Xicong Shen,Ying Liu,Zhaoyang Zhang

DOI: https://doi.org/10.1109/jiot.2022.3189361

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL), which enables multiple distributed devices (clients) to collaboratively train a global model without transmitting their private data, has attracted much attention in the Internet of Things (IoT) domain. Compared with centralized learning, FL has obvious privacy advantages because it can protect the clients’ raw data from direct access by adversaries. Furthermore, to prevent the adversaries from inferring private information from the transmitted parameters, several FL algorithms based on differential privacy (DP) have been proposed, where the clients add artificial noise to their local parameters for privacy protection. Nevertheless, the added noise would disrupt the learning process and degrade the performance of the trained model. Considering this, in this article, we develop a performance-enhanced DP-based FL (PEDPFL) algorithm, where a classifier-perturbation regularization method is proposed to improve the robustness of the trained model against DP-injected noise. We derive the theoretical privacy and convergence analysis of the proposed algorithm, and also demonstrate the influence of some hyperparameters on the convergence performance. Simulation results on real-world data sets show that the proposed algorithm has better classification performance than the existing DP-based FL algorithms at the same level of privacy protection, and thus, it is more applicable to IoT applications.

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe

DOI: https://doi.org/10.1016/j.comcom.2021.02.014

IF: 5.047

2021-04-01

Computer Communications

Abstract:<p>Edge computing and distributed machine learning have advanced to a level that can revolutionize a particular organization. Distributed devices such as the Internet of Things (IoT) often produce a large amount of data, eventually resulting in big data that can be vital in uncovering hidden patterns, and other insights in numerous fields such as healthcare, banking, and policing. Data related to areas such as healthcare and banking can contain potentially sensitive data that can become public if they are not appropriately sanitized. Federated learning (FedML) is a recently developed distributed machine learning (DML) approach that tries to preserve privacy by bringing the learning of an ML model to data owners'. However, literature shows different attack methods such as membership inference that exploit the vulnerabilities of ML models as well as the coordinating servers to retrieve private data. Hence, FedML needs additional measures to guarantee data privacy. Furthermore, big data often requires more resources than available in a standard computer. This paper addresses these issues by proposing a distributed perturbation algorithm named as DISTPAB, for privacy preservation of horizontally partitioned data. DISTPAB alleviates computational bottlenecks by distributing the task of privacy preservation utilizing the asymmetry of resources of a distributed environment, which can have resource-constrained devices as well as high-performance computers. Experiments show that DISTPAB provides high accuracy, high efficiency, high scalability, and high attack resistance. Further experiments on privacy-preserving FedML show that DISTPAB is an excellent solution to stop privacy leaks in DML while preserving high data utility.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Fardin Jalil Piran,Zhiling Chen,Mohsen Imani,Farhad Imani

2024-11-25

Abstract:Federated Learning (FL) is essential for efficient data exchange in Internet of Things (IoT) environments, as it trains Machine Learning (ML) models locally and shares only model updates. However, FL is vulnerable to privacy threats like model inversion and membership inference attacks, which can expose sensitive training data. To address these privacy concerns, Differential Privacy (DP) mechanisms are often applied. Yet, adding DP noise to black-box ML models degrades performance, especially in dynamic IoT systems where continuous, lifelong FL learning accumulates excessive noise over time. To mitigate this issue, we introduce Federated HyperDimensional computing with Privacy-preserving (FedHDPrivacy), an eXplainable Artificial Intelligence (XAI) framework that combines the neuro-symbolic paradigm with DP. FedHDPrivacy carefully manages the balance between privacy and performance by theoretically tracking cumulative noise from previous rounds and adding only the necessary incremental noise to meet privacy requirements. In a real-world case study involving in-process monitoring of manufacturing machining operations, FedHDPrivacy demonstrates robust performance, outperforming standard FL frameworks-including Federated Averaging (FedAvg), Federated Stochastic Gradient Descent (FedSGD), Federated Proximal (FedProx), Federated Normalized Averaging (FedNova), and Federated Adam (FedAdam)-by up to 38%. FedHDPrivacy also shows potential for future enhancements, such as multimodal data fusion.

Machine Learning,Artificial Intelligence,Cryptography and Security

Yan Feng,Xue Yang,Weijun Fang,Shu-Tao Xia,Xiaohu Tang,Jun Shao,Tao Xiong

2020-01-01

Abstract:Although federated learning improves privacy of training data by exchanging model updates rather than raw data, many research results show that sharing the model updates may still involve risks. To alleviate this problem, many privacy-preserving techniques have been introduced to federated learning. However, considering deep learning models in federated learning, the resulting schemes either cannot implement non-linear activation functions well, or cannot remain the same model accuracy as the original training, or suffer from unaffordable costs. In this paper, we customize a \emph{practical privacy-preserving method for federated deep learning}, which is versatile and applicable to most state-of-the-art models, such as ResNet and DenseNet. In particular, this method can support non-linear activation functions well on the encrypted domain, hence supporting semi-trusted clients to efficiently train deep neural network locally over encrypted model iterates (i.e., protecting the privacy of the model for server-side). Meanwhile, it can be combined with the secret sharing technique to further ensure the semi-trusted server cannot obtain local gradients of each client (i.e., protect the privacy of training data for client-side). Detailed security analysis and extensive experiments demonstrate that the proposed method can achieve privacy-preservation without sacrificing model accuracy and introducing too much extra costs.

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

Kang Wei,Jun Li,Ming Ding,Chuan Ma,Hang Su,Bo Zhang,H. Vincent Poor

2020-01-01

Abstract:As a means of decentralized machine learning, federated learning (FL) has recently drawn considerable attentions. One of the prominent advantages of FL is its capability of preventing clients' data from being directly exposed to external adversaries. Nevertheless, via a viewpoint of information theory, it is still possible for an attacker to steal private information from eavesdropping upon the shared models uploaded by FL clients. In order to address this problem, we develop a novel privacy preserving FL framework based on the concept of differential privacy (DP). To be specific, we first borrow the concept of local DP and introduce a client-level DP (CDP) by adding artificial noises to the shared models before uploading them to servers. Then, we prove that our proposed CDP algorithm can satisfy the DP guarantee with adjustable privacy protection levels by varying the variances of the artificial noises. More importantly, we derive a theoretical convergence upper-bound of the CDP algorithm. Our derived upper-bound reveals that there exists an optimal number of communication rounds to achieve the best convergence performance in terms of loss function values for a given privacy protection level. Furthermore, to obtain this optimal number of communication rounds, which cannot be derived in a closed-form expression, we propose a communication rounds discounting (CRD) method. Compared with the heuristic searching method, our proposed CRD can achieve a much better trade-off between the computational complexity of searching for the optimal number and the convergence performance. Extensive experiments indicate that our CDP algorithm with an optimization on the number of communication rounds using the proposed CRD can effectively improve both the FL training efficiency and FL model quality for a given privacy protection level.

Xiuting Gu,Zhu Tianqing,Jie Li,Tao Zhang,Wei Ren,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.cose.2022.102907

2022-11-01

Abstract:As applications of machine learning become increasingly widespread, the need to ensure model accuracy and fairness while protecting the privacy of user data becomes more pronounced. On this note, this paper introduces a federated learning training model, which allow clients to simultaneously learn their model and update the associated parameters on a centralized server. In our approach, we seek to achieve an acceptable trade-off between privacy, accuracy, and model fairness by using differential privacy (DP), which also helps to minimize privacy risks by protecting the presence of a specific sample in the training data. Machine learning models can, however, exhibit unintended behaviors, such as unfairness, which result in groups with certain sensitive characteristics (e.g., gender) receiving different patterns of outcomes. Hence, we discuss the fairness and privacy effect of local DP and global DP when applied to federated learning by designing a fair and privacy quantification mechanism. In doing so, we can achieve an acceptable trade-off between accuracy, privacy, and model fairness. We quantify the level of fairness based on the constraints of three definitions of fairness, including demographic parity, equal odds, and equality of opportunity. Finally, findings from our extensive experiments conducted on three real-world datasets with class imbalance demonstrate the positive effect of local and global DP on fairness. Our study also shows that privacy can come at the cost of fairness, as stricter privacy can intensify discrimination. Hence, we posit that careful parameter selection can potentially help achieve a more effective trade-off between utility, bias, and privacy.

computer science, information systems

Yuecheng Li,Tong Wang,Chuan Chen,Jian Lou,Bin Chen,Lei Yang,Zibin Zheng

2024-02-11

Abstract:To defend against privacy leakage of user data, differential privacy is widely used in federated learning, but it is not free. The addition of noise randomly disrupts the semantic integrity of the model and this disturbance accumulates with increased communication rounds. In this paper, we introduce a novel federated learning framework with rigorous privacy guarantees, named FedCEO, designed to strike a trade-off between model utility and user privacy by letting clients ''Collaborate with Each Other''. Specifically, we perform efficient tensor low-rank proximal optimization on stacked local model parameters at the server, demonstrating its capability to flexibly truncate high-frequency components in spectral space. This implies that our FedCEO can effectively recover the disrupted semantic information by smoothing the global semantic space for different privacy settings and continuous training processes. Moreover, we improve the SOTA utility-privacy trade-off bound by an order of $\sqrt{d}$, where $d$ is the input dimension. We illustrate our theoretical results with experiments on representative image datasets. It observes significant performance improvements and strict privacy guarantees under different privacy settings.

Artificial Intelligence,Cryptography and Security

Mengchu Li,Ye Tian,Yang Feng,Yi Yu

2024-04-09

Abstract:Federated learning is gaining increasing popularity, with data heterogeneity and privacy being two prominent challenges. In this paper, we address both issues within a federated transfer learning framework, aiming to enhance learning on a target data set by leveraging information from multiple heterogeneous source data sets while adhering to privacy constraints. We rigorously formulate the notion of \textit{federated differential privacy}, which offers privacy guarantees for each data set without assuming a trusted central server. Under this privacy constraint, we study three classical statistical problems, namely univariate mean estimation, low-dimensional linear regression, and high-dimensional linear regression. By investigating the minimax rates and identifying the costs of privacy for these problems, we show that federated differential privacy is an intermediate privacy model between the well-established local and central models of differential privacy. Our analyses incorporate data heterogeneity and privacy, highlighting the fundamental costs of both in federated learning and underscoring the benefit of knowledge transfer across data sets.

Machine Learning,Cryptography and Security,Statistics Theory,Methodology

Yulong Tian,Xiaopeng Ke,Zeyi Tao,Shaohua Ding,Fengyuan Xu,Qun Li,Hao Han,Sheng Zhong,Xinyi Fu

DOI: https://doi.org/10.1109/iwqos54832.2022.9812909

2022-01-01

Abstract:Federated learning, in contrast to traditional learning paradigms, has demonstrated its unique advantages in providing intelligence at the edge. However, existing federated learning approaches focus on the end-to-end classification tasks requiring a simple collaboration procedure where each participant can perform its local training independently. Unfortunately, there are still many tasks relying on learning the distinguishable feature metrics with respect to all the data, which is a different collaboration procedure across training participants. For example, the model for people identification has to ensure the feature representing a person is dissimilar to those representing others. To enable such federated learning for deep metrics (a.k.a federated deep metric learning) is challenging due to the data privacy and procedure robustness issues. With the consideration of these two challenges, this work proposes a novel computing framework for federated deep metric learning. This framework leverages the system-algorithm co-design to address privacy concerns via the Trusted Execution Environment (SGX enclave) and Differential Privacy mechanism. It also introduces a large-scale federated protocol which can robustly and efficiently deal with practical factors like the network fluctuation. We implement and evaluate our computing framework with two settings. One is a real-world implementation with a large number of mobile devices, while the other one is in our controllable environment for conducting experiments in various tasks. Our evaluation results show that our computing framework is able to train federated deep metric learning models with excellent scalability, data privacy preserving, and considerable accuracy even in exception conditions.

Jie Ling,Junchang Zheng,Jiahui Chen

DOI: https://doi.org/10.1016/j.cose.2024.103715

IF: 5.105

2024-01-24

Computers & Security

Abstract:Federated learning (FL) is a distributed machine learning method that effectively protects personal data. Many studies on federated learning assumed that all clients have consistent privacy parameters. However, in practice, different clients have different privacy requirements, and heterogeneous differential privacy can personalize privacy protection according to each client's privacy budget and requirements. In this study, we propose an improved efficient FL privacy preservation method with heterogeneous differential privacy, which can compute the corresponding privacy budget weights for each client according to noise size using the secure differential privacy stochastic gradient descent protocol, histogram of oriented gradients feature extraction and weighted averaging of the heterogeneous privacy budgets. Through this method, the noisier clients are given smaller privacy budgets weights to mitigate their negative impact on the aggregation model. Experiments comparing the baseline method were performed on the MNIST, fMNIST and cifar10 datasets. More precisely, the experimental results showed that our method improves the model accuracy by 6.68% and 7.18% of 20 to 50 clients and 16.08% and 17.37% of 60 to 100 clients, respectively. Moreover, the communication overhead time was reduced by 23.85%, which validates the effectiveness and usability of the proposed method.

computer science, information systems

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Xingcai Zhou,Guang Yang

DOI: https://doi.org/10.1016/j.ins.2024.120167

IF: 8.1

2024-01-21

Information Sciences

Abstract:Federated learning is a commonly distributed framework for large-scale learning, where a model is learned over massively distributed remote devices without sharing information on devices. It has at least three key challenges: heterogeneity in federated networks, privacy and communication costs. In this paper, we propose three federated learning algorithms to handle these issues gradually. First, we introduce a FedSfDane algorithm ( DANE with S hrinkage f actor for Fed erated learning), which improves the inexact approximation of the full gradient, captures statistical heterogeneity and restrains systems heterogeneity across the devices. For avoiding possible privacy leakage in federated learning, a P rivacy-preserving FedSfDane algorithm (PFedSfDane) is proposed, which is resistant to adversary attacks. Further, we give a novel C ommunication-efficient PFedSfDane (CPFedSfDane) algorithm for large-scale federated networks, which effectively handles the above three challenges. We give convergence guarantees for the three algorithms to convex and non-convex learning problems. Numerical experiments illustrate our algorithms outperform FedDANE, FedAvg and FedProx algorithms, especially for highly heterogeneous federated networks. CPFedSfDane improves the prediction accuracy of the state-of-the-art FedDANE algorithm by about 15.0% on sent140 dataset, and has high privacy protection and communication efficiency.

computer science, information systems

Alberto Bietti,Chen-Yu Wei,Miroslav Dudík,John Langford,Zhiwei Steven Wu

DOI: https://doi.org/10.48550/arXiv.2202.05318

IF: 5.414

2022-02-10

Machine Learning

Abstract:Large-scale machine learning systems often involve data distributed across a collection of users. Federated learning algorithms leverage this structure by communicating model updates to a central server, rather than entire datasets. In this paper, we study stochastic optimization algorithms for a personalized federated learning setting involving local and global models subject to user-level (joint) differential privacy. While learning a private global model induces a cost of privacy, local learning is perfectly private. We provide generalization guarantees showing that coordinating local learning with private centralized learning yields a generically useful and improved tradeoff between accuracy and privacy. We illustrate our theoretical results with experiments on synthetic and real-world datasets.

Jingwei Yi,Fangzhao Wu,Chuhan Wu,Ruixuan Liu,Guangzhong Sun,Xing Xie

DOI: https://doi.org/10.18653/v1/2021.emnlp-main.223

2021-01-01

Abstract:News recommendation is critical for personalized news access. Most existing news recommendation methods rely on centralized storage of users' historical news click behavior data, which may lead to privacy concerns and hazards. Federated Learning is a privacy-preserving framework for multiple clients to collaboratively train models without sharing their private data. However, the computation and communication cost of directly learning many existing news recommendation models in a federated way are unacceptable for user clients. In this paper, we propose an efficient federated learning framework for privacy-preserving news recommendation. Instead of training and communicating the whole model, we decompose the news recommendation model into a large news model maintained in the server and a light-weight user model shared on both server and clients, where news representations and user model are communicated between server and clients. More specifically, the clients request the user model and news representations from the server, and send their locally computed gradients to the server for aggregation. The server updates its global user model with the aggregated gradients, and further updates its news model to infer updated news representations. Since the local gradients may contain private information, we propose a secure aggregation method to aggregate gradients in a privacy-preserving way. Experiments on two real-world datasets show that our method can reduce the computation and communication cost on clients while keep promising model performance.

Tao Qi,Fangzhao Wu,Chuhan Wu,Yongfeng Huang,Xing Xie

2020-01-01

Abstract:News recommendation aims to display news articles to users based on their personal interest. Existing news recommendation methods rely on centralized storage of user behavior data for model training, which may lead to privacy concerns and risks due to the privacy-sensitive nature of user behaviors. In this paper, we propose a privacy-preserving method for news recommendation model training based on federated learning, where the user behavior data is locally stored on user devices. Our method can leverage the useful information in the behaviors of massive users to train accurate news recommendation models and meanwhile remove the need to centralized storage of them. More specifically, on each user device we keep a local copy of the news recommendation model, and compute gradients of the local model based on the user behaviors in this device. The local gradients from a group of randomly selected users are uploaded to server, which are further aggregated to update the global model in the server. Since the model gradients may contain some implicit private information, we apply local differential privacy (LDP) to them before uploading for better privacy protection. The updated global model is then distributed to each user device for local model update. We repeat this process for multiple rounds. Extensive experiments on a real-world dataset show the effectiveness of our method in news recommendation model training with privacy protection.

Qingxin Lin,Shui Jiang,Zihang Zhen,Tianchi Chen,Chenxiang Wei,Hui Lin

DOI: https://doi.org/10.1109/tce.2024.3351648

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:Consumer electronic devices often involve processing and analyzing a large amount of user personal data. Nevertheless, owing to apprehensions regarding privacy and security, users are hesitant to transmit this sensitive data to centralized cloud servers for training. The combination of mobile edge computing and federated learning (FL) enables local devices to access computational power and storage resources, allowing them to engage in distributed learning and model training while safeguarding user privacy. However, these resources are not unlimited. Furthermore, as artificial intelligence technology progresses, inference attacks have become a major threat to privacy in traditional federated learning. To address these challenges, we propose an innovative federated deep learning algorithm, called Fed-PEMC. This algorithm combines local differential privacy and model compression techniques. By leveraging deep reinforcement learning for model compression, Fed-PEMC reduces model size while maintaining model accuracy, improving communication efficiency. We also introduce customized label sampling to accelerate model training. Before uploading the model, we implement local differential privacy protection on the compressed model, reducing privacy budget and addressing privacy leakage caused by inference attacks. Theoretical analysis and experimental results validate that Fed-PEMC adheres to (ϵ, δ)-differential privacy and exhibits a communication cost linked to the model size. Experimental results show that compared to baseline algorithms, Fed-PEMC excels in ensuring privacy, maintaining model accuracy, and optimizing communication efficiency, and Fed-PEMC outperforms the baseline solution DP-Fed by 2.27 and 2.02 percentage points in testing accuracy on the Mnist and Cifar10 datasets, respectively.

telecommunications,engineering, electrical & electronic

Yong Li,Wei Du,Liquan Han,Zhenjian Zhang,Tongtong Liu

DOI: https://doi.org/10.3390/s23239305

IF: 3.9

2023-11-21

Sensors

Abstract:There are several unsolved problems in federated learning, such as the security concerns and communication costs associated with it. Differential privacy (DP) offers effective privacy protection by introducing noise to parameters based on rigorous privacy definitions. However, excessive noise addition can potentially compromise the accuracy of the model. Another challenge in federated learning is the issue of high communication costs. Training large-scale federated models can be slow and expensive in terms of communication resources. To address this, various model pruning algorithms have been proposed. To address these challenges, this paper introduces a communication-efficient, privacy-preserving FL algorithm based on two-stage gradient pruning and differentiated differential privacy, named IsmDP-FL. The algorithm leverages a two-stage approach, incorporating gradient pruning and differentiated differential privacy. In the first stage, the trained model is subject to gradient pruning, followed by the addition of differential privacy to the important parameters selected after pruning. Non-important parameters are pruned by a certain ratio, and differentiated differential privacy is applied to the remaining parameters in each network layer. In the second stage, gradient pruning is performed during the upload to the server for aggregation, and the final result is returned to the client to complete the federated learning process. Extensive experiments demonstrate that the proposed method ensures a high communication efficiency, maintains the model privacy, and reduces the unnecessary use of the privacy budget.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiuting Gu,Tianqing Zhu,Jie Li,Tao Zhang,Wei Ren

DOI: https://doi.org/10.1007/978-3-030-65745-1_25

2020-01-01

Abstract:Federated learning is a machine learning framework where many clients (e.g. mobile devices or whole organizations) collaboratively train a model under the orchestration of a central server (e.g. service provider), while keeping the training data decentralized. Naively minimizing an aggregate loss function in such a network may disproportionately advantage or disadvantage some of the clients. Thus, federated learning could raise "unfairness" according to some fairness metrics. Differential privacy is a privacy model used to protect privacy in federated learning with bounded leakage about the presence of a specific point in the training data. Previous work showed that a reduction in accuracy induced by deep private models disproportionately impacts underrepresented groups. This motivates us to analyze the impact of differential privacy on model fairness in federated learning. In this work, we conduct extensive experiments to evaluate the impact of differential privacy on model fairness in federated learning. Experiments show that, with a proper choice of parameters, differential privacy might improve fairness with an ignoble reduction on accuracy.