily focused on the utility-privacy trade-off, neglecting training efficiency, which is crucial for timely completion. Moreover, differential privacy achieves privacy by introducing controlled randomness (noise) on selected clients in each communication round. Previous work has mainly examined the impact of noise level ($\sigma$) and communication rounds ($T$) on the privacy-utility dynamic, overlooking other influential factors like the sample ratio ($q$, the proportion of selected clients). This paper systematically formulates an efficiency-constrained utility-privacy bi-objective optimization problem in DPFL, focusing on $\sigma$, $T$, and $q$. We provide a comprehensive theoretical analysis, yielding analytical solutions for the Pareto front. Extensive empirical experiments verify the validity and efficacy of our analysis, offering valuable guidance for low-cost parameter design in DPFL.

Yuping Yan,Mohammed B. M. Kamel,Marcell Zoltay,Marcell Gál,Roland Hollós,Yaochu Jin,Ligeti Péter,Ákos Tényi

DOI: https://doi.org/10.1007/s40747-023-01184-3

IF: 6.7

2023-01-01

Complex & Intelligent Systems

Abstract:Federated learning (FL) draws attention in academia and industry due to its privacy-preserving capability in training machine learning models. However, there are still some critical security attacks and vulnerabilities, including gradients leakage and interference attacks. Meanwhile, communication is another bottleneck in basic FL schemes since large-scale FL parameter transmission leads to inefficient communication, latency, and slower learning processes. To overcome these shortcomings, different communication efficiency strategies and privacy-preserving cryptographic techniques have been proposed. However, a single method can only partially resist privacy attacks. This paper presents a practical, privacy-preserving scheme combining cryptographic techniques and communication networking solutions. We implement Kafka for message distribution, the Diffie–Hellman scheme for secure server aggregation, and gradient differential privacy for interference attack prevention. The proposed approach maintains training efficiency while being able to addressing gradients leakage problems and interference attacks. Meanwhile, the implementation of Kafka and Zookeeper provides asynchronous communication and anonymous authenticated computation with role-based access controls. Finally, we prove the privacy-preserving properties of the proposed solution via security analysis and empirically demonstrate its efficiency and practicality.

Junpeng Zhang,Hui Zhu,Fengwei Wang,Yandong Zheng,Zhe Liu,Hui Li

DOI: https://doi.org/10.1016/j.ins.2024.121035

IF: 8.1

2024-01-01

Information Sciences

Abstract:Federated learning (FL), as a distributed machine learning paradigm, essentially promises that multiple parties can jointly train the model collaboratively without sharing local data. Recent research demonstrates that the adversary can deduce the sensitive data through shared model updates. To protect the data privacy of the participants, differential privacy (DP) is deployed in various FL scenarios due to the lightweight computational overhead. However, the trade-off between the availability and privacy of local models is the fundamental problem that needs to be solved in DP applications. In this paper, we propose a fine-grained and privacy-aware FL framework (iDP-FL) to enable training data and model parameters to satisfy confidentiality while markedly improving the model's prediction accuracy. Specifically, we first design an individualized perturbation noise (IPN) algorithm that adds different artificial noises dependent on the importance of each participant's model weight. Then, we propose a perturbation mechanism on the aggregator side, a DP protection method under the premise of loss function convergence, which prevents the global model parameters from being stolen by malicious adversaries. Moreover, to achieve lightweight protection throughout the learning, we present an advanced bilateral perturbation (ABP) protocol to perform iterative training. Theoretical analysis indicates that iDP-FL provides the DP guarantee, which yields superior prediction accuracy and excellent privacy-preserving with the same privacy level. Finally, extensive experiments conducted on real-world datasets demonstrate that our approach shows significant advantages with limited privacy budgets, especially at small privacy losses.