摘要
为解决“数据孤岛”和隐私泄露问题,联邦学习将训练任务部署在多个客户端进行本地训练。然而,分布式训练环境易受拜占庭攻击,拜占庭敌手可以同时控制多个客户端,并以投毒方式直接影响全局模型性能。针对联邦学习中的拜占庭攻击和防御进行全面分析和总结,首先根据有无梯度保护将联邦学习分为普通联邦学习和隐私保护联邦学习,介绍了联邦学习在拜占庭攻击方面面临的威胁和挑战,梳理其安全模型中的敌手能力和攻击策略。然后根据技术路线对现有防御策略进行分类和对比,并分析可扩展到安全隐私联邦学习中的技术路线。最后,对几种实际情况下的拜占庭防御策略进行展望。
To solve the problems of data island and privacy leakage,federated learning(FL)deploys training tasks to multiple clients for local training individually.However,distributed training environment is prone to Byzantine attacks,where adversaries can control multiple clients simultaneously and affect global model by a poisoning method.The comprehensive analysis and summary of Byzantine attacks and defense in FL are achieved.Firstly,the FL is classified into ordinary and privacy protection types with or without the gradient protection.Secondly,The threats and challenges of Byzantine attacks in FL are introduced,the capabilities and attack strategies of Byzantine adversaries in the security model are sorted out.Finally,according to the technical routes,existing defense strategies are classified and compared to be extended to the technical routes in the safety and privacy protection FL,which prospects several practical Byzantine defensive strategies.
作者
孙钰
刘霏霏
李大伟
刘建伟
SUN Yu;LIU Feifei;LI Dawei;LIU Jianwei(School of Cyber Science and Techonology,Beihang University,Beijing 100191,China;Key Lab.of Ministry of Industry and Information Technology for Cyberspace Security,Beihang University,Beijing 100191,China)
基金
国家重点研发计划(2021YFB2700200)
国家自然科学基金(U21B2021,61972018,61932014,62002006)。
关键词
联邦学习
拜占庭攻击
安全与隐私
密码学
鲁棒性
FL(federated learning)
byzantine attack
safety and privacy
cryptography
robustness
