Song Han,Hongxin Ding,Shuai Zhao,Siqi Ren,Zhibo Wang,Jianhong Lin,Shuhao Zhou

DOI: https://doi.org/10.1109/TNNLS.2023.3271859

Abstract:Privacy-preserving federated learning, as one of the privacy-preserving computation techniques, is a promising distributed and privacy-preserving machine learning (ML) approach for Internet of Medical Things (IoMT), due to its ability to train a regression model without collecting raw data of data owners (DOs). However, traditional interactive federated regression training (IFRT) schemes rely on multiple rounds of communication to train a global model and are still under various privacy and security threats. To overcome these problems, several noninteractive federated regression training (NFRT) schemes have been proposed and applied in a variety of scenarios. However, there are still several challenges: 1) how to protect the privacy of DOs' local dataset; 2) how to realize highly scalable regression training without linear dependence on sample dimension; 3) how to tolerate DOs' dropout; and 4) how to enable DOs to verify the correctness of aggregated results returned from the cloud service provider (CSP). In this article, we propose two practical noninteractive federated learning schemes with privacy-preserving for IoMT, named homomorphic encryption based NFRT (HE-NFRT) and double-masking protocol based NFRT (Mask-NFRT), respectively, which are based on a comprehensive consideration of NFRT, privacy concerns, high-efficiency, robustness, and verification mechanism. The security analyses display that our proposed schemes are able to protect the privacy of DOs' local training data, resist collusion attack, and support strong verification to each DO. The performance evaluation results demonstrate that our proposed HE-NFRT scheme is desirable for a high-dimensional and high-security IoMT application while Mask-NFRT scheme is desirable for a high-dimensional and large-scale IoMT application.

Lingjuan Lyu,Han Yu,Xingjun Ma,Chen Chen,Lichao Sun,Jun Zhao,Qiang Yang,Philip S. Yu

DOI: https://doi.org/10.1109/tnnls.2022.3216981

IF: 14.255

2022-01-01

IEEE Transactions on Neural Networks and Learning Systems

Abstract:As data are increasingly being stored in different silos and societies becoming more aware of data privacy issues, the traditional centralized training of artificial intelligence (AI) models is facing efficiency and privacy challenges. Recently, federated learning (FL) has emerged as an alternative solution and continues to thrive in this new reality. Existing FL protocol designs have been shown to be vulnerable to adversaries within or outside of the system, compromising data privacy and system robustness. Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries. In this article, we conduct a comprehensive survey on privacy and robustness in FL over the past five years. Through a concise introduction to the concept of FL and a unique taxonomy covering: 1) threat models; 2) privacy attacks and defenses; and 3) poisoning attacks and defenses, we provide an accessible review of this important topic. We highlight the intuitions, key techniques, and fundamental assumptions adopted by various attacks and defenses. Finally, we discuss promising future research directions toward robust and privacy-preserving FL, and their interplays with the multidisciplinary goals of FL.

computer science, artificial intelligence, theory & methods,engineering, electrical & electronic, hardware & architecture

Sultan Basudan,Abdulrahman Alamer

DOI: https://doi.org/10.1080/17517575.2024.2421396

2024-11-13

Enterprise Information Systems

Abstract:Federated learning (FL) has become a viable concept in the Internet of Robotic Things (IoRT) by allowing local gradients to be shared and used to train a global model without disclosing raw data. However, local data privacy leaking is a threat posed by the shared gradients. In this paper, we propose a novel FL model for resource-constrained IoRT devices to improve learning models by using local resources and client activity observation. The proposed model helps protect data privacy, reduce communication overhead and open an environment for distributed learning models. The experimental assessments executed on real-world datasets with high practical efficiency.

computer science, information systems

Wei Yu,Saier Alharbi,Yifan Guo

DOI: https://doi.org/10.1109/JIOT.2024.3368754

IF: 10.6

2024-06-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) devices generate massive amounts of data from local devices, making federated learning (FL) a viable distributed machine learning paradigm to learn a global model while keeping private data locally in various IoT systems. However, recent studies show that FL’s decentralized nature makes it susceptible to backdoor attacks. Existing defenses like robust aggregation defenses have reduced attack success rates (ASRs) by identifying significant statistical differences between normal and backdoored models individually. However, these defenses fail to consider the potential collusion among attackers to bypass statistical measures utilized in defenses. In this article, we propose a novel attack approach, called collusive backdoor attacks (CBAs), which bypasses robust aggregation defense by considering both local backdoor training and post-training model manipulations among collusive attackers. Particularly, we introduce a nontrivial perturbation estimation scheme to add manipulations over model update vectors after local backdoor training and use the Gram-Schmidt process to speed up the estimation process. This makes the magnitude of the perturbed poisoned model to the same level as normal models, evading robust aggregation-based defense while maintaining attack efficacy. After that, we provide a pilot study to verify the feasibility of our perturbation estimation scheme, followed by its convergence analysis. By evaluating the attack performance on four representative data sets, our CBA approach maintains high ASRs under benchmark robust aggregation defenses in both independent and identically distributed (IID) and non-IID local data settings. Particularly, it increases the ASR by 126% on average compared to individual backdoor attacks.

Engineering,Computer Science

Gaolei Li,Jun Wu,Shenghong Li,Wu Yang,Changlian Li

DOI: https://doi.org/10.1109/tii.2022.3173996

IF: 12.3

2022-12-17

IEEE Transactions on Industrial Informatics

Abstract:Software-defined industrial Internet of things (SD-IIoT) exploits federated learning to process the sensitive data at edges, while adaptive poisoning attacks threat the security of SD-IIoT. To address this problem, this article proposes a multi-tentacle federated learning (MTFL) framework, which is essential to guarantee the trustness of training data in SD-IIoT. In MTFL, participants with similar learning tasks are assigned to the same tentacle group. To identify adaptive poisoning attacks, a tentacle distribution-based efficient poisoning attack detection (TD-EPAD) algorithm is presented. And also, to minimize the impact of adaptive poisoning data, a stochastic tentacle data exchanging (STDE) protocol is also proposed. Simultaneously, to protect the tentacle's privacy in STDE, all exchanged data will be processed by differential privacy technology. A MTFL prototype system is implemented, which provides extensive ablation experiments and comparison experiments, demonstrating that the accuracy of the global model under attack scenario can be improved with 40%.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jing Xiong,Hong Zhu

DOI: https://doi.org/10.1016/j.comcom.2023.11.022

IF: 5.047

2024-01-01

Computer Communications

Abstract:With the arrival of the era of the Internet of Things (IoT), the rapid development of new technologies such as artificial intelligence, big data, and other advanced techniques, data is growing geometrically. These data are prone to form data silos, scattered in various places. Jointly decentralized data applications will accelerate the progress and development of the times, but also face the challenge of data privacy protection. Federated learning (FL), a new branch of distributed machine learning, is trained by collaborative training to obtain global model without direct exposure to local datasets. Some studies have shown that typically federated learning involves a larger number of participants, it can lead to a significant increase in communication overhead, resulting in issues such as higher latency and bandwidth consumption. We suggest masking a subset of diverse participants and allowing the remaining participants to proceed with the next communication round of updates. Our aim is for reducing the communication overhead and improving the convergence performance of the global model on the premise of heterogeneous data privacy protection. We design a private masking approach PrivMaskFL to address two problems. We firstly propose a dynamic participant aggregation masking approach, which adopts the greedy ideology to select the relatively important participants and mask the unimportant ones; secondly, we design an adaptive differential privacy approach, which adaptively stratifies privacy budget according to the characteristics of participant, allocates the budget in a fine-grained stratified level, and adds Gaussian noise reasonably. Specifically, in each communication round, the participant’s model needs to perform local differential privacy noise addition for uplink parameter transmission; the server aggregates to acquire global model, finds a candidate participant subset based on the smaller parameter divergence by using the greedy algorithm approximation for t + 1 -th communication round for downlink parameter transmission. Subsequently, the privacy budget sequence is divided and granted to the participants of the stratified level, and the Gaussian noise addition of adaptive differential privacy is completed to achieve privacy protection without compromising the model’s usability. In experiments, our approach reduces the communication overhead and improve the convergence performance. Furthermore, our approach achieves higher accuracy and robust variance on both FMNIST and FEMNIST datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ghazaleh Shirvani,Saeid Ghasemshirazi,Mohammad Ali Alipour

2024-03-17

Abstract:The rapid proliferation of the Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Nonetheless, the escalating threat of Distributed Denial of Service (DDoS) attacks jeopardizes the integrity and reliability of IoT networks. Conventional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems, potentially compromising data privacy. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning that allows multiple IoT devices or edge nodes to collaboratively build a global model while preserving data privacy and minimizing communication overhead. The research aims to investigate Federated Learning's effectiveness in detecting and mitigating DDoS attacks in IoT. Our proposed framework leverages IoT devices' collective intelligence for real-time attack detection without compromising sensitive data. This study proposes innovative deep autoencoder approaches for data dimensionality reduction, retraining, and partial selection to enhance the performance and stability of the proposed model. Additionally, two renowned aggregation algorithms, FedAvg and FedAvgM, are employed in this research. Various metrics, including true positive rate, false positive rate, and F1-score, are employed to evaluate the model. The dataset utilized in this research, N-BaIoT, exhibits non-IID data distribution, where data categories are distributed quite differently. The negative impact of these distribution disparities is managed by employing retraining and partial selection techniques, enhancing the final model's stability. Furthermore, evaluation results demonstrate that the FedAvgM aggregation algorithm outperforms FedAvg, indicating that in non-IID datasets, FedAvgM provides better stability and performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Christian Esposito,Giancarlo Sperlì,Vincenzo Moscato,Zhongliang Zhao

DOI: https://doi.org/10.1109/ccnc49033.2022.9700723

2022-01-01

Abstract:Federated learning has been increasingly studied to cope with the scalability and privacy issues characterizing current and upcoming large-scale infrastructures, such as the Internet of Things, 5G networks, vehicular applications, and so on. This approach partitions the data storage and AI model training in a series of local learners, whose results are aggregated by a central server and then redistributed back to the learners to have a trained global model. However, despite avoiding outsourcing sensitive data to cloud-hosted services and fragmenting the workload for data processing, such a decentralized learning approach lays the overall solution open to various kinds of attacks, able to fully compromise the accuracy of the obtained global model. This study aims to quantitatively assess the impact of two widely-recognized attacks against federated learning and propose a tentative protection means by using blockchain.

Hengliang Tang,Zihang Zhao,Detian Liu,Yang Cao,Shiqiang Zhang,Siqing You

DOI: https://doi.org/10.48550/arXiv.2311.04944

IF: 5.414

2023-11-08

Machine Learning

Abstract:In the realm of the Internet of Things (IoT), deploying deep learning models to process data generated or collected by IoT devices is a critical challenge. However, direct data transmission can cause network congestion and inefficient execution, given that IoT devices typically lack computation and communication capabilities. Centralized data processing in data centers is also no longer feasible due to concerns over data privacy and security. To address these challenges, we present an innovative Edge-assisted U-Shaped Split Federated Learning (EUSFL) framework, which harnesses the high-performance capabilities of edge servers to assist IoT devices in model training and optimization process. In this framework, we leverage Federated Learning (FL) to enable data holders to collaboratively train models without sharing their data, thereby enhancing data privacy protection by transmitting only model parameters. Additionally, inspired by Split Learning (SL), we split the neural network into three parts using U-shaped splitting for local training on IoT devices. By exploiting the greater computation capability of edge servers, our framework effectively reduces overall training time and allows IoT devices with varying capabilities to perform training tasks efficiently. Furthermore, we proposed a novel noise mechanism called LabelDP to ensure that data features and labels can securely resist reconstruction attacks, eliminating the risk of privacy leakage. Our theoretical analysis and experimental results demonstrate that EUSFL can be integrated with various aggregation algorithms, maintaining good performance across different computing capabilities of IoT devices, and significantly reducing training time and local computation overhead.

Changti Wu,Lei Zhang,Lin Xu,Kim-Kwang Raymond Choo,Liangyu Zhong

DOI: https://doi.org/10.1109/jiot.2024.3380597

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) when deployed in an Internet of Things (IoT) ecosystem can facilitate the collaborative training of a global model involving different IoT local systems. However, there are a number of challenges in such deployments, and examples include single point of failure / attack, lack of fault tolerance, vulnerability to collusion attacks and accuracy loss. Therefore, we propose a privacy-preserving serverless FL scheme for IoT based on secure multi-party computation. Specifically, in our scheme, no central sever is required to coordinate the generation of global models. In doing so, we avoid the single point of failure / attack limitation. We also mitigate the fault tolerance limitation by using secret sharing. Finally, we provide a formal security proof that demonstrates the resilience of our scheme against collusion attacks, thereby establishing its effectiveness in achieving robust data privacy. Simulations are also implemented to show that our scheme does not suffer from accuracy loss.

Bin Jia,Xiaosong Zhang,Jiewen Liu,Yang Zhang,Ke Huang,Yongquan Liang

DOI: https://doi.org/10.1109/tii.2021.3085960

IF: 12.3

2022-06-01

IEEE Transactions on Industrial Informatics

Abstract:With rapid growth in data volume generated from different industrial devices in IoT, the protection for sensitive and private data in data sharing has become crucial. At present, federated learning for data security has arisen, and it can solve the security concerns on data sharing by model sharing on Internet of mutual distrust. However, the hackers still launch attack aiming at the security vulnerabilities (e.g., model extraction attack and model reverse attack) in federated learning. In this article, to address the above problems, we first design an application model of blockchain-enabled federated learning in Industrial Internet of Things (IIoT), and formulate our data protection aggregation scheme based on the above model. Then, we give the distributed K-means clustering based on differential privacy and homomorphic encryption, and the distributed random forest with differential privacy and the distributed AdaBoost with homomorphic encryption methods, which enable multiple data protection in data sharing and model sharing. Finally, we integrate the methods with blockchain and federated learning, and provide the complete security analysis. Extensive experimental results show that our aggregation scheme and working mechanism have the better performance in the selected indicators.

Jingwei Liu,Jin Zhang,Mian Ahmad Jan,Rong Sun,Lei Liu,Sahil Verma,Pushpita Chatterjee

DOI: https://doi.org/10.1109/jbhi.2023.3304361

IF: 7.7

2023-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:Data mining, integration, and utilization are the inevitable trend of the Internet of Medical Things (IoMT) in the context of big data. With the increasing demand for data privacy, federated learning has emerged as a new paradigm, which enables distributed joint training of medical data sources without leaving the private domain. However, federated learning is suffering from security threats as the shared local model will reveal original datasets. Privacy leakage is even more fatal in healthcare because medical data contains critically sensitive information. In addition, open wireless channels are susceptible to malicious attacks. To further safeguard the privacy of IoMT, we propose a comprehensive privacy-preserving federated learning scheme with a tactful dropout handling mechanism. The proposed scheme leverages blind masking and certificateless proxy re-encryption (CL-PRE) for secure aggregation, ensuring the confidentiality of the local model and rendering the global model invisible to any parties other than clients. It also provides authentication of uploaded models while protecting identity privacy. Compared with other relevant schemes, our solution has better performance on functional features and efficiency, and is more applicable to IoMT systems with many devices.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Ruonan Zhao,Laurence T. Yang,Debin Liu,Wanli Lu

DOI: https://doi.org/10.1109/jiot.2023.3283853

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) could provide a promising privacy-preserving intelligent learning paradigm for space-air-ground-integrated Internet of Things (SAGI-IoT) by breaking down data islands and solving the dilemma between data privacy and data sharing. Currently, adaptivity, communication efficiency and model security are the three main challenges faced by FL, and they are rarely considered by existing works simultaneously. Concretely, most existing FL works assume that local models share the same architecture with the global model, which is less adaptive and cannot meet the heterogeneous requirements of SAGI-IoT. Exchanging numerous model parameters not only generates massive communication overhead but also poses the risk of privacy leakage. The security of FL based on homomorphic encryption with a single private key is weak as well. Given this, this article proposes a tensor-empowered communication-efficient and trustworthy heterogeneous FL, where various participants could choose suitable heterogeneous local models according to their actual computing and communication environment, so that clients with different capabilities could do what they are good at. Additionally, tensor train decomposition is leveraged to reduce communication parameters while maintaining model performance. The storage requirements and communication overhead for heterogeneous clients are reduced further. Finally, the homomorphic encryption with double trapdoor property is utilized to provide a robust and trustworthy environment, which can defend against the inference attacks from malicious external attackers, honest-but-curious server and internal participating clients. Extensive experimental results show that the proposed approach is more adaptive and can improve communication efficiency as well as protect model security compared with the state-of-the-art.

Enrique Tomás Martínez Beltrán,Pedro Miguel Sánchez Sánchez,Sergio López Bernal,Gérôme Bovet,Manuel Gil Pérez,Gregorio Martínez Pérez,Alberto Huertas Celdrán

2023-12-10

Abstract:The rise of Decentralized Federated Learning (DFL) has enabled the training of machine learning models across federated participants, fostering decentralized model aggregation and reducing dependence on a server. However, this approach introduces unique communication security challenges that have yet to be thoroughly addressed in the literature. These challenges primarily originate from the decentralized nature of the aggregation process, the varied roles and responsibilities of the participants, and the absence of a central authority to oversee and mitigate threats. Addressing these challenges, this paper first delineates a comprehensive threat model focused on DFL communications. In response to these identified risks, this work introduces a security module to counter communication-based attacks for DFL platforms. The module combines security techniques such as symmetric and asymmetric encryption with Moving Target Defense (MTD) techniques, including random neighbor selection and IP/port switching. The security module is implemented in a DFL platform, Fedstellar, allowing the deployment and monitoring of the federation. A DFL scenario with physical and virtual deployments have been executed, encompassing three security configurations: (i) a baseline without security, (ii) an encrypted configuration, and (iii) a configuration integrating both encryption and MTD techniques. The effectiveness of the security module is validated through experiments with the MNIST dataset and eclipse attacks. The results showed an average F1 score of 95%, with the most secure configuration resulting in CPU usage peaking at 68% (+-9%) in virtual deployments and network traffic reaching 480.8 MB (+-18 MB), effectively mitigating risks associated with eavesdropping or eclipse attacks.

Cryptography and Security,Artificial Intelligence,Distributed, Parallel, and Cluster Computing,Machine Learning,Networking and Internet Architecture

Jianhua Li,Lingjuan Lyu,Ximeng Liu,Xuyun Zhang,Xixiang Lyu

DOI: https://doi.org/10.1109/TII.2021.3088938

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Due to resource constraints and working surroundings, many IIoT nodes are easily hacked and turn into zombies from which to launch attacks. It is challenging to detect such networked zombies rooted behind the Internet for any individual defender. In this article, we combine federated learning (FL) and fog/edge computing to combat malicious codes. Our protocol trains a global optimized model based on distributed datasets of collaborators while removing the data and communication constraints. The FL-based detection protocol maximizes the values of distributed data samples, resulting in an accurate model timely. On top of the protocol, we place mitigation intelligence in a distributed and collaborative manner. Our approach improves accuracy, eliminates mitigation time, and enlarges attackers' expense within a defense alliance. Comprehensive evaluations confirm that the cost incurred is 2.7 times larger, the mitigation response time is 72% lower, and the accuracy is 47% higher on average. Besides, the protocol evaluation shows the detection accuracy is approximately 98% in the FL, which is almost the same as centralized training.

Rui Ye,Jingyi Chai,Xiangrui Liu,Yaodong Yang,Yanfeng Wang,Siheng Chen

2024-06-15

Abstract:Federated learning (FL) enables multiple parties to collaboratively fine-tune an large language model (LLM) without the need of direct data sharing. Ideally, by training on decentralized data that is aligned with human preferences and safety principles, federated instruction tuning can result in an LLM that could behave in a helpful and safe manner. In this paper, we for the first time reveal the vulnerability of safety alignment in FedIT by proposing a simple, stealthy, yet effective safety attack method. Specifically, the malicious clients could automatically generate attack data without involving manual efforts and attack the FedIT system by training their local LLMs on such attack data. Unfortunately, this proposed safety attack not only can compromise the safety alignment of LLM trained via FedIT, but also can not be effectively defended against by many existing FL defense methods. Targeting this, we further propose a post-hoc defense method, which could rely on a fully automated pipeline: generation of defense data and further fine-tuning of the LLM. Extensive experiments show that our safety attack method can significantly compromise the LLM's safety alignment (e.g., reduce safety rate by 70\%), which can not be effectively defended by existing defense methods (at most 4\% absolute improvement), while our safety defense method can significantly enhance the attacked LLM's safety alignment (at most 69\% absolute improvement).

Computation and Language,Artificial Intelligence,Cryptography and Security,Multiagent Systems

Yanghe Pan,Zhou Su,Yuntao Wang,Ruidong Li,Yuan Wu

DOI: https://doi.org/10.1109/jiot.2024.3439599

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) has gained widespread adoption in Internet of Things (IoT) applications, promoting the evolution of IoT towards artificial intelligence of Things (AIoT). However, IoT devices are still vulnerable to various privacy inference attacks in FL. While current solutions aim to protect the privacy of devices during model training, the published model is still at risk from external privacy attacks during model deployment. To address the privacy concerns throughout the entire FL lifecycle, this paper proposes a privacy-enhanced and efficient federated knowledge transfer framework for IoT, named PEFKT, which integrates the knowledge transfer method and local differential privacy (LDP) mechanism. In PEFKT, we devise a data diversity-driven grouping strategy to tackle the non-independent and identically distributed (non-IID) issue in IoT. Additionally, we design a quality-aware soft-label aggregation algorithm to facilitate effective knowledge transfer, thereby improving the performance of the student model. Finally, we provide rigorous privacy analysis and validate the feasibility and effectiveness of PEFKT through extensive experiments on real datasets.

Nasir Ahmad Jalali,Hongsong Chen

DOI: https://doi.org/10.26599/tst.2023.9010007

2024-04-01

Abstract:The widespread use of the Internet of Things (IoTs) and the rapid development of artificial intelligence technologies have enabled applications to cross commercial and industrial band settings. Within such systems, all participants related to commercial and industrial systems must communicate and generate data. However, due to the small storage capacities of IoT devices, they are required to store and transfer the generated data to third-party entity called “cloud”, which creates one single point to store their data. However, as the number of participants increases, the size of generated data also increases. Therefore, such a centralized mechanism for data collection and exchange between participants is likely to face numerous challenges in terms of security, privacy, and performance. To address these challenges, Federated Learning (FL) has been proposed as a reasonable decentralizing approach, in which clients no longer need to transfer and store real data in the central server. Instead, they only share updated training models that are trained over their private datasets. At the same time, FL enables clients in distributed systems to share their machine learning models collaboratively without their training data, thus reducing data privacy and security challeges. However, slow model training and the execution of additional unnecessary communication rounds may hinder FL applications from operating properly in a distributed system. Furthermore, these unnecessary communication rounds make the system vulnerable to security and privacy issues, because irrelevant model updates are sent between clients and servers. Thus, in this work, we propose an algorithm for fully homomorphic encryption called Cheon-Kim-Kim-Song (CKKS) to encrypt model parameters for their local information privacy-preserving function. The proposed solution uses the impetus term to speed up model convergence during the model training process. Furthermore, it establishes a secure communication channel between IoT devices and the server. We also use a lightweight secure transport protocol to mitigate the communication overhead, thereby improving communication security and efficiency with low communication latency between client and server.

computer science, information systems,engineering, electrical & electronic, software engineering