面向用户的支持用户掉线的联邦学习数据隐私保护方法

doi:10.3969/j.issn.1671-1122.2021.03.008

信息网络安全 ›› 2021, Vol. 21 ›› Issue (3): 64-71.doi: 10.3969/j.issn.1671-1122.2021.03.008

面向用户的支持用户掉线的联邦学习数据隐私保护方法

路宏琳¹^,², 王利明¹()

1.中国科学院信息工程研究所,北京 100093
2.中国科学院大学网络空间安全学院,北京 100049

收稿日期:2021-01-17 出版日期:2021-03-10 发布日期:2021-03-16
通讯作者: 王利明 E-mail:wangliming@iie.ac.cn
作者简介:路宏琳（1995—）,女,山东,硕士研究生,主要研究方向为数据隐私保护|王利明（1978—）,男,北京,正高级工程师,博士,主要研究方向为网络安全
基金资助:
国家重点研发计划(2017YFB0801901)

User-oriented Data Privacy Preserving Method for Federated Learning that Supports User Disconnection

LU Honglin¹^,², WANG Liming¹()

1. Institute of Information Engineering, University of Chinese Academy of Sciences, Beijing 100093, China
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

Received:2021-01-17 Online:2021-03-10 Published:2021-03-16
Contact: WANG Liming E-mail:wangliming@iie.ac.cn

摘要/Abstract

摘要：

联邦学习是解决多组织协同训练问题的一种有效手段,但是现有的联邦学习存在不支持用户掉线、模型API泄露敏感信息等问题。文章提出一种面向用户的支持用户掉线的联邦学习数据隐私保护方法,可以在用户掉线和保护的模型参数下训练出一个差分隐私扰动模型。该方法利用联邦学习框架设计了基于深度学习的数据隐私保护模型,主要包含两个执行协议:服务器和用户执行协议。用户在本地训练一个深度模型,在本地模型参数上添加差分隐私扰动,在聚合的参数上添加掉线用户的噪声和,使得联邦学习过程满足(ε,δ)-差分隐私。实验表明,当用户数为50、ε=1时,可以在模型隐私性与可用性之间达到平衡。

关键词: 联邦学习, 深度学习, 隐私保护, 差分隐私, 用户掉线

Abstract:

Federated learning is an effective method to solve the problem of multi-organization collaborative training. However, existing federated learning has problems such as not supporting user disconnection and model API leaking sensitive information. This paper proposes a user-oriented federated learning data privacy preserving method that supports user disconnection, which can train a differential privacy disturbance model under user disconnection and protected model parameters. This paper uses a federated learning framework to design a data privacy preserving model based on deep learning. It mainly contains two execution protocols, server and user execution protocol. User trains a deep model locally, adds differential privacy disturbance to the local model parameters, and adds sum noise of dropped users to the aggregated parameters so that the federated learning process meets (ε,δ)-differential privacy. Experiments show that when the number of users is 50 and ε=1, a balance can be reached between model privacy and usability.

Key words: federated learning, deep learning, privacy preserving, differential privacy, user disconnection

中图分类号:

TP309

路宏琳, 王利明. 面向用户的支持用户掉线的联邦学习数据隐私保护方法[J]. 信息网络安全, 2021, 21(3): 64-71.

LU Honglin, WANG Liming. User-oriented Data Privacy Preserving Method for Federated Learning that Supports User Disconnection[J]. Netinfo Security, 2021, 21(3): 64-71.

图/表 8

图1

图2

图3

表1

图4

图5

图6

图7

参考文献 18

[1]	CUSTERS B, SEARS A M, DECHESNE F, et al. Information Technology and Law Series[M]. USA: Oxford University Press, 2019.
[2]	MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-efficient Learning of Deep Networks from Decentralized Data [C]//JMLR. 20th International Conference on Artificial Intelligence and Statistics (AISTATS). April 20-22, 2017, Fort Lauderdale, FL, USA. New York: JMLR, 2017: 1273-1282.
[3]	YANG Wensi. Research on Credit Card Fraud Detection System Based on Federated Learning[D]. Shenzhen: University of Chinese Academy of Sciences (Shenzhen Institute of Advanced Technology, Chinese Academy of Sciences), 2020.
	阳文斯. 基于联邦学习的信用卡欺诈检测系统研究[D].深圳:中国科学院大学(中国科学院深圳先进技术研究院), 2020.
[4]	CHEN Guorun, MU Meirong, ZHANG Rui, et al. Implementation of Communication Fraud Recognition Model Based on Federated Learning[J]. Telecommunications Science, 2020. 36(S1):304-310.
	陈国润, 母美荣, 张蕊, 等. 基于联邦学习的通信诈骗识别模型的实现[J]. 电信科学, 2020. 36(S1):304-310.
[5]	SHOKRI R, STRONATI M, SONG C, et al. Membership Inference Attacks Against Machine Learning Models [C]//IEEE. IEEE Symposium on Security and Privacy, May 22-26, 2017, San Jose, CA, USA. New Jersey: IEEE, 2017: 3-18.
[6]	FREDRIKSON M, JHA S, RISTENPART T. Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures [C]//ACM. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, October 12-16, 2015, Denver, CO, USA. New York: ACM, 2015: 1322-1333.
[7]	WU X, FREDRIKSON M, JHA S, et al. A Methodology for Formalizing Model-inversion Attacks [C]// IEEE. IEEE 29th Computer Security Foundations Symposium (CSF), June 27-July 1, 2016, Lisbon, Portugal. New Jersey: IEEE, 2016: 355-370.
[8]	DWORK C. Differential Privacy: A Survey of Results [C]//Springer. Theory and Applications of Models of Computation, 5th International Conference, TAMC, April 25-29, 2008, Xi'an, China. Heidelberg: Springer, 2008: 1-19.
[9]	PATHAK M A, RANE S, RAJ B. Multiparty Differential Privacy via Aggregation of Locally Trained Classifiers[C]//MIT Press. Advances in Neural Information Processing Systems 23: 24th Annual Conference on Neural Information Processing Systems 2010, December 6-9, 2010, Vancouver, British Columbia, Canada. Cambridge: MIT Press, 2010: 1876-1884.
[10]	DWORK C. Calibrating Noise to Sensitivity in Private Data Analysis [C]//Springer. Theory of Cryptography, Third Theory of Cryptography Conference, March 4-7, 2006, New York, USA. Berlin: Springer, 2006: 265-284.
[11]	ROBIN C G, TASSILO K, MOIN N. Differentially Private Federated Learning: A Client Level Perspective[C]//MIT Press. Neural Information Processing Systems, December 8, 2017, Long Beach, USA. Cambridge: MIT Press, 2017: 1-7.
[12]	PHONG L T, AONO Y, HAYASHI T, et al. Privacy-preserving Deep Learning via Additively Homomorphic Encryption[J]. IEEE Transactions on Information Forensics and Security, 2018,13(5):1333-1345.
[13]	KANG Wei, LI Jun, MING Ding, et al. Federated Learning with Differential Privacy: Algorithms and Performance Analysis[EB/OL]. https://doi.org/10.1109/TIFS.2020.2988575, 2021-01-04.
[14]	SUN Lichao, QIAN Jianwei, CHEN Xun, et al. LDP-FL: Practical Private Aggregation in Federated Learning with Local Differential Privacy[EB/OL]. https://arxiv.org/abs/2007.15789, 2020-08-03.
[15]	DWORK C, ROTH A. The Algorithmic Foundations of Differential Privacy[J]. Found Trends Theor Comput Sci, 2014,9(3-4):211-407.
[16]	MCSHERRY F, TALWAR K. Mechanism Design via Differential Privacy [C]//IEEE. 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07), October 20-23, 2007, Providence, RI, USA. New Jersey: IEEE, 2007: 94-103.
[17]	MCSHERRY F. Privacy Integrated Queries: An Extensible Platform for Privacy-preserving Data Analysis [C]//ACM. Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, June 29-July 2, 2009, Providence, Rhode Island, USA. New York: ACM, 2009: 19-30.
[18]	ABADI M, CHU A, GOODFELLOW I J, et al. Deep Learning with Differential Privacy [C]//ACM. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, October 24-28, 2016. Vienna, Austria. New York: ACM, 2016: 308-318.

卷积层	输入通道	卷积核大小	步长	池化核大小	输出通道
1层卷积	1	$5\times 5$	1	$2\times 2$	20
2层卷积	20	$5\times 5$	1	$2\times 2$	50

面向用户的支持用户掉线的联邦学习数据隐私保护方法

User-oriented Data Privacy Preserving Method for Federated Learning that Supports User Disconnection

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 18

相关文章 15

编辑推荐

Metrics

本文评价

[1]	周由胜, 王明, 刘媛妮. 支持区间查询的基于位置服务外包数据隐私保护方案[J]. 信息网络安全, 2021, 21(3): 26-36.
[2]	刘峰, 杨杰, 齐佳音. 基于哈希证明系统的区块链两方椭圆曲线数字签名算法研究[J]. 信息网络安全, 2021, 21(1): 19-26.
[3]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[4]	吴警, 芦天亮, 杜彦辉. 基于Char-RNN改进模型的恶意域名训练数据生成技术[J]. 信息网络安全, 2020, 20(9): 6-11.
[5]	王文华, 郝新, 刘焱, 王洋. AI系统的安全测评和防御加固方案[J]. 信息网络安全, 2020, 20(9): 87-91.
[6]	李宁波, 周昊楠, 车小亮, 杨晓元. 云环境下基于多密钥全同态加密的定向解密协议设计[J]. 信息网络安全, 2020, 20(6): 10-16.
[7]	张佳程, 彭佳, 王雷. 大数据环境下的本地差分隐私图信息收集方法[J]. 信息网络安全, 2020, 20(6): 44-56.
[8]	张蕾华, 黄进, 张涛, 王生玉. 视频侦查中人像智能分析应用及算法优化[J]. 信息网络安全, 2020, 20(5): 88-93.
[9]	王蓉, 马春光, 武朋. 基于联邦学习和卷积神经网络的入侵检测方法[J]. 信息网络安全, 2020, 20(4): 47-54.
[10]	彭长根, 赵园园, 樊玫玫. 基于最大信息系数的主成分分析差分隐私数据发布算法[J]. 信息网络安全, 2020, 20(2): 37-48.
[11]	毕新亮, 杨海滨, 杨晓元, 黄思远. 基于StarGAN的生成式图像隐写方案[J]. 信息网络安全, 2020, 20(12): 64-71.
[12]	程洋, 雷敏, 罗群. 基于深度学习的物联网终端设备接入认证方法[J]. 信息网络安全, 2020, 20(11): 67-74.
[13]	肖彪, 闫宏强, 罗海宁, 李炬成. 基于差分隐私的贝叶斯网络隐私保护算法的改进研究[J]. 信息网络安全, 2020, 20(11): 75-86.
[14]	何泾沙, 杜晋晖, 朱娜斐. 基于k匿名的准标识符属性个性化实现算法研究[J]. 信息网络安全, 2020, 20(10): 19-26.
[15]	黄保华, 程琪, 袁鸿, 黄丕荣. 基于距离与误差平方和的差分隐私K-means聚类算法[J]. 信息网络安全, 2020, 20(10): 34-40.