Netinfo Security ›› 2024, Vol. 24 ›› Issue (1): 69-79.doi: 10.3969/j.issn.1671-1122.2024.01.007

Previous Articles     Next Articles

Research on Centralized Differential Privacy Algorithm for Federated Learning

XU Ruzhi, DAI Lipeng(), XIA Diya, YANG Xin   

  1. School of Control and Computer Engineering, North China Electric Power University, Beijing 102200, China
  • Received:2023-08-20 Online:2024-01-10 Published:2024-01-24
  • Contact: DAI Lipeng E-mail:dlpdaniel1234@163.com

Abstract:

Federated learning has received increasing attention in recent years for breaking down “data silos” with unique training methods. However, when the global model is trained, federation learning is vulnerable to inference attacks, which may reveal the information of some training members and bring about serious security risks. In order to solve differential attacks caused by semi-honest/malicious clients in federated training, this paper proposed a centralized differential privacy federated learning algorithm DP-FedAC. Firstly, the federal accelerated stochastic gradient descent algorithm was optimized to improve the aggregation mode of the server. After calculating the parameter update difference, the global model was updated by gradient aggregation mode to improve the stable convergence. Then, by adding centralized differential Gaussian noise to the aggregation parameters to hide the contributions of training members, the purpose of protecting the privacy information of participants was achieved. Time accounting (MA) was also introduced to calculate privacy loss to further balance the relationship between model convergence and privacy loss. Finally, comparative experiments were conducted with FedAC, distributed MB-SGD, distributed MB-AC-SGD and other algorithms to evaluate the comprehensive performance of DP-FedAC. The experimental results show that the linear acceleration of DP-FedAC algorithm is closest to that of FedAC in the case of infrequent communication, which is far better than the other two algorithms and has good robustness. In addition, the DP-FedAC algorithm achieves the same model accuracy as the FedAC algorithm on the premise of privacy protection, which reflects the superiority and usability of the algorithm.

Key words: federated learning, privacy leaks, differential privacy, Gaussian noise, privacy tracking

CLC Number: