Ziwen Cheng,Yi Liu,Chao Wu,Yongqi Pan,Liushun Zhao,Xin Deng,Cheng Zhu

DOI: https://doi.org/10.1016/j.future.2024.06.035

IF: 7.307

2024-01-01

Future Generation Computer Systems

Abstract:Blockchain-based Federated Learning (BCFL) is gaining significant attention as a promising decentralized data sharing technology with privacy protection. Most existing BCFL frameworks loosely couple blockchain and Federated Learning (FL). FL transforms data sharing into model sharing, while blockchain decentralizes the model aggregation and handles security verification. However, this simplistic overlay of the two technologies often involves third-party blockchain peers, leading to inefficient workflows and potential privacy attacks from malicious blockchain peers. Some studies have proposed differential privacy with noise addition to prevent privacy attacks, yet most do not allow clients to customize privacy budgets, impacting data availability and limiting BCFL’s application in data sharing. To address these challenges, we first introduce a novel tightly-coupled BCFL framework that integrates training and mining at the client side. Under this framework, a totally decentralized data sharing process is established. Moreover, a Personalised Differential Privacy (PDP) mechanism is devised, enabling clients to add Laplace noise to model gradients based on custom privacy budgets. To achieve optimal privacy budgets, a privacy optimization mechanism based on Stackelberg games is proposed. It establishes utility functions for data requesters and providers, models the process of utility optimization as a Stackelberg game process, and obtains the optimal privacy budget while maximizing utility for all participants. This facilitates flexible and on-demand privacy-protected data sharing. Extensive experiments validate the effectiveness of our approach in enhancing system efficiency and facilitating flexible on-demand privacy-protected data sharing, further solidifying BCFL’s potential in decentralized data sharing scenarios.

Qian Chen,Zilong Wang,Yilin Zhou,Jiawei Chen,Dan Xiao,Xiaodong Lin

DOI: https://doi.org/10.48550/arXiv.2204.03843

2022-07-06

Abstract:Federated learning (FL) has sparked extensive interest in exploiting the private data on clients' local devices. However, the parameter server setting of FL not only has high bandwidth requirements, but also poses data privacy issues and a single point of failure. In this paper, we propose an efficient and privacy-preserving protocol, dubbed CFL, which is the first fine-grained global model training for FL in large-scale peer-to-peer (P2P) networks. Unlike previous FL in P2P networks, CFL aggregates local model update parameters hierarchically, which improves the communication efficiency facing large amounts of clients. Also, the aggregation in CFL is performed in a secure manner by introducing the authenticated encryption scheme, whose key is established through a random pairwise key scheme enhanced by a proposed voting-based key revocation mechanism. Rigorous analyses show that CFL guarantees the privacy and data integrity and authenticity of local model update parameters under two widespread threat models. More importantly, the proposed key revocation mechanism can effectively resist hijack attacks, thereby ensuring the confidentiality of the communication keys. Ingenious experiments on the Trec06p and Trec07 datasets show that the global model trained by CFL has good classification accuracy, model generalization, and rapid convergence rate, and the dropout-robustness of the system is achieved. Compared to the first global model training protocol for FL in P2P networks, PPT, CFL improves communication efficiency by 43.25%. Also, CFL outperforms PPT in terms of computational efficiency.

Cryptography and Security

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Xiaokang Zhou,Wei Liang,Kevin I-Kai Wang,Zheng Yan,Laurence T. Yang,Wei Wei,Jianhua Ma,Qun Jin

DOI: https://doi.org/10.1109/mwc.004.2200381

IF: 12.777

2023-04-21

IEEE Wireless Communications

Abstract:Swarms of mobile robots are being widely applied for complex tasks in various practical scenarios toward modern smart industry. Federated learning (FL) has been developed as a promising privacy-preserving paradigm to tackle distributed machine learning tasks for mobile robotic systems in 5G and beyond networks. However, unstable wireless network conditions of the complex and harsh working environment may lead to poor communication quality and bring big challenges to traditional centralized global training in FL models. In this article, a Peer-to-Peer (P2P) based Privacy-Perceiving Asynchronous Federated Learning (PPAFL) framework is introduced to realize the decentralized model training for secure and resilient modern mobile robotic systems in 5G and beyond networks. Specifically, a reputation-aware coordination mechanism is designed and addressed to coordinate a group of smart devices dynamically into a virtual cluster, in which the asynchronous model aggregation is conducted in a decentralized P2P manner. A secret sharing based communication mechanism is developed to ensure an encrypted P2P FL process, while a Secure Stochastic Gradient Descent (SSGD) scheme is integrated with an Autoencoder and a Gaussian mechanism is developed to ensure an anonymized local model update, communicating within a few neighboring clients. The case study based experiment and evaluation in three different application scenarios demonstrate that the PPAFL can effectively improve the security and resilience issues compared with the traditional centralized approaches for smart mobile robotic applications in 5G and beyond networks.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuliang Chen,Xi Lin,Gaolei Li,Lixing Chen,Jing Wang,Siyi Liao,Jianhua Li

DOI: https://doi.org/10.1109/cscwd61410.2024.10580732

2024-01-01

Abstract:Nowadays, collaborative federated learning (CFL) is developing rapidly in the Internet of Things (IoT), which allows clients to jointly train models without compromising private data. The existing research has studied alone either trust enhancement or privacy preservation issues in CFL. Due to the highly coupled nature of trust and privacy in a collaborative environment, it is worth investigating how to balance appropriate trust and privacy tradeoffs for realizing high-quality CFL. In this paper, we come up with the idea of "trading Trust for Privacy", and propose a novel socially-motivated personalized privacy-preserving federated learning (SP-PFL) framework, which aims to realize social trust-grained privacy protection. First, we design a social trust evaluation method among CFL clients, which is based on topological relation and attribute similarity. Based on the obtained trust value, we then propose a trust-grained privacy budget allocation strategy for SP-PFL, which could further adaptively adjust the differential privacy (DP) noise perturbation. Besides, we provide an analysis of privacy and convergence for our SP-PFL. Finally, we experiment with different models and parameter settings on different datasets. Extensive experimental results show that our method maintains personalized privacy and effectively improves the accuracy by 6.11% on the CNN model and MNIST dataset.

Mingzhe Chen,H. Vincent Poor,Walid Saad,Shuguang Cui

DOI: https://doi.org/10.48550/arXiv.2006.02499

2020-08-30

Abstract:Internet of Things (IoT) services will use machine learning tools to efficiently analyze various types of data collected by IoT devices for inference, autonomy, and control purposes. However, due to resource constraints and privacy challenges, edge IoT devices may not be able to transmit their collected data to a central controller for training machine learning models. To overcome this challenge, federated learning (FL) has been proposed as a means for enabling edge devices to train a shared machine learning model without data exchanges thus reducing communication overhead and preserving data privacy. However, Google's seminal FL algorithm requires all devices to be directly connected with a central controller, which significantly limits its application scenarios. In this context, this paper introduces a novel FL framework, called collaborative FL (CFL), which enables edge devices to implement FL with less reliance on a central controller. The fundamentals of this framework are developed and then, a number of communication techniques are proposed so as to improve the performance of CFL. To this end, an overview of centralized learning, Google's seminal FL, and CFL is first presented. For each type of learning, the basic architecture as well as its advantages, drawbacks, and usage conditions are introduced. Then, three CFL performance metrics are presented and a suite of communication techniques ranging from network formation, device scheduling, mobility management, and coding is introduced to optimize the performance of CFL. For each technique, future research opportunities are also discussed. In a nutshell, this article will showcase how the proposed CFL framework can be effectively implemented at the edge of large-scale wireless systems such as the Internet of Things.

Information Theory,Machine Learning

Yuan-Ai Xie,Jiawen Kang,Dusit Niyato,Nguyen Thi Thanh Van,Nguyen Cong Luong,Zhixin Liu,Han Yu

DOI: https://doi.org/10.48550/arXiv.2110.02221

2021-10-05

Abstract:Federated Learning Networks (FLNs) have been envisaged as a promising paradigm to collaboratively train models among mobile devices without exposing their local privacy data. Due to the need for frequent model updates and communications, FLNs are vulnerable to various attacks (e.g., eavesdropping attacks, inference attacks, poisoning attacks, and backdoor attacks). Balancing privacy protection with efficient distributed model training is a key challenge for FLNs. Existing countermeasures incur high computation costs and are only designed for specific attacks on FLNs. In this paper, we bridge this gap by proposing the Covert Communication-based Federated Learning (CCFL) approach. Based on the emerging communication security technique of covert communication which hides the existence of wireless communication activities, CCFL can degrade attackers' capability of extracting useful information from the FLN training protocol, which is a fundamental step for most existing attacks, and thereby holistically enhances the privacy of FLNs. We experimentally evaluate CCFL extensively under real-world settings in which the FL latency is optimized under given security requirements. Numerical results demonstrate the significant effectiveness of the proposed approach in terms of both training efficiency and communication security.

Cryptography and Security

Zhi Lu,Songfeng Lu,Yongquan Cui,Junjun Wu,Hewang Nie,Jue Xiao,Zepu Yi

DOI: https://doi.org/10.1007/978-3-031-69766-1_19

2024-01-01

Abstract:Federated learning (FL) is a distributed machine learning approach that reduces data transfer by aggregating gradients from multiple users. However, this process raises concerns about user privacy, leading to the emergence of privacy preserving FL. Unfortunately, this development poses new Byzantine-robustness challenges as poisoning attacks become difficult to detect. Existing byzantine-robust algorithms operate primarily in plaintext, and crucially, current byzantine-robust privacy FL methods fail to concurrently defend against adaptive attacks. In response, we propose a lightweight, byzantine-robust, and privacy-preserving federated learning framework (LRFL), employing shuffle functions and encryption masks to ensure privacy. In addition, we comprehensively calculate the similarity of the direction and magnitude of each gradient vector to ensure byzantine-robustness. To the best of our knowledge, LRFL is the first byzantine-robust privacy preserving FL capable of identifying malicious users based on gradient angles and magnitudes. What's more, the theoretical complexity of LRFL is O(dN + dN logN), comparable to byzantine-robust FL with user number N and gradient dimension d. Experimental results demonstrate that LRFL achieves similar accuracy to state-of-the-art methods under multiple attack scenarios.

Qian Chen,Zilong Wang,Wenjing Zhang,Xiaodong Lin

DOI: https://doi.org/10.1016/j.cose.2022.102966

2022-10-24

Abstract:The concept of Federated Learning (FL), which is vital to the development of machine learning, has emerged as a convergence of machine learning, information, and communication technology. However, general FL settings cannot meet requirements in decentralized environments, especially in peer-to-peer (P2P) networks, where a fully connected central server is unavailable due to limited communication ranges. In this paper, to satisfy the requirements of security, privacy preservation, and robustness in the context of FL in P2P networks, we propose a decentralized global model training protocol, named PPT. Particularly, PPT aggregates local model update parameters in a single-hop manner and uses the symmetric cryptosystem to ensure secure communications between network nodes where an enhanced Eschenauer-Gligor (E-G) scheme is proposed for secure key distribution. Further, PPT generates random noise for privacy preservation without reducing the model accuracy since the noise is eliminated ultimately. PPT also adopts game theory to resist collusion attacks. In addition, PPT has elaborate designs in terms of communication efficiency and dropout-robustness. Through extensive analysis, we demonstrate that PPT can resist various security threats and preserve user privacy. Ingenious experiments on Trec05, Trec06p, Trec07, and SMS Spam Collection v.1 confirm the 20 × and 12 × improvement of computation efficiency that PPT achieves compared to Google's Secure Aggregation and Local Differential Privacy (LDP)-based FL methods. More importantly, the global model trained by PPT is better than that trained by LDP-based FL methods in terms of prediction performance (about 14% and 1% improvement in convergence rate and accuracy).

computer science, information systems

Chenfei Nie,Qiang Li,Yuxin Yang,Yuede Ji,Binghui Wang

2024-07-29

Abstract:Federated learning (FL) is an emerging distributed learning paradigm without sharing participating clients' private data. However, existing works show that FL is vulnerable to both Byzantine (security) attacks and data reconstruction (privacy) attacks. Almost all the existing FL defenses only address one of the two attacks. A few defenses address the two attacks, but they are not efficient and effective enough. We propose BPFL, an efficient Byzantine-robust and provably privacy-preserving FL method that addresses all the issues. Specifically, we draw on state-of-the-art Byzantine-robust FL methods and use similarity metrics to measure the robustness of each participating client in FL. The validity of clients are formulated as circuit constraints on similarity metrics and verified via a zero-knowledge proof. Moreover, the client models are masked by a shared random vector, which is generated based on homomorphic encryption. In doing so, the server receives the masked client models rather than the true ones, which are proven to be private. BPFL is also efficient due to the usage of non-interactive zero-knowledge proof. Experimental results on various datasets show that our BPFL is efficient, Byzantine-robust, and privacy-preserving.

Cryptography and Security

Miao Yang,Ximin Wang,Hua Qian,Yongxin Zhu,Hongbin Zhu,Mohsen Guizani,Victor Chang

DOI: https://doi.org/10.1109/tii.2022.3149516

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:With the expected explosive use of the Internet of Everything in sixth generation (6G), the cybertwin network is able to convert user information to digital assets and provide extensive services. However, protecting and enhancing privacy of the processed and transmitted data in cybertwin-driven 6G is still in its infancy. Federated learning (FL) is a nascent distributed machine learning paradigm that is able to facilitate privacy protection in cybertwin networks. In a cybertwin network, imbalanced data distribution of the clients can increase the bias of the global model and sacrifice the performance of the FL model. Prior research work dealing with imbalanced data requires extra data information exchanged between clients and the server, which increases the risk of privacy leakage. To avoid privacy leakage, we design an estimation algorithm to determine the distribution of local data collected at the clients without the awareness of specific raw data. We consider two scenarios in FL: 1) the server could receive the individual trained model for each selected device and 2) the server could receive the aggregated model from the selected clients. We formulate two device selection problems to improve the training performance of the aforementioned scenarios. We develop two online learning algorithms to tackle the selection problems for both individual model uploading and aggregated model uploading. The proposed algorithms are conducted on the server, thereby avoiding privacy leakage and extra computation at the clients. We validate the effectiveness of the proposed client selection algorithms with sufficient experiments in cybertwin-driven 6G networks.

Junkai Wang,Ling Xiong,Zhicai Liu,Huan Wang,Chunlin Li

DOI: https://doi.org/10.1016/j.compeleceng.2024.109189

IF: 4.152

2024-03-21

Computers & Electrical Engineering

Abstract:Machine Learning as a Service (MLaaS) has been widely used, such as logistic regression models trained in the cloud to provide people with classification predictions. However, these services allow the cloud to collect data from a large number of users, which could raise privacy concerns. With sharing of local models rather than user data, Federated Learning (FL) alleviates data privacy. But, in FL setting the difference between the predictive value provided by the optimal model and the shared global model (called maturing model) that approximates it is not significant, which still raises a security risk. In this paper, we design a flexible and privacy-preserving FL system to tackle these issues. This system makes the training process divide into two stages by analyzing whether the metrics of the iterative global gradient reach a set threshold or not. The two stages are implemented with Re-Encryption and CKKS homomorphism, which not only enables a secure aggregation in the cloud, but also maintains the security of the maturing model. Through detailed analysis, we prove the security of our protocol. Moreover, quantitative comparisons in the final experiments demonstrates that our scheme can achieve trade-off between accuracy, training time cost and communication overhead.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Hongyang Yan,Li Hu,Xiaoyu Xiang,Zheli Liu,Xu Yuan

DOI: https://doi.org/10.1016/j.ins.2020.09.064

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>Collaborative learning and related techniques such as federated learning, allow multiple clients to train a model jointly while keeping their datasets at local. <em>Secure Aggregation</em> in most existing works focus on protecting model gradients from the server. However, an dishonest user could still easily get the privacy information from the other users. It remains a challenge to propose an effective solution to prevent information leakage against dishonest users.</p><p>To tackle this challenge, we propose a novel and effective privacy-preserving collaborative machine learning scheme, targeting at preventing information leakage agains adversaries. Specifically, we first propose a privacy-preserving network transformation method by utilizing Random-Permutation in Software Guard Extensions(SGX), which protects the model parameters from being inferred by a curious server and dishonest clients. Then, we apply Partial-Random Uploading mechanism to mitigate the information inference through visualizations. To further enhance the efficiency, we introduce network pruning operation and employ it to accelerate the convergence of training. We present the formal security analysis to demonstrate that our proposed scheme can preserve privacy while ensuring the convergence and accuracy of secure aggregation. We conduct experiments to show the performance of our solution in terms of accuracy and efficiency. The experimental results show that the proposed scheme is practical.</p>

computer science, information systems

Meng Hao,Hongwei Li,Guowen Xu,Hanxiao Chen,Tianwei Zhang

DOI: https://doi.org/10.1145/3485832.3488014

2021-12-06

Abstract:Federated learning (FL) has demonstrated tremendous success in various mission-critical large-scale scenarios. However, such promising distributed learning paradigm is still vulnerable to privacy inference and byzantine attacks. The former aims to infer the privacy of target participants involved in training, while the latter focuses on destroying the integrity of the constructed model. To mitigate the above two issues, a few works recently explored unified solutions by utilizing generic secure computation techniques and common byzantine-robust aggregation rules, but there are two major limitations: 1) they suffer from impracticality due to efficiency bottlenecks, and 2) they are still vulnerable to various types of attacks because of model incomprehensiveness. To approach the above problems, in this paper, we present SecureFL, an efficient, private and byzantine-robust FL framework. SecureFL follows the state-of-the-art byzantine-robust FL method (FLTrust NDSS’21), which performs comprehensive byzantine defense by normalizing the updates’ magnitude and measuring directional similarity, adapting it to the privacy-preserving context. More importantly, we carefully customize a series of cryptographic components. First, we design a crypto-friendly validity checking protocol that functionally replaces the normalization operation in FLTrust, and further devise tailored cryptographic protocols on top of it. Benefiting from the above optimizations, the communication and computation costs are reduced by half without sacrificing the robustness and privacy protection. Second, we develop a novel preprocessing technique for costly matrix multiplication. With this technique, the directional similarity measurement can be evaluated securely with negligible computation overhead and zero communication cost. Extensive evaluations conducted on three real-world datasets and various neural network architectures demonstrate that SecureFL outperforms prior art up to two orders of magnitude in efficiency with state-of-the-art byzantine robustness.

Jue Xiao,Xueming Tang,Songfeng Lu

DOI: https://doi.org/10.1109/TMLCN.2023.3344074

2024-01-01

Abstract:Federated Learning (FL) offers a collaborative training framework, aggregating model parameters from decentralized clients. Many existing models, however, assume static, predetermined data classes within FLa frequently unrealistic assumption. Real-time data additions from clients can degrade global model recognition of established classes due to catastrophic forgetting. This is exacerbated when new clients, unfamiliar to previous participants, join sporadically. Additionally, there’s an imperative for client data privacy. Addressing these, we propose the Privacy-Preserving Federated Class-Incremental Learning (PP-FCIL) approach. This methodology ensures content-level privacy and significantly alleviates the risk of catastrophic forgetting in FCIL. To our knowledge, this is the first research seeks to embed differential privacy into the FCIL settings. Specifically, we introduce a dual-model structure that uses adaptive fusion of new and old knowledge to obtain a new global model. We also propose a multi-factor dynamic weighted aggregation strategy that considers several factors, such as data imbalance timeliness of the model, to speed up global model aggregation and accuracy. For privacy protection, we use Bayesian differential privacy to provide more balanced privacy protection for different datasets. Finally, we conducted experiments on CIFAR-100 and ImageNet to compare our method with other methods and verify its superiority.

Jia Huang,Zhen Chen,Shengzheng Liu,Haixia Long,Huang,Chen,Liu,Long

DOI: https://doi.org/10.3390/electronics13040783

IF: 2.9

2024-02-17

Electronics

Abstract:With the rapid development of 6G networks, data transmission speed has significantly increased, making data privacy protection issues even more crucial. The federated learning (FL) is a distributed machine learning framework with privacy protection and secure encryption technology, aimed at enabling dispersed participants to collaborate on model training without disclosing private data to other participants. Nonetheless, recent research indicates that the exchange of shared gradients may lead to information disclosure, and thus FL still needs to address privacy concerns. Additionally, FL relies on a large number of diverse training data to forge efficient models, but in reality, the training data available to clients are limited, and data imbalance issues lead to over fitting in existing federated learning models. To alleviate these issues, we introduce a Novel Federated Learning Framework based on Conditional Generative Adversarial Networks (NFL-CGAN). NFL-CGAN divides the local networks of each client into private and public modules. The private module contains an extractor and a discriminator to protect privacy by retaining them locally. Conversely, the public module is shared with the server to aggregate the shared knowledge of clients, thereby improving the performance of each client local network. Comprehensive experimental analyses demonstrate that NFL-CGAN surpasses traditional FL baseline methods in data classification, showcasing its superior efficacy. Moreover, privacy assessments also verified robust and reliable privacy protection capabilities of NFL-CGAN.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiaojin Zhang,Yan Kang,Kai Chen,Lixin Fan,Qiang Yang

DOI: https://doi.org/10.1145/3595185

IF: 5

2023-05-05

ACM Transactions on Intelligent Systems and Technology

Abstract:Federated learning (FL) enables participating parties to collaboratively build a global model with boosted utility without disclosing private data information. Appropriate protection mechanisms have to be adopted to fulfill the opposing requirements in preserving privacy and maintaining high model utility . In addition, it is a mandate for a federated learning system to achieve high efficiency in order to enable large-scale model training and deployment. We propose a unified federated learning framework that reconciles horizontal and vertical federated learning. Based on this framework, we formulate and quantify the trade-offs between privacy leakage, utility loss, and efficiency reduction, which leads us to the No-Free-Lunch (NFL) theorem for the federated learning system. NFL indicates that it is unrealistic to expect an FL algorithm to simultaneously provide excellent privacy, utility, and efficiency in certain scenarios. We then analyze the lower bounds for the privacy leakage, utility loss, and efficiency reduction for several widely-adopted protection mechanisms, including Randomization , Homomorphic Encryption , Secret Sharing and Compression . Our analysis could serve as a guide for selecting protection parameters to meet particular requirements.

computer science, information systems, artificial intelligence

Xinghao Wu,Xuefeng Liu,Jianwei Niu,Guogang Zhu,Shaojie Tang

2023-09-20

Abstract:Personalized federated learning (PFL) reduces the impact of non-independent and identically distributed (non-IID) data among clients by allowing each client to train a personalized model when collaborating with others. A key question in PFL is to decide which parameters of a client should be localized or shared with others. In current mainstream approaches, all layers that are sensitive to non-IID data (such as classifier layers) are generally personalized. The reasoning behind this approach is understandable, as localizing parameters that are easily influenced by non-IID data can prevent the potential negative effect of collaboration. However, we believe that this approach is too conservative for collaboration. For example, for a certain client, even if its parameters are easily influenced by non-IID data, it can still benefit by sharing these parameters with clients having similar data distribution. This observation emphasizes the importance of considering not only the sensitivity to non-IID data but also the similarity of data distribution when determining which parameters should be localized in PFL. This paper introduces a novel guideline for client collaboration in PFL. Unlike existing approaches that prohibit all collaboration of sensitive parameters, our guideline allows clients to share more parameters with others, leading to improved model performance. Additionally, we propose a new PFL method named FedCAC, which employs a quantitative metric to evaluate each parameter's sensitivity to non-IID data and carefully selects collaborators based on this evaluation. Experimental results demonstrate that FedCAC enables clients to share more parameters with others, resulting in superior performance compared to state-of-the-art methods, particularly in scenarios where clients have diverse distributions.

Machine Learning

Honghong Zeng,Jie Li,Jiong Lou,Shijing Yuan,Chentao Wu,Wei Zhao,Sijin Wu,Zhiwen Wang

DOI: https://doi.org/10.1109/tc.2024.3404102

IF: 3.183

2024-01-01

IEEE Transactions on Computers

Abstract:Federated learning (FL) is a technique that enables clients to collaboratively train a model by sharing local models instead of raw private data. However, existing reconstruction attacks can recover the sensitive training samples from the shared models. Additionally, the emerging poisoning attacks also pose severe threats to the security of FL. However, most existing Byzantine-robust privacy-preserving federated learning solutions either reduce the accuracy of aggregated models or introduce significant computation and communication overheads. In this paper, we propose a novel B lockchain-based S ecure and R obust F ederated L earning (BSR-FL) framework to mitigate reconstruction attacks and poisoning attacks. BSR-FL avoids accuracy loss while ensuring efficient privacy protection and Byzantine robustness. Specifically, we first construct a lightweight non-interactive functional encryption (NIFE) scheme to protect the privacy of local models while maintaining high communication performance. Then, we propose a privacy-preserving defensive aggregation strategy based on NIFE, which can resist encrypted poisoning attacks without compromising model privacy through secure cosine similarity and incentive-based Byzantine-tolerance aggregation. Finally, we utilize the blockchain system to assist in facilitating the processes of federated learning and the implementation of protocols. Extensive theoretical analysis and experiments demonstrate that our new BSR-FL has enhanced privacy security, robustness, and high efficiency.