西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (5): 166-177.doi: 10.19665/j.issn1001-2400.20230202

• 网络空间安全 • 上一篇    下一篇

面向医疗数据的隐私保护联邦学习架构

王波1(),李洪涛2(),王洁2(),郭一娜1()   

  1. 1.太原科技大学 电子与信息工程学院,山西 太原 030024
    2.山西师范大学 数学与计算机科学学院,山西 太原 030039
  • 收稿日期:2022-10-08 出版日期:2023-10-20 发布日期:2023-11-21
  • 通讯作者: 郭一娜
  • 作者简介:王 波(1992—),女,太原科技大学博士研究生,E-mail:mophiebo@126.com|李洪涛(1984—),男,教授,博士,E-mail:lihongtao7758@163.com;|王 洁(1977—),女,教授,博士,E-mail:wjlkt@163.com
  • 基金资助:
    国家自然科学基金(62271341);国家自然科学基金(61702316);国家留学基金委地区合作与高层次人才培养(20201417);山西省自然科学基金(20210302123338)

Federated learning scheme for privacy-preserving of medical data

WANG Bo1(),LI Hongtao2(),WANG Jie2(),GUO Yina1()   

  1. 1. School of Electronic Information Engineering,Taiyuan University of Science and Technology,Taiyuan 030024,China
    2. College of Mathematics and Computer Science,Shanxi Normal University,Taiyuan 030039,China
  • Received:2022-10-08 Online:2023-10-20 Published:2023-11-21
  • Contact: Yina GUO

摘要:

联邦学习作为一种新兴的神经网络训练模型,因其可以在保护用户数据隐私的前提下进行模型训练而受到广泛关注。然而,由于攻击者可以从共享梯度中跟踪和提取参与者的隐私,因此联邦学习仍然面临各种安全和隐私威胁。针对医疗数据在联邦学习过程中面临的隐私泄露问题,基于Paillier同态加密技术提出一种保护隐私的医疗数据联邦学习架构。首先,采用Paillier加密技术对客户端的共享训练模型进行加密,确保训练模型的安全性和隐私性,同时设计了零知识证明身份认证模块确保参与训练成员身份的可信性;其次,在服务器端通过构造消息确认机制将掉线或无响应用户暂时剔除,减少了服务器等待时间,降低了通信开销。实验结果表明,所提机制在实现隐私保护的同时,具有较高的模型准确率,较低的通信时延,并具有一定的可扩展性。

关键词: 联邦学习, 隐私保护技术, 同态加密, 医学图像

Abstract:

As an emerging training model with neural networks,federated learning has received widespread attention due to its ability to carry out model training on the premise of protecting user data privacy.However,since adversaries can track and derive participants’ privacy from the shared gradients,federated learning is still exposed to various security and privacy threats.Aiming at the privacy leakage problem of medical data in the process of federated learning,a secure and privacy-preserving medical data federated learning architecture is proposed based on Paillier homomorphic encryption technology (HEFLPS).First,the shared training model of the client is encrypted with Paillier homomorphic encryption technology to ensure the security and privacy of the training model,and a zero-knowledge proof identity authentication module is designed to ensure the credibility of the training members;second,the disconnected or unresponsive users are temporarily eliminated by constructing a message confirmation mechanism on the server side,which reduces the waiting time of the server and reduces the communication cost.Experimental results show that the proposed mechanism has high model accuracy,low communication delay and a certain scalability while achieving privacy protection.

Key words: federated learning, privacy-preserving techniques, homomorphic encryption, medical image

中图分类号: 

  • TN393