Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

2024-05-31

Abstract:With the emergence of privacy leaks in federated learning, secure aggregation protocols that mainly adopt either homomorphic encryption or threshold secret sharing have been widely developed for federated learning to protect the privacy of the local training data of each client. However, these existing protocols suffer from many shortcomings, such as the dependence on a trusted third party, the vulnerability to clients being corrupted, low efficiency, the trade-off between security and fault tolerance, etc. To solve these disadvantages, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully modify the variant ElGamal encryption technique to achieve homomorphic addition operation, which has two important advantages: 1) The server and each client can freely select public and private keys without introducing a trust third party and 2) Compared to the variant ElGamal encryption, the plaintext space is relatively large, which is more suitable for the deep model. Besides, for the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into 1-D, which can greatly reduce encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme achieves the semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating both client collusion and dropped clients. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art homomorphic encryption-based secure aggregation schemes. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Xue Yang,Zifeng Liu,Xiaohu Tang,Rongxing Lu,Bo Liu

DOI: https://doi.org/10.1109/tsc.2024.3451165

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:In light of the emergence of privacy breaches in federated learning, secure aggregation protocols, which mainly adopt either homomorphic encryption or threshold secret sharing techniques, have been extensively developed to preserve the privacy of each client's local gradient. Nevertheless, many existing schemes suffer from either poor capability of privacy protection or expensive computational and communication overheads. Accordingly, in this paper, we propose an efficient and multi-private key secure aggregation scheme for federated learning. Specifically, we skillfully design a multi-private key secure aggregation algorithm that achieves homomorphic addition operation, with two important benefits: 1) both the server and each client can freely select public and private keys without introducing a trusted third party, and 2) the plaintext space is relatively large, making it more suitable for deep models. Besides, for dealing with the high dimensional deep model parameter, we introduce a super-increasing sequence to compress multi-dimensional data into one dimension, which greatly reduces encryption and decryption times as well as communication for ciphertext transmission. Detailed security analyses show that our proposed scheme can achieve semantic security of both individual local gradients and the aggregated result while achieving optimal robustness in tolerating client collusion. Extensive simulations demonstrate that the accuracy of our scheme is almost the same as the non-private approach, while the efficiency of our scheme is much better than the state-of-the-art baselines. More importantly, the efficiency advantages of our scheme will become increasingly prominent as the number of model parameters increases.

computer science, information systems, software engineering

Hasin Us Sami,Başak Güler

DOI: https://doi.org/10.1109/tcomm.2024.3366394

IF: 6.166

2024-01-01

IEEE Transactions on Communications

Abstract:Clustered federated learning is a popular paradigm to tackle data heterogeneity in federated learning, by training personalized models for groups of users with similar data distributions. A critical challenge is to protect the privacy of individual user updates, as the latter can reveal extensive information about sensitive local datasets. To do so, a recent promising approach is information-theoretic secure aggregation, where parties learn the aggregate (sum) of user updates, but no further information is revealed about the individual updates. In this work, we present the first single-server secure aggregation framework in the context of clustered federated learning, to learn the aggregate of user updates for any clustering of users, but without learning any information about the local updates or cluster identities. Our framework can achieve linear communication complexity under formal information-theoretic privacy guarantees, while providing key trade-offs between communication and computation complexity, adversary tolerance, and resilience to user dropouts.

telecommunications,engineering, electrical & electronic

Jinhyun So,Ramy E. Ali,Basak Guler,Jiantao Jiao,Salman Avestimehr

2023-07-27

Abstract:Secure aggregation is a critical component in federated learning (FL), which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of FL. In fact, we show that the conventional random user selection strategies in FL lead to leaking users' individual models within number of rounds that is linear in the number of users. To address this challenge, we introduce a secure aggregation framework, Multi-RoundSecAgg, with multi-round privacy guarantees. In particular, we introduce a new metric to quantify the privacy guarantees of FL over multiple training rounds, and develop a structured user selection strategy that guarantees the long-term privacy of each user (over any number of training rounds). Our framework also carefully accounts for the fairness and the average number of participating users at each round. Our experiments on MNIST and CIFAR-10 datasets in the IID and the non-IID settings demonstrate the performance improvement over the baselines, both in terms of privacy protection and test accuracy.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Fucai Luo,Saif Al-Kuwari,Haiyan Wang,Xingfu Yan

2023-05-22

Abstract:Federated learning (FL) allows a large number of clients to collaboratively train machine learning (ML) models by sending only their local gradients to a central server for aggregation in each training iteration, without sending their raw training data. Unfortunately, recent attacks on FL demonstrate that local gradients may leak information about local training data. In response to such attacks, Bonawitz \textit{et al.} (CCS 2017) proposed a secure aggregation protocol that allows a server to compute the sum of clients' local gradients in a secure manner. However, their secure aggregation protocol requires at least 4 rounds of communication between each client and the server in each training iteration. The number of communication rounds is closely related not only to the total communication cost but also the ML model accuracy, as the number of communication rounds affects client dropouts. In this paper, we propose FSSA, a 3-round secure aggregation protocol, that is efficient in terms of computation and communication, and resilient to client dropouts. We prove the security of FSSA in honest-but-curious setting and show that the security can be maintained even if an arbitrarily chosen subset of clients drop out at any time. We evaluate the performance of FSSA and show that its computation and communication overhead remains low even on large datasets. Furthermore, we conduct an experimental comparison between FSSA and Bonawitz \textit{et al.}'s protocol. The comparison results show that, in addition to reducing the number of communication rounds, FSSA achieves a significant improvement in computational efficiency.

Cryptography and Security

Yiwei Zhang,Rouzbeh Behnia,Attila A. Yavuz,Reza Ebrahimi,Elisa Bertino

2024-10-18

Abstract:Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. However, data privacy remains vulnerable, as attacks can target user training data by exploiting the updates sent by users during each learning iteration. Secure aggregation protocols are designed to mask/encrypt user updates and enable a central server to aggregate the masked information. MicroSecAgg (PoPETS 2024) proposes a single server secure aggregation protocol that aims to mitigate the high communication complexity of the existing approaches by enabling a one-time setup of the secret to be re-used in multiple training iterations. In this paper, we identify a security flaw in the MicroSecAgg that undermines its privacy guarantees. We detail the security flaw and our attack, demonstrating how an adversary can exploit predictable masking values to compromise user privacy. Our findings highlight the critical need for enhanced security measures in secure aggregation protocols, particularly the implementation of dynamic and unpredictable masking strategies. We propose potential countermeasures to mitigate these vulnerabilities and ensure robust privacy protection in the secure aggregation frameworks.

Cryptography and Security,Machine Learning

Jiale Guo,Ziyao Liu,Kwok-Yan Lam,Jun Zhao,Yiqiang Chen,Chaoping Xing

2020-01-01

Abstract: Federated learning (FL) schemes enable multiple clients to jointly solve a machine learning problem using their local data to train a local model, then aggregating these models under the coordination of a central server. To achieve such a practical FL system, we need to consider (i) how to deal with the disparity across clients' datasets, and (ii) how to further protect the privacy of clients' locally trained models, which may leak information. The first concern can be addressed using a weighted aggregation scheme where the weights of clients are determined based on their data size and quality. Approaches in previous works result in a good performance but do not provide any privacy guarantee. For the second concern, privacy-preserving aggregation schemes can provide privacy guarantees that can be mathematically analyzed. However, the security issue still exists that both the central server and clients may send fraudulent messages to each other for their own benefits, especially if there is an incentive mechanism where the reward provided by the server is distributed according to clients' weights. To address the issues mentioned above, we propose a secure weighted aggregation scheme. Precisely, relying on the homomorphic encryption (HE) crypto-system, each client's weight is calculated in a privacy-preserving manner. Furthermore, we adopt a zero-knowledge proof (ZKP) based verification scheme to prevent the central server and clients from receiving fraudulent messages from each other. To the best of our knowledge, this work proposes the first aggregation scheme to deal with data disparity and fraudulent messages in the FL system from both privacy and security perspective.

Kai Wan,Xin Yao,Hua Sun,Mingyue Ji,Giuseppe Caire

DOI: https://doi.org/10.1109/tit.2024.3422087

IF: 2.5

2024-08-24

IEEE Transactions on Information Theory

Abstract:Secure aggregation, which is a core component of federated learning, aggregates locally trained models from distributed users at a central server. The "secure" nature of such aggregation consists of the fact that no information about the local users' data must be leaked to the server except the aggregated local models. In order to guarantee security, some keys may be shared among the users (this is referred to as the key sharing phase). After the key sharing phase, each user masks its trained model which is then sent to the server (this is referred to as the model aggregation phase). This paper follows the information theoretic secure aggregation problem originally formulated by Zhao and Sun, with the objective to characterize the minimum communication cost from the users in the model aggregation phase. Due to user dropouts, which are common in real systems, the server may not receive all messages from the users. A secure aggregation scheme should tolerate the dropouts of at most users, where is a system parameter. The optimal communication cost is characterized by Zhao and Sun, but with the assumption that the keys stored by the users could be any random variables with arbitrary dependency. On the motivation that uncoded groupwise keys are more convenient to be shared and could be used in large range of applications besides federated learning, in this paper we add one constraint into the above problem, namely, that the key variables are mutually independent and each key is shared by a group of users, where is another system parameter. To the best of our knowledge, all existing secure aggregation schemes (with information theoretic security or computational security) assign coded keys to the users. We show that if , a new secure aggregation scheme with uncoded groupwise keys can achieve the same optimal communication cost as the best scheme with coded keys; if , uncoded groupwise key sharing is strictly sub-optimal. Finally, we also implement our proposed secure aggregation scheme into Amazon EC2, which are then compared with the existing secure aggregation schemes with offline key sharing.

computer science, information systems,engineering, electrical & electronic

Jiale Guo,Ziyao Liu,Kwok‐Yan Lam,Jun Zhao,Yiqiang Chen,Chaoping Xing

DOI: https://doi.org/10.48550/arxiv.2010.08730

2020-01-01

Abstract:The pervasive adoption of Internet-connected digital services has led to a growing concern in the personal data privacy of their customers. On the other hand, machine learning (ML) techniques have been widely adopted by digital service providers to improve operational productivity and customer satisfaction. ML inevitably accesses and processes users' personal data, which could potentially breach the relevant privacy protection regulations if not performed carefully. The situation is exacerbated by the cloud-based implementation of digital services when user data are captured and stored in distributed locations, hence aggregation of the user data for ML could be a serious breach of privacy regulations. In this backdrop, Federated Learning (FL) is an emerging area that allows ML on distributed data without the data leaving their stored location. However, depending on the nature of the digital services, data captured at different locations may carry different significance to the business operation, hence a weighted aggregation will be highly desirable for enhancing the quality of the FL-learned model. Furthermore, to prevent leakage of user data from the aggregated gradients, cryptographic mechanisms are needed to allow secure aggregation of FL. In this paper, we propose a privacy-enhanced FL scheme for supporting secure weighted aggregation. Besides, by devising a verification protocol based on Zero-Knowledge Proof (ZKP), the proposed scheme is capable of guarding against fraudulent messages from FL participants. Experimental results show that our scheme is practical and secure. Compared to existing FL approaches, our scheme achieves secure weighted aggregation with an additional security guarantee against fraudulent messages with an affordable 1.2 times runtime overheads and 1.3 times communication costs.

Lingchen Zhao,Jianlin Jiang,Bo Feng,Qian Wang,Chao Shen,Qi Li

DOI: https://doi.org/10.1109/tdsc.2021.3093711

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Federated learning facilitates the collaborative training of a global model among distributed clients without sharing their training data. Secure aggregation, a new security primitive for federated learning, aims to preserve the confidentiality of both local models and training data. Unfortunately, existing secure aggregation solutions fail to defend against Byzantine failures that are common in distributed computing systems. In this work, we propose a new secure and efficient aggregation framework, SEAR, for Byzantine-robust federated learning. Relying on the trusted execution environment, i.e., Intel SGX, SEAR protects clients’ private models while enabling Byzantine resilience. Considering the limitation of the current Intel SGX's architecture (i.e., the limited trusted memory), we propose two data storage modes to efficiently implement aggregation algorithms efficiently in SGX. Moreover, to balance the efficiency and performance of aggregation, we propose a sampling-based method to efficiently detect Byzantine failures without degrading the global model's performance. We implement and evaluate SEAR in a LAN environment, and the experiment results show that SEAR is computationally efficient and robust to Byzantine adversaries. Compared to the previous practical secure aggregation framework, SEAR improves aggregation efficiency by 4-6 times while supporting Byzantine resilience at the same time.

Diogo Pereira,Paulo Ricardo Reis,Fábio Borges

DOI: https://doi.org/10.3390/s24041299

IF: 3.9

2024-02-17

Sensors

Abstract:In the era of big data, millions and millions of data are generated every second by different types of devices. Training machine-learning models with these data has become increasingly common. However, the data used for training are often sensitive and may contain information such as medical, banking, or consumer records, for example. These data can cause problems in people's lives if they are leaked and also incur sanctions for companies that leak personal information for any reason. In this context, Federated Learning emerges as a solution to the privacy of personal data. However, even when only the gradients of the local models are shared with the central server, some attacks can reconstruct user data, allowing a malicious server to violate the FL principle, which is to ensure the privacy of local data. We propose a secure aggregation protocol for Decentralized Federated Learning, which does not require a central server to orchestrate the aggregation process. To achieve this, we combined a Multi-Secret-Sharing scheme with a Dining Cryptographers Network. We validate the proposed protocol in simulations using the MNIST handwritten digits dataset. This protocol achieves results comparable to Federated Learning with the FedAvg protocol while adding a layer of privacy to the models. Furthermore, it obtains a timing performance that does not significantly affect the total training time, unlike protocols that use Homomorphic Encryption.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Krishna Pillutla,Sham M. Kakade,Zaid Harchaoui

DOI: https://doi.org/10.1109/TSP.2022.3153135

2022-01-17

Abstract:Federated learning is the centralized training of statistical models from decentralized data on mobile devices while preserving the privacy of each device. We present a robust aggregation approach to make federated learning robust to settings when a fraction of the devices may be sending corrupted updates to the server. The approach relies on a robust aggregation oracle based on the geometric median, which returns a robust aggregate using a constant number of iterations of a regular non-robust averaging oracle. The robust aggregation oracle is privacy-preserving, similar to the non-robust secure average oracle it builds upon. We establish its convergence for least squares estimation of additive models. We provide experimental results with linear models and deep networks for three tasks in computer vision and natural language processing. The robust aggregation approach is agnostic to the level of corruption; it outperforms the classical aggregation approach in terms of robustness when the level of corruption is high, while being competitive in the regime of low corruption. Two variants, a faster one with one-step robust aggregation and another one with on-device personalization, round off the paper.

Machine Learning,Cryptography and Security

Rouzbeh Behnia,Mohammadreza Ebrahimi,Arman Riasi,Sherman S. M. Chow,Balaji Padmanabhan,Thang Hoang

2023-08-31

Abstract:Secure aggregation protocols ensure the privacy of users' data in the federated learning settings by preventing the disclosure of users' local gradients. Despite their merits, existing aggregation protocols often incur high communication and computation overheads on the participants and might not be optimized to handle the large update vectors for machine learning models efficiently. This paper presents e-SeaFL, an efficient, verifiable secure aggregation protocol taking one communication round in aggregation. e-SeaFL allows the aggregation server to generate proof of honest aggregation for the participants. Our core idea is to employ a set of assisting nodes to help the aggregation server, under similar trust assumptions existing works placed upon the participating users. For verifiability, e-SeaFL uses authenticated homomorphic vector commitments. Our experiments show that the user enjoys five orders of magnitude higher efficiency than the state of the art (PPML 2022) for a gradient vector of a high dimension up to $100,000$.

Cryptography and Security

Siqing Zhang,Yong Liao,Pengyuan Zhou

DOI: https://doi.org/10.48550/arXiv.2312.04937

2023-12-11

Abstract:Leveraging federated learning (FL) to enable cross-domain privacy-sensitive data mining represents a vital breakthrough to accomplish privacy-preserving learning. However, attackers can infer the original user data by analyzing the uploaded intermediate parameters during the aggregation process. Therefore, secure aggregation has become a critical issue in the field of FL. Many secure aggregation protocols face the problem of high computation costs, which severely limits their applicability. To this end, we propose AHSecAgg, a lightweight secure aggregation protocol using additive homomorphic masks. AHSecAgg significantly reduces computation overhead without compromising the dropout handling capability or model accuracy. We prove the security of AHSecAgg in semi-honest and active adversary settings. In addition, in cross-silo scenarios where the group of participants is relatively fixed during each round, we propose TSKG, a lightweight Threshold Signature based masking key generation method. TSKG can generate different temporary secrets and shares for different aggregation rounds using the initial key and thus effectively eliminates the cost of secret sharing and key agreement. We prove TSKG does not sacrifice security. Extensive experiments show that AHSecAgg significantly outperforms state-of-the-art mask-based secure aggregation protocols in terms of computational efficiency, and TSKG effectively reduces the computation and communication costs for existing secure aggregation protocols.

Cryptography and Security

Ning Li,Ming Zhou,Haiyang Yu,Yuwen Chen,Zhen Yang

DOI: https://doi.org/10.1109/jiot.2023.3330813

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:As many countries have promulgated laws to protect users’ data privacy, how to legally use users’ data has become a hot topic. With the emergence of federated learning (also known as collaborative learning), multiple participants can create a common, robust, and secure machine learning model while addressing key issues in data sharing such as privacy, security, accessibility, etc. Unfortunately, existing research shows that federated learning is not as secure as it claims, gradient leakage and the correctness of aggregation results are still key problems. Recently, some scholars try to address these security problems in federated learning by cryptography and verification techniques. However, there are some issues in this scheme that remain unsolved. First, some solutions cannot guarantee the correctness of the aggregation results. Second, existing state-of-the-art federated learning schemes have a costly computational and communication overhead. In this paper, we propose SVFLC, a secure and verifiable federated learning scheme with chain aggregation to solve these problems. We first design a privacy-preserving method that can solve the problem of gradient leakage and defend against collusion attacks by semi-honest users. Then, we create a verifiable method based on a homomorphic hash function, which can ensure the correctness of the weighted aggregation results. Besides, the SVFLC can also track users who encounter calculation errors during the aggregation process. Additionally, the extensive experiment results on real-world datasets demonstrate that the SVFLC is efficient, compared with other solutions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yuqi Zhang,Xiangyang Li,Qingcai Luo,Yang Wang,Yanzhao Shen

DOI: https://doi.org/10.1145/3625343.3625344

2023-01-01

Abstract:In recent years, Federal Learning has received much attention becourse it can train models by updating gradients without contacting users’ true data. However, adversaries also can track users’ privacy from the shared gradient. In this paper, we aim to solve three major issues during the process of federated learning: 1) how to protect users’ privacy during training; 2) How to verify the correctness of the aggregation results returned from the server; 3) How to reduce communication costs while ensuring training security. So we propose a verifiable aggregation scheme that can effectively verify the results of server aggregation. Specifically, we follow the classic double mask aggregation scheme, and use Paillier homomorphic encryption algorithm to implement the message authentication code with additive homomorphic property. Users can compare their local codes with server’s aggregation results to verify the correctness of the aggregation results and improve model’s accuracy. In our framework, we adopt a Top-k gradient selection scheme to reduce models’ communication and computing overhead. Experimental results indicate that our training framework is feasible and efficient.

Dario Pasquini,Danilo Francati,Giuseppe Ateniese

DOI: https://doi.org/10.48550/arXiv.2111.07380

2022-09-06

Abstract:Secure aggregation is a cryptographic protocol that securely computes the aggregation of its inputs. It is pivotal in keeping model updates private in federated learning. Indeed, the use of secure aggregation prevents the server from learning the value and the source of the individual model updates provided by the users, hampering inference and data attribution attacks. In this work, we show that a malicious server can easily elude secure aggregation as if the latter were not in place. We devise two different attacks capable of inferring information on individual private training datasets, independently of the number of users participating in the secure aggregation. This makes them concrete threats in large-scale, real-world federated learning applications. The attacks are generic and equally effective regardless of the secure aggregation protocol used. They exploit a vulnerability of the federated learning protocol caused by incorrect usage of secure aggregation and lack of parameter validation. Our work demonstrates that current implementations of federated learning with secure aggregation offer only a "false sense of security".

Machine Learning,Cryptography and Security

Caihong Wu,Jihua Liu

DOI: https://doi.org/10.1016/j.comnet.2024.110542

IF: 5.493

2024-06-06

Computer Networks

Abstract:Federated learning (FL) is a cutting-edge machine learning architecture that effectively meets the data and model training requirements of numerous businesses, while ensuring privacy protection, data security, and adherence to legal constraints. However, recent studies have demonstrated that attackers can deduce users' personal data from their shared model parameters, thus underscoring a substantial security risk for federated learning. Despite considerable efforts by academics to address this issue, current approaches suffer from drawbacks such as high communication and processing costs, insufficient robustness, and heavy reliance on trusted third parties. In this paper, we present the smart contract assisted secure aggregation scheme (SCSA) to overcome the aforementioned problems. First, we creatively offer a three-layer secure aggregation architecture that is particularly suitable for scenarios involving multiple sensors used in model training. Secondly, to ensure the credibility of the identities between participating entities in the model parameters aggregation process of FL, a novel certificateless authentication mechanism relying on certificateless encryption is provided. Moreover, for the sake of enhancing the security of the aggregation process in FL, we employ a combination of smart contracts and secret sharing techniques to distribute security masks to users in a decentralized and highly secure manner. It also combines with secure communication to create a double fault tolerance mechanism that significantly boosts the whole system's robustness. The effectiveness of our approach in achieving secure aggregation is substantiated through theoretical analysis and simulated trials, while simultaneously ensuring strong security and robustness.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Irem Ergun,Hasin Us Sami,Basak Guler

DOI: https://doi.org/10.48550/arXiv.2112.12872

2021-12-24

Abstract:Secure aggregation is a popular protocol in privacy-preserving federated learning, which allows model aggregation without revealing the individual models in the clear. On the other hand, conventional secure aggregation protocols incur a significant communication overhead, which can become a major bottleneck in real-world bandwidth-limited applications. Towards addressing this challenge, in this work we propose a lightweight gradient sparsification framework for secure aggregation, in which the server learns the aggregate of the sparsified local model updates from a large number of users, but without learning the individual parameters. Our theoretical analysis demonstrates that the proposed framework can significantly reduce the communication overhead of secure aggregation while ensuring comparable computational complexity. We further identify a trade-off between privacy and communication efficiency due to sparsification. Our experiments demonstrate that our framework reduces the communication overhead by up to 7.8x, while also speeding up the wall clock training time by 1.13x, when compared to conventional secure aggregation benchmarks.

Machine Learning,Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory

Yanyang Lu,Lei Fan

DOI: https://doi.org/10.1145/3432291.3432303

2020-01-01

Abstract:Federated learning is a privacy-protected way of decentralized machine learning. In a Federated Learning system, the server uses the aggregation algorithm to obtain a global model from clients. The traditional aggregation method called FedAvg is a simple arithmetic average, but it has never been proved efficient. Moreover, there are many potential attacks and network instability in Federated Learning systems. This paper aims to achieve two goals by replacing the server-side aggregation strategy: 1) Accelerate global model's convergence speed 2) Make global model reliable when facing network instability and offline attacks. Considering different clients' contributions have different impacts, we try to use gaussian distribution to weight clients' potential contributions. To make the aggregation process more modality to different neural network architecture, we try to solve the above problems on Convolution Neural Network as a representation. To work well on different functional units in neural networks, we also propose layer-wise optimizing steps. We have experimented on some representative tasks of Federated Learning, and the results show that our method exceeds FedAvg a lot on convergence speed. When simulating attack situations, our algorithm could be proved to maintain a reliable global model.