Yong Li,Yipeng Zhou,Alireza Jolfaei,Dongjin Yu,Gaochao Xu,Xi Zheng

DOI: https://doi.org/10.1109/jiot.2020.3022911

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Federated learning (FL) is a promising new technology in the field of IoT intelligence. However, exchanging model-related data in FL may leak the sensitive information of participants. To address this problem, we propose a novel privacy-preserving FL framework based on an innovative chained secure multiparty computing technique, named chain-PPFL. Our scheme mainly leverages two mechanisms: 1) single-masking mechanism that protects information exchanged between participants and 2) chained-communication mechanism that enables masked information to be transferred between participants with a serial chain frame. We conduct extensive simulation-based experiments using two public data sets (MNIST and CIFAR-100) by comparing both training accuracy and leak defence with other state-of-the-art schemes. We set two data sample distributions (IID and NonIID) and three training models (CNN, MLP, and L-BFGS) in our experiments. The experimental results demonstrate that the chain-PPFL scheme can achieve practical privacy preservation (equivalent to differential privacy with $epsilon $ approaching zero) for FL with some cost of communication and without impairing the accuracy and convergence speed of the training model.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chi Zhang,Sotthiwat Ekanut,Liangli Zhen,Zengxiang Li

DOI: https://doi.org/10.1109/tbdata.2022.3208736

2022-01-01

IEEE Transactions on Big Data

Abstract:Multi-Party Computation (MPC) provides an effective cryptographic solution for distributed computing systems so that local models with sensitive information are encrypted before sending to the centralized servers for aggregation. Though direct local knowledge leakages are eliminated in MPC-based algorithms, we observe the server can still obtain the local information indirectly in many scenarios, or even reveal the groundtruth images through methods like Deep Leakage from Gradients (DLG). To eliminate such possibilities and provide stronger protections, we propose an augmented MPC approach by encrypting local models with two rounds of decomposition before transmitting to the server. The proposed solution allows us to remove the constraint that servers must be honest in the general federated learning settings since the true global model is hidden from the servers. Specifically, the augmented MPC algorithm encodes local models into multiple secret shares in the first round, then each share is furthermore split into a public share and a private share. Consequences of such a two-round decomposition are that the augmented algorithm fully inherits the advantages of standard MPC by providing lossless encryption and decryption while simultaneously rendering the global model invisible to the central server. Both theoretical analysis and experimental verification demonstrate that such an augmented solution can provide stronger protections for the security and privacy of the training data, with minimal extra communication and computation costs incurred.

computer science, information systems, theory & methods

Lvjun Chen,Di Xiao,Zhuyang Yu,Maolan Zhang

DOI: https://doi.org/10.1016/j.ins.2024.120481

IF: 8.1

2024-03-21

Information Sciences

Abstract:Federated learning (FL) enables the full utilization of decentralized training without raw data. However, various attacks still threaten the training process of FL. To address these concerns, differential privacy (DP) and secure multi-party computation (SMC) are applied, but these methods may result in low accuracy and heavy training load. Moreover, the high communication consumption of FL in resource-constrained devices is also a challenging problem. In this paper, we propose a novel SMC algorithm for the FL (FL- IPFE) to protect the local gradients. It does not require a trusted third party (TTP) and is more suitable for FL. Furthermore, we propose a secure and efficient FL algorithm (SEFL), which applies compressed sensing (CS) and all-or-nothing transform (AONT) to minimize the number of transmitted and encrypted model updates. Additionally, our FL-IPFE is used to encrypt the last element of the preprocessed parameters for guaranteeing the security of the entire local model updates. Meanwhile, the issue of participant dropouts is also taken into account. Theoretical analyses demonstrate that our proposed algorithms can aggregate model updates with high security. Finally, experimental evaluation reveals that our SEFL possesses higher efficiency compared to other state-of-the-art works, while providing comparable model accuracy and strong privacy guarantees.

computer science, information systems

Xicong Shen,Ying Liu,Zhaoyang Zhang

DOI: https://doi.org/10.1109/jiot.2022.3189361

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL), which enables multiple distributed devices (clients) to collaboratively train a global model without transmitting their private data, has attracted much attention in the Internet of Things (IoT) domain. Compared with centralized learning, FL has obvious privacy advantages because it can protect the clients’ raw data from direct access by adversaries. Furthermore, to prevent the adversaries from inferring private information from the transmitted parameters, several FL algorithms based on differential privacy (DP) have been proposed, where the clients add artificial noise to their local parameters for privacy protection. Nevertheless, the added noise would disrupt the learning process and degrade the performance of the trained model. Considering this, in this article, we develop a performance-enhanced DP-based FL (PEDPFL) algorithm, where a classifier-perturbation regularization method is proposed to improve the robustness of the trained model against DP-injected noise. We derive the theoretical privacy and convergence analysis of the proposed algorithm, and also demonstrate the influence of some hyperparameters on the convergence performance. Simulation results on real-world data sets show that the proposed algorithm has better classification performance than the existing DP-based FL algorithms at the same level of privacy protection, and thus, it is more applicable to IoT applications.

Xiaopeng Yu,Jie Feng,Wei Zhao,Haomiao Yang,Dianhua Tang

DOI: https://doi.org/10.1007/s12083-023-01512-x

IF: 3.488

2023-07-12

Peer-to-Peer Networking and Applications

Abstract:Federated learning is an emerging paradigm of distributed collaborative machine learning , which allows different data nodes to train together for building a better model. Recently, privacy-preserving federated logistic regression has been widely concerned by academia and industry, which exploits techniques such as secure multi-party computation (MPC), homomorphic encryption (HE), and differential privacy (DP) to train shared model among different data nodes. However, MPC-based schemes could not efficiently handle high-dimensional sparse data and have high communication burden; HE-based schemes have potential information leakage risks and high computational burden; DP-based schemes affect the speed of model convergence and cause a loss of model accuracy. Besides, some of the existing schemes require a trusted third-party (TTP) coordinator, which greatly increases the complexity of training. To address these problems, in this paper, combining the HE and secret sharing (SS), we present a peer-to-peer privacy-preserving vertical federated logistic regression (VFLR) without TTP, which can securely train a shared model over vertically partitioned large-scale data from two data nodes. Moreover, to ensure the security of the training process, the proposed scheme secretly shares model weights between two data nodes, rather than reveals them to both parties during model training. Furthermore, the proposed scheme utilizes the single instruction multiple data (SIMD) and batching to achieve parallel processing and time amortization. Finally, the experimental evaluations demonstrate that the proposed scheme has less training time and better model performance than existing schemes.

computer science, information systems,telecommunications

Fengxia Liu,Zhiming Zheng,Yexuan Shi,Yongxin Tong,Yi Zhang

DOI: https://doi.org/10.1007/s11704-023-3282-7

IF: 2.6688

2023-01-01

Frontiers of Computer Science

Abstract:Federated learning is a promising learning paradigm that allows collaborative training of models across multiple data owners without sharing their raw datasets. To enhance privacy in federated learning, multi-party computation can be leveraged for secure communication and computation during model training. This survey provides a comprehensive review on how to integrate mainstream multi-party computation techniques into diverse federated learning setups for guaranteed privacy, as well as the corresponding optimization techniques to improve model accuracy and training efficiency. We also pinpoint future directions to deploy federated learning to a wider range of applications.

Jing Wang,Xi Lin,Jun Wu,Qinghua Mao,Bei Pei,Jianhua Li,Suchang Guo,Baitao Zhang

DOI: https://doi.org/10.1109/msn60784.2023.00124

2023-01-01

Abstract:The emerging federated learning (FL) enables distributed data mining for Internet of Things (IoT) big data while avoiding data outsourcing privacy risks via local data training and knowledge (i.e., model) sharing. However, only simplified local knowledge sharing will also cause user privacy leaks due to advanced attacks (e.g., model inversion or gradient leakage). Further, how to realize fine-grained and personalized privacy protection for IoT users is still a challenge. In this paper, we first propose a hierarchical cloud-edge orchestrated federated learning architecture for IoT, named HCE-FL, which aims to provide intelligent and distributed data analysis for IoT users. To address the FL privacy issues, we then design a multi-level access control encryption-based IoT knowledge sharing approach for HCE-FL. In our approach, IoT users could be classified into different levels according to their individual privacy requirements. In addition, the proposed multi-level access control encryption algorithm could ensure the confidentiality of the IoT knowledge flow, which runs through local clients, edge sanitizers, and cloud servers in HCE-FL. Moreover, security theoretical analysis shows that our HCE-FL could satisfy "no read" and "no write" security rules for the mandatory IoT knowledge access control. Finally, we conduct experiments based on classic MNIST and CIFAR10 datasets to evaluate our HCE-FL. The experimental results demonstrate that our solution can achieve personalized privacy-preserving FL without losing IoT data availability and users can obtain better model accuracy and convergence rate through secure IoT knowledge access and sharing.

Yong Li,Gaochao Xu,Xutao Meng,Wei Du,Xianglin Ren

DOI: https://doi.org/10.3390/e26050353

IF: 2.738

2024-04-24

Entropy

Abstract:In the realm of federated learning (FL), the exchange of model data may inadvertently expose sensitive information of participants, leading to significant privacy concerns. Existing FL privacy-preserving techniques, such as differential privacy (DP) and secure multi-party computing (SMC), though offering viable solutions, face practical challenges including reduced performance and complex implementations. To overcome these hurdles, we propose a novel and pragmatic approach to privacy preservation in FL by employing localized federated updates (LF3PFL) aimed at enhancing the protection of participant data. Furthermore, this research refines the approach by incorporating cross-entropy optimization, carefully fine-tuning measurement, and improving information loss during the model training phase to enhance both model efficacy and data confidentiality. Our approach is theoretically supported and empirically validated through extensive simulations on three public datasets: CIFAR-10, Shakespeare, and MNIST. We evaluate its effectiveness by comparing training accuracy and privacy protection against state-of-the-art techniques. Our experiments, which involve five distinct local models (Simple-CNN, ModerateCNN, Lenet, VGG9, and Resnet18), provide a comprehensive assessment across a variety of scenarios. The results clearly demonstrate that LF3PFL not only maintains competitive training accuracies but also significantly improves privacy preservation, surpassing existing methods in practical applications. This balance between privacy and performance underscores the potential of localized federated updates as a key component in future FL privacy strategies, offering a scalable and effective solution to one of the most pressing challenges in FL.

physics, multidisciplinary

Yin Xu,Mingjun Xiao,Jie Wu,Guoju Gao,Datian Li,Haotian Xu,Tongxiao Zhang

DOI: https://doi.org/10.1109/tii.2024.3424497

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Federated learning (FL) is a distributed learning paradigm that enables large-scale IoT devices to collaboratively train a shared model while preserving the privacy of local data. To avoid the single-point-of-failure of the conventional parameter server architecture, the study concentrates on the decentralized FL (DFL) paradigm building on the device-to-device communication network. However, existing DFL frameworks encounter challenges related to resource limitations, privacy protection, and data heterogeneity. To overcome these challenges, the study proposes and implements DF $^{2}$ -MPC in industrial IoT, an efficient DFL framework with personalized model pruning and adaptive communication. Specifically, a personalized pruning ratio determination approach is designed by exploiting the model pruning technique. This approach enables all devices to flexibly determine pruning ratios by themselves, thereby achieving both communication savings and privacy protection. Then, this study designs an adaptive neighbor selection scheme, which can enhance model performance and foster model consensus under resource constraints. In addition, the study theoretically proves the convergence performance of DF $^{2}$ -MPC. Finally, extensive simulations on three real-world traces are conducted to corroborate the superiority of DF $^{2}$ -MPC, demonstrating that the method can improve communication efficiency with satisfactory model accuracy and convergence performance.

Meng Shen,Jing Wang,Jie Zhang,Qinglin Zhao,Bohan Peng,Tong Wu,Liehuang Zhu,Ke Xu

DOI: https://doi.org/10.1109/tnse.2024.3360311

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Federated Learning (FL) is a machine learning approach that enables multiple users to share their local models for the aggregation of a global model, protecting data privacy by avoiding the sharing of raw data. However, frequent parameter sharing between users and the aggregator can incur high risk of membership privacy leakage. In this paper, we propose LiPFed, a computationally lightweight privacy preserving FL scheme using secure decentralized aggregation for edge networks. Under this scheme, we ensure privacy preservation on the aggregation side, and promote lightweight computation on the user side. By incorporating blockchain and additive secret sharing algorithm, we effectively protect the membership privacy of both local models and global models. Furthermore, the secure decentralized aggregation mechanism safeguards against potential compromises of the aggregator. Meanwhile, smart contract is introduced to identify malicious models uploaded by edge nodes and return trustworthy global models to users. Rigorous security analysis shows the effectiveness of this scheme in privacy preservation. Extensive experiments verify that LiPFed outperforms the state-of-the-art schemes in terms of training efficiency, model accuracy, and privacy preservation.

Liangyu Zhong,Lulu Wang,Lei Zhang,Josep Domingo-Ferrer,Lin Xu,Changti Wu,Rui Zhang

DOI: https://doi.org/10.1109/tnsm.2024.3399534

2024-08-25

IEEE Transactions on Network and Service Management

Abstract:Federated learning (FL) allows multiple users to collaboratively train global machine learning models by keeping their data sets local. However, the existing privacy-preserving FL schemes suffer from several limitations, e.g., loss of accuracy, high communication/computation cost, failure to support dynamic users, and insecurity against collusion attacks. To solve these limitations, we propose a lightweight privacy-preserving FL scheme based on a dual-server architecture. Our scheme involves only lightweight cryptographic operations, i.e., hash and symmetric encryption operations, and it has low communication overhead. Thus, it is computationally lightweight and round-efficient. Further, it allows users to join/quit an FL task and it is accuracy-lossless. We formally prove that our scheme remains secure even in case of collusion attacks. In particular, if an attacker colludes with one of the servers and all the users who participate in an FL task except two, the privacy of user gradients stays unviolated. The reported experimental results demonstrate that our scheme incurs only a marginal increase in total communication overhead compared to the FL scheme without any privacy protection. In terms of computation overhead, the cost per user remains stable as the number of users grows, while the cost for the server is comparable to that of the FL scheme without any privacy protection.

computer science, information systems

Dong Mao,Qiongqian Yang,Hongkai Wang,Zuge Chen,Chen Li,Yubo Song,Zhongyuan Qin

DOI: https://doi.org/10.3390/electronics13061028

IF: 2.9

2024-03-10

Electronics

Abstract:Federated learning (FL) is increasingly challenged by security and privacy concerns, particularly vulnerabilities exposed by malicious participants. There remains a gap in effectively countering threats such as model inversion and poisoning attacks in existing research. To address these challenges, this paper proposes the Effective Private-Protected Federated Learning Aggregation Algorithm (EPFed), a framework that utilizes a blockchain platform, homomorphic encryption, and secret sharing to fortify the data privacy and computational efficiency in a federated learning environment. EPFed works by establishing "trust groups" through the unique integration of a Chinese Remainder Theorem-based secret sharing scheme with Paillier homomorphic encryption, streamlining secure model parameter exchange and aggregation while minimizing the computational load. Our performance-driven aggregation strategy leverages local performance metrics to safeguard against malicious contributions, ensuring both the integrity and efficiency of the learning process. The evaluations demonstrate that EPFed achieves a remarkable accuracy rate of 92.5%, thereby confirming the advanced nature of the proposed solution in addressing the pressing challenges of FL.

engineering, electrical & electronic,computer science, information systems,physics, applied

Runhua Xu,Nathalie Baracaldo,Yi Zhou,Ali Anwar,Swanand Kadhe,Heiko Ludwig

DOI: https://doi.org/10.48550/arXiv.2207.07779

2022-07-16

Abstract:Federated learning has emerged as a privacy-preserving machine learning approach where multiple parties can train a single model without sharing their raw training data. Federated learning typically requires the utilization of multi-party computation techniques to provide strong privacy guarantees by ensuring that an untrusted or curious aggregator cannot obtain isolated replies from parties involved in the training process, thereby preventing potential inference attacks. Until recently, it was thought that some of these secure aggregation techniques were sufficient to fully protect against inference attacks coming from a curious aggregator. However, recent research has demonstrated that a curious aggregator can successfully launch a disaggregation attack to learn information about model updates of a target party. This paper presents DeTrust-FL, an efficient privacy-preserving federated learning framework for addressing the lack of transparency that enables isolation attacks, such as disaggregation attacks, during secure aggregation by assuring that parties' model updates are included in the aggregated model in a private and secure manner. DeTrust-FL proposes a decentralized trust consensus mechanism and incorporates a recently proposed decentralized functional encryption (FE) scheme in which all parties agree on a participation matrix before collaboratively generating decryption key fragments, thereby gaining control and trust over the secure aggregation process in a decentralized setting. Our experimental evaluation demonstrates that DeTrust-FL outperforms state-of-the-art FE-based secure multi-party aggregation solutions in terms of training time and reduces the volume of data transferred. In contrast to existing approaches, this is achieved without creating any trust dependency on external trusted entities.

Cryptography and Security

Qiang Yang,Anbu Huang,Lixin Fan,Chee Seng Chan,Jian Han Lim,Kam Woh Ng,Ding Sheng Ong,Bowen Li

DOI: https://doi.org/10.1007/s11633-022-1343-2

2023-01-11

Machine Intelligence Research

Abstract:In the past decades, artificial intelligence (AI) has achieved unprecedented success, where statistical models become the central entity in AI. However, the centralized training and inference paradigm for building and using these models is facing more and more privacy and legal challenges. To bridge the gap between data privacy and the need for data fusion, an emerging AI paradigm federated learning (FL) has emerged as an approach for solving data silos and data privacy problems. Based on secure distributed AI, federated learning emphasizes data security throughout the lifecycle, which includes the following steps: data preprocessing, training, evaluation, and deployments. FL keeps data security by using methods, such as secure multi-party computation (MPC), differential privacy, and hardware solutions, to build and use distributed multiple-party machine-learning systems and statistical models over different data sources. Besides data privacy concerns, we argue that the concept of "model" matters, when developing and deploying federated models, they are easy to expose to various kinds of risks including plagiarism, illegal copy, and misuse. To address these issues, we introduce FedIPR, a novel ownership verification scheme, by embedding watermarks into FL models to verify the ownership of FL models and protect model intellectual property rights (IPR or IP-right for short). While security is at the core of FL, there are still many articles referred to distributed machine learning with no security guarantee as "federated learning", which are not satisfied with the FL definition supposed to be. To this end, in this paper, we reiterate the concept of federated learning and propose secure federated learning (SFL), where the ultimate goal is to build trustworthy and safe AI with strong privacy-preserving and IP-right-preserving. We provide a comprehensive overview of existing works, including threats, attacks, and defenses in each phase of SFL from the lifecycle perspective.

Ping Zhao,Zhikui Cao,Jin Jiang,Fei Gao

DOI: https://doi.org/10.1109/jiot.2022.3201231

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:Federated learning (FL) enables multiple worker devices share local models trained on their private data to collaboratively train a machine learning model. However, local models are proved to imply the information about the private data and, thus, introduce much vulnerabilities to inference attacks where the adversary reconstructs or infers the sensitive information about the private data (e.g., labels, memberships, etc.) from the local models. To address this issue, existing works proposed homomorphic encryption, secure multiparty computation (SMC), and differential privacy methods. Nevertheless, the homomorphic encryption and SMC-based approaches are not applicable to large-scale FL scenarios as they incur substantial additional communication and computation costs and require secure channels to delivery keys. Moreover, differential privacy brings a substantial tradeoff between privacy budget and model performance. In this article, we propose a novel FL framework, which can protect the data privacy of worker devices against the inference attacks with minimal accuracy cost and low computation and communication cost, and does not rely on the secure pairwise communication channels. The main idea is to generate the lightweight keys based on computational Diffie–Hellman (CDH) problem to encrypt the local models, and the FL server can only get the sum of the local models of all worker devices without knowing the exact local model of any specific worker device. The extensive experimental results on three real-world data sets validate that the proposed FL framework can protect the data privacy of worker devices, and only incurs a small constant of computation and communication cost and a drop in test accuracy of no more than 1%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yunyan Jia,Ling Xiong,Yu Fan,Wei Liang,Neal Xiong,Fengjun Xiao

DOI: https://doi.org/10.1080/09540091.2023.2299103

2024-01-10

Connection Science

Abstract:Federated learning (FL), as an effective method to solve the problem of "data island", has become one of the hot and widespread concern topics in recent years. However, with the using of FL technology in the practical applications, an increasing number of FL tasks make the training management be more complex and the trade-off of multi-task becomes difficult. To overcome this weakness, this work proposes a privacy-preserving FL framework with multi-tasks using partitioned blockchain, which can run several different FL tasks by multiple requesters. First, a temporary committee is formed for an FL task to facilitating visualization, organization and management of security aggregation. Second, the proposed framework combines Paillier homomorphic encryption with Pearson correlation coefficient to protect users' privacy and ensure the accuracy of global model. Finally, a new blockchain-based reward method is presented to inspire participants to share their valuable data. The experimental results show that the global model accuracy of our proposed framework is able to reach 98.43 % . Obviously, the proposed framework is more suitable for practical application environment, especially in industrial application field.

computer science, artificial intelligence, theory & methods

Katharine Daly,Hubert Eichner,Peter Kairouz,H. Brendan McMahan,Daniel Ramage,Zheng Xu

2024-10-11

Abstract:Federated Learning (FL) is a machine learning technique that enables multiple entities to collaboratively learn a shared model without exchanging their local data. Over the past decade, FL systems have achieved substantial progress, scaling to millions of devices across various learning domains while offering meaningful differential privacy (DP) guarantees. Production systems from organizations like Google, Apple, and Meta demonstrate the real-world applicability of FL. However, key challenges remain, including verifying server-side DP guarantees and coordinating training across heterogeneous devices, limiting broader adoption. Additionally, emerging trends such as large (multi-modal) models and blurred lines between training, inference, and personalization challenge traditional FL frameworks. In response, we propose a redefined FL framework that prioritizes privacy principles rather than rigid definitions. We also chart a path forward by leveraging trusted execution environments and open-source ecosystems to address these challenges and facilitate future advancements in FL.

Machine Learning,Artificial Intelligence,Cryptography and Security

Benxin Yin,Hanlin Zhang,Jie Lin,Fanyu Kong,Leyun Yu

DOI: https://doi.org/10.1016/j.cose.2024.103700

IF: 5.105

2024-01-11

Computers & Security

Abstract:Machine learning has been applied in a wide range of various fields. To train more effective control models, it is a trend for organizations holding their private data to collaborate with others, which raises privacy problems. Federated learning allows multiple participants to train learning models collaboratively without sharing their private training data but only the gradient. Nonetheless, recent researches show that sharing the gradient can also cause the original data leakage. To eliminate the data leakage of federated learning, in this paper, we propose a secure multiparty federated learning control system, including a secure training process and a secure prediction process. In the training process, data providers train the learning model collaboratively without disclosing local data. The trained model can be verified by participants. The data providers can then provide users with prediction services based on the trained model. In the prediction process, data providers cannot access the user data, and users cannot obtain the model. Also, the prediction result can be verified by users. We carry out comprehensive experiments to demonstrate the effectiveness of our proposed scheme.

computer science, information systems

Natalie Lang,Nir Shlezinger,Rafael G. L. D'Oliveira,Salim El Rouayheb

2023-08-01

Abstract:Federated learning (FL) is an emerging paradigm that allows a central server to train machine learning models using remote users' data. Despite its growing popularity, FL faces challenges in preserving the privacy of local datasets, its sensitivity to poisoning attacks by malicious users, and its communication overhead. The latter is additionally considerably dominant in large-scale networks. These limitations are often individually mitigated by local differential privacy (LDP) mechanisms, robust aggregation, compression, and user selection techniques, which typically come at the cost of accuracy. In this work, we present compressed private aggregation (CPA), that allows massive deployments to simultaneously communicate at extremely low bit rates while achieving privacy, anonymity, and resilience to malicious users. CPA randomizes a codebook for compressing the data into a few bits using nested lattice quantizers, while ensuring anonymity and robustness, with a subsequent perturbation to hold LDP. The proposed CPA is proven to result in FL convergence in the same asymptotic rate as FL without privacy, compression, and robustness considerations, while satisfying both anonymity and LDP requirements. These analytical properties are empirically confirmed in a numerical study, where we demonstrate the performance gains of CPA compared with separate mechanisms for compression and privacy for training different image classification models, as well as its robustness in mitigating the harmful effects of malicious users.

Cryptography and Security

Jing Xiong,Hong Zhu

DOI: https://doi.org/10.1016/j.comcom.2023.11.022

IF: 5.047

2024-01-01

Computer Communications

Abstract:With the arrival of the era of the Internet of Things (IoT), the rapid development of new technologies such as artificial intelligence, big data, and other advanced techniques, data is growing geometrically. These data are prone to form data silos, scattered in various places. Jointly decentralized data applications will accelerate the progress and development of the times, but also face the challenge of data privacy protection. Federated learning (FL), a new branch of distributed machine learning, is trained by collaborative training to obtain global model without direct exposure to local datasets. Some studies have shown that typically federated learning involves a larger number of participants, it can lead to a significant increase in communication overhead, resulting in issues such as higher latency and bandwidth consumption. We suggest masking a subset of diverse participants and allowing the remaining participants to proceed with the next communication round of updates. Our aim is for reducing the communication overhead and improving the convergence performance of the global model on the premise of heterogeneous data privacy protection. We design a private masking approach PrivMaskFL to address two problems. We firstly propose a dynamic participant aggregation masking approach, which adopts the greedy ideology to select the relatively important participants and mask the unimportant ones; secondly, we design an adaptive differential privacy approach, which adaptively stratifies privacy budget according to the characteristics of participant, allocates the budget in a fine-grained stratified level, and adds Gaussian noise reasonably. Specifically, in each communication round, the participant’s model needs to perform local differential privacy noise addition for uplink parameter transmission; the server aggregates to acquire global model, finds a candidate participant subset based on the smaller parameter divergence by using the greedy algorithm approximation for t + 1 -th communication round for downlink parameter transmission. Subsequently, the privacy budget sequence is divided and granted to the participants of the stratified level, and the Gaussian noise addition of adaptive differential privacy is completed to achieve privacy protection without compromising the model’s usability. In experiments, our approach reduces the communication overhead and improve the convergence performance. Furthermore, our approach achieves higher accuracy and robust variance on both FMNIST and FEMNIST datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic