基于生成对抗网络的隐私增强联邦学习方案

Privacy-enhanced federated learning scheme based on generative adversarial networks

联邦学习作为一种分布式机器学习范式,其具有隐私保护能力和异构协作等特性,引起了研究者极大的关注。然而,研究工作表明通过梯度可以确定一个确切的数据记录或一个具有特定属性的数据记录是否包含在其他参与者的批处理中,甚至揭露参与者的训练数据,通常称之为“梯度泄露”。同时,当前隐私增强联邦学习方法的工作可能存在准确率下降或者计算通信开销增加等问题,甚至引发新的不安全因素。因此,提出一种差分隐私增强的生成对抗网络模型,该模型向vanillaGAN中引入了识别器,通过生成器与鉴别器、生成器与识别器两个博弈过程,生成器合成的数据尽可能接近输入数据的同时满足差分隐私的约束。将此模型应用到联邦学习框架中,在一定程度上保证了模型准确率,并且提高了联邦学习框架的隐私保护能力。仿真实验验证了所提方案在客户端/服务器联邦学习架构下的有效性,相比DP-SGD方法,所提方案平衡了数据隐私性与实用性而不是以牺牲准确率为代价来增强隐私保护能力。从理论上分析了所提模型在点对点(P2P,peer-to-peer)架构下的可用性,并讨论了未来研究工作。

Federated learning,a distributed machine learning paradigm,has gained a lot of attention due to its inherent privacy protection capability and heterogeneous collaboration.However,recent studies have revealed a potential privacy risk known as “gradient leakage”,where the gradients can be used to determine whether a data record with a specific property is included in another participant's batch,thereby exposing the participant's training data.Current privacy-enhanced federated learning methods may have drawbacks such as reduced accuracy,computational overhead,or new insecurity factors.To address this issue,a differential privacy-enhanced generative adversarial network model was proposed,which introduced an identifier into vanilla GAN,thus enabling the input data to be approached while satisfying differential privacy constraints.Then this model was applied to the federated learning framework,to improve the privacy protection capability without compromising model accuracy.The proposed method was verified through simulations under the client/server(C/S) federated learning architecture and was found to balance data privacy and practicality effectively compared with the DP-SGD method.Besides,the usability of the proposed model was theoretically analyzed under a peer-to-peer(P2P) architecture,and future research work was discussed.