隐私保护的拜占庭鲁棒联邦学习算法

doi:10.19665/j.issn1001-2400.2023.04.012

Abstract

Abstract:

Federated learning is a distributed machine learning paradigm,in which the original training sets of the nodes do not have to leave the local area and they collaborate to train machine learning models by sharing model updates.Most of the current privacy-preserving and Byzantine attack detection researches in the field of federated learning are carried out independently,and the existing Byzantine attack detection methods cannot be directly applied to the privacy-preserving environment,which does not meet the practical application requirements of federated learning.To address these problems,this paper proposes a federated learning algorithm for Byzantine robustness in a privacy-preserving environment with data non-independent and identically distributed.First,privacy protection is provided for model updates (local model gradient information) by differential privacy techniques; then the credibility is evaluated for the current state of nodes based on historical model updates uploaded by nodes; and finally,global model aggregation is performed based on the evaluation results.Simulation results show that in a federated learning environment with data non-independent and identically distributed,and with the privacy protection and Byzantine node ratio of 20%~80%,the proposed algorithm performs Byzantine node detection with both the miss detection rate and the false detection rate at 0%.Meanwhile,the time overhead of Byzantine node detection tends to linearly increase with the increase in the number of the nodes.Compared with the existing Byzantine node detection algorithms,the proposed algorithm can obtain a global model with a higher accuracy in the case of data being non-independent and identically distributed and model privacy protection.

Key words: federated learning, Byzantine attack, anomaly detection, privacy-preserving techniques, differential privacy

CLC Number:

TP39

LI Haiyang,GUO Jingjing,LIU Jiuzun,LIU Zhiquan. Privacy preserving byzantine robust federated learning algorithm[J].Journal of Xidian University, 2023, 50(4): 121-131.

Figures/Tables 12

References 23

[1]	李志鹏, 国雍, 陈耀佛, 等. 基于数据生成的类别均衡联邦学习[J]. 计算机学报, 2023, 46(3):609-625.
	LI Zhipeng, GUO Yong, Chen Yaofo, et al. Class-Balanced Federated Learning Base on Data Generation[J]. Chinese Journal of Computers, 2023, 46(3):609-625.
[2]	李荣昌, 刘涛, 郑海斌, 等. 基于最大最小策略的纵向联邦学习隐私保护方法 (2023)[J/OL].[2023-03-19].https://doi.org/10.16383/j.aas.c211233.
	LI Rongchang, LIU Tao, ZHENG Haibing, et al. Privacy Preserving Method for Vertical Federated Leanig Base on Max-Min Strategy (2023)[J/OL].[2023-03-19].https://doi.org/10.16383/j.aas.c211233.
[3]	KAIROUZ P, MCMAHAN B, AVENT B, et al. Advances and Open Problems in Federated Learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1-2):1-210. doi: 10.1561/2200000083
[4]	顾育豪, 白跃彬. 联邦学习模型安全与隐私研究进展 (2023)[J/OL].[2023-03-19]. http://www.jos.org.cn/1000-9825/6658.htm.
	GU Yuhao, BAI Yuebing. Survey on Security and Privacy of Federated Learning Models (2023)[J/OL].[2023-03-19]. http://www.jos.org.cn/1000-9825/6658.htm.
[5]	刘俊旭, 孟小峰. 机器学习的隐私保护研究综述[J]. 计算机研究与发展, 2020, 57(2):346-362.
	LIU Junxv, MENG Xiaofeng. Survey on Privacy-Preserving Machine Learning[J]. Journal of Computer Research and Development, 2020, 57(2):346-362.
[6]	谭作文, 张连福. 机器学习隐私保护研究综述[J]. 软件学报, 2020, 31(7):2127-2156.
	TAN Zuowen, ZHANG Lianfu. Survey on Privacy Preserving Techniques for Machine Learning[J]. Journal of Software, 2020, 31(7):2127-2156. (in Chinese)
[7]	纪守领, 杜天宇, 李进锋, 等. 机器学习模型安全与隐私研究综述[J]. 软件学报, 2021, 32(1):41-67.
	JI Shouling, DU Tianyu, LI Jinfeng, et al. Security and Privacy of Machine Learning Models:A Survey[J]. Journal of Software, 2021, 32(1):41-67. (in Chinese)
[8]	LIU X, LI H, XU G, et al. Adaptive Privacy-Preserving Federated Learning[J]. Peer-to-Peer Networking and Applications, 2020, 13(6):2356-2366. doi: 10.1007/s12083-019-00869-2
[9]	WEI K, LI J, DING M, et al. User-Level Privacy-Preserving Federated Learning:Analysis and Performance Optimization[J]. IEEE Transactions on Mobile Computing, 2021, 21(9):3388-3401. doi: 10.1109/TMC.2021.3056991
[10]	SHEJWALKAR V, HOUMANSADR A. Manipulating the Byzantine:Optimizing Model Poisoning Attacks and Defenses for Federated Learning[C]// Network and Distributed Systems Security (NDSS) Symposium 2021. San Diego: NDSS, 2021:1-19.
[11]	GU Z, HE L, LI P, et al. FREPD:A Robust Federated Learning Framework on Variational Autoencoder[J]. Computer Systems:Science & Engineering, 2021, 39(3):307-320.
[12]	LI S, CHENG Y, WANG W, et al. Learning to Detect Malicious Clients for Robust Federated Learning (2020)[J/OL].[2020-02-01]. https://arxiv.org/abs/2002.00211v1.
[13]	ZHAO Y, CHEN J, ZHANG J, et al. PDGAN:A Novel Poisoning Defense Method in Federated Learning Using Generative Adversarial Network[C]// Algorithms and Architectures for Parallel Processing:19th International Conference,ICA3PP 2019.Heidelberg:Springer, 2020:595-609.
[14]	ZHAO Y, CHEN J, ZHANG J, et al. Detecting and Mitigating Poisoning Attacks in Federated Learning Using Generative Adversarial Networks[J]. Concurrency and Computation:Practice and Experience, 2022, 34(7):1-12.
[15]	顾兆军, 刘婷婷, 隋翯. 一种ICS异常检测的优化GAN模型[J]. 西安电子科技大学学报, 2022, 49(2):172-181.
	GU Zhaojun, LIU Tingting, SUI He. Latent Feature Reconstruction Generative GAN Model for ICS Anomaly Detection[J]. Journal of Xidian University, 2022, 49(2):172-181.
[16]	CAO X, FANG M, LIU J, et al. FLTrust:Byzantine-Robust Federated Learning via Trust Bootstrapping[C]// Network and Distributed Systems Security (NDSS) Symposium 2021. San Diego: NDSS, 2021:1-18.
[17]	邬开俊, 梅源. VAE-Fuse:一种无监督的多聚焦融合模型[J]. 西安电子科技大学学报, 2022, 49(6):129-138.
	WU Kaijun, MEI Yuan. VAE-Fuse:An Unsupervised Multi-Focus Fusion Model[J]. Journal of Xidian University, 2022, 49(6):129-138.
[18]	陈永, 牛凯玉, 康婕. LSTM循环神经网络的高速铁路越区切换算法[J]. 西安电子科技大学学报, 2023, 50(1):76-84.
	CHENG Yong, NIU Kaiyu, KANG Jie. Handover Algorithm fora High-Speed Railway Based on the LSTM Recurrent Neural Network[J]. Journal of Xidian University, 2023, 50(1):76-84.
[19]	黄茜茜. 基于差分隐私保护的不均衡数据联邦学习方法[D]. 哈尔滨: 哈尔滨工业大学, 2019.
[20]	BLANCHARD P, MAHDI E, GUERRAOUI R, et al. Machine Learning with Adversaries:Byzantine Tolerant Gradient Descent[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. New York: ACM, 2017:118-128.
[21]	YIN D, CHEN Y, RAMCHANDRAN K, et al. Byzantine-Robust Distributed Learning:Towards Optimal Statistical Rates (2018)[C/OL].[2018-03-05]. https://arxiv.org/abs/1803.01498.
[22]	SO J, GÜLER B, AVESTIMEHR A S. Byzantine-Resilient Secure Federated Learning[J]. IEEE Journal on Selected Areas in Communications, 2021: 39(7):2168-2181. doi: 10.1109/JSAC.2020.3041404
[23]	DONG Y, CHEN X, LI K, et al. FLOD:Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority[C]// Computer Security-ESORICS 2021:26th European Symposium on Research in Computer Security.Heidelberg:Springer, 2021:497-518.

设备	参数
工作站	DELL T7920
系统	Ubuntu 18.04 LTS
处理器	2*Intel(R)4210R
主频	2.4 GHz
内存	5 GB×32 GB
显卡	GTX 1650
显存	4 GB

符号	含义
u	联邦学习系统节点数量
epsilon	隐私预算
t_m	虚门限
m_n	联邦学习系统中拜占庭节点占比
ad	部署了异常检测机制
nad	未部署异常检测机制
MLP	自定义的多层感知机模型
CNN	自定义的卷积神经网络模型
IID	独立同分布的数据划分方式

分类	特征	方法
N₁	数据量层面非独立同分布,数据标签类别层面独立同分布	假设数据集有n条数据,平均分为p个分片,则每个分片有n/p条数据;给每个节点随机分配r_p,r_p∈[0,p]个分片的数据
N₂	数据量层面独立同分布,数据标签类别层面非独立同分布	假设数据集的标签有c类,每一类标签都分配c_m条数据;给每个节点随机分配r_c,r_c∈[0,c]类的数据
N₃	数据量和数据标签类别层面都非独立同分布	假设数据集的标签有c类,每一类标签设置c_m条数据,再将每一类数据分为c_p个分片,则每一类数据的分片有c_m/c_p条数据,首先给每个节点随机分r_c,r_c∈[0,c]类数据,然后针对每类数据随机分r_p,r_p∈[0,c_p]个分片的数据

Privacy preserving byzantine robust federated learning algorithm

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 23

Related Articles 12

Metrics

Comments

Recommended 10

[1]	WANG Yuhua,GAO Sheng,ZHU Jianming,HUANG Chen. Efficient deep learning scheme with adaptive differential privacy [J]. Journal of Xidian University, 2023, 50(4): 54-64.
[2]	XU Mengfan,LI Xinghua. Privacy-preserving federated learning with non-transfer learning [J]. Journal of Xidian University, 2023, 50(4): 89-99.
[3]	YANG Xiaohui,ZHUANG Haijing. Anonymous communication model with dynamic negotiation of identifiers [J]. Journal of Xidian University, 2023, 50(4): 100-110.
[4]	WANG Fangwei,XIE Meiyun,LI Qingru,WANG Changguang. Differentially private federated learning framework with adaptive clipping [J]. Journal of Xidian University, 2023, 50(4): 111-120.
[5]	DING Hongfa,TANG Mingli,LIU Hai,JIANG Heling,FU Peiwang,YU Yingying. Model for protection of k-degree anonymity privacy under neighbor subgraph disturbance [J]. Journal of Xidian University, 2023, 50(4): 180-193.
[6]	YAN Yan,DONG Zhuoyue,XU Fei,FENG Tao. Localized location privacy protection method using the Hilbert encoding [J]. Journal of Xidian University, 2023, 50(2): 147-160.
[7]	GU Zhaojun,LIU Tingting,SUI He. Latent feature reconstruction generative GAN model for ICS anomaly detection [J]. Journal of Xidian University, 2022, 49(2): 173-181.
[8]	XU Hua,TIAN Youliang. Protection of privacy of the weighted social network under differential privacy [J]. Journal of Xidian University, 2022, 49(1): 17-25.
[9]	JIANG Shaobin,DU Chun,CHEN Hao,LI Jun,WU Jiangjiang. Unsupervised adversarial learning method for hard disk failure prediction [J]. Journal of Xidian University, 2020, 47(2): 118-125.
[10]	HU Mengxiao,LU Wang,XU Can,LAI Jiazhe. Satellite RCS anomaly detection using the GRU model [J]. Journal of Xidian University, 2019, 46(6): 125-130.
[11]	KANG Haiyan;XIONG Li. Enhancing user privacy for personalized web search in big data [J]. J4, 2014, 41(5): 148-154+160.
[12]	TIAN Yuling. Dendritic cell algorithm for time series oriented anomaly detection [J]. J4, 2014, 41(4): 144-150.