摘要
联邦学习是一种隐私保护的分布式机器学习框架,可以让各方参与者在不披露本地数据的前提下共建模型.然而,联邦学习仍然面临拜占庭攻击和用户隐私泄漏等威胁.现有研究结合鲁棒聚合规则和安全计算技术以同时应对上述安全威胁,但是这些方案难以兼顾模型鲁棒性与计算高效性。针对此问题,本文提出一种抗拜占庭攻击的隐私保护联邦学习框架SecFedDMC,在保护用户数据隐私的条件下实现高效的拜占庭攻击检测与防御.基础方案FedDMC采用“先降维后聚类”的策略,设计了高效精准的恶意客户端检测方法.此外,该方法利用的随机主成分分析降维技术和K-均值聚类技术主要由线性运算构成,从而优化了算法在安全计算环境中的适用性。针对基础方案存在的用户数据隐私泄露问题,提出了基于安全多方计算技术的隐私增强方案SecFedDMC.基于轻量级加法秘密分享技术,设计安全的正交三角分解协议和安全的特征分解协议,从而构建双服务器模型下隐私保护的拜占庭鲁棒联邦学习方案,以保护模型训练和拜占庭节点识别过程中的用户隐私.经实验验证,SecFedDMC在保护用户隐私的前提下,可以高效准确地识别拜占庭攻击节点,具有较好的鲁棒性.其中,本方案与最先进的鲁棒联邦学习算法相比,在CIFAR10数据集上,拜占庭攻击节点检测准确率提升12%~24%,全局模型精度提升4.45%~18.48%,计算效率提升33.21%~47.31%.
Federated learning is a privacy-preserving distributed machine learning framework that allows participants to build models without disclosing local data.However,federated learning still faces threats such as Byzantine attacks and client privacy leakage.Existing research combines robust aggregation rules and secure computation techniques to simultaneously address these secu-rity threats,but these solutions fail to balance model robustness with computational efficiency.To address this challenge,this paper presents SecFedDMC,a privacy-preserving federated learn-ing framework resistant to Byzantine attacks.This framework ensures efficient Byzantine attack detection while protecting client data privacy.The basic scheme FedDMC adopts the strategy of'dimensionality reduction followed by clustering to design an efficient and accurate method for ma-licious client detection.Moreover,the method utilizes randomized principal component analysis and K-mean clustering techniques,which primarily involve linear operations,enhancing the ap-plicability of the algorithm in secure computing environments.To address the user data privacy leakage problem in the basic scheme,we propose a privacy-enhanced scheme,SecFedDMC,based on se-cure multiparty computation technology.Based on the lightweight additive secret sharing technique,a secure orthogonal triangular decomposition protocol and a secure eigen decomposition protocol are de-signed.These form the foundation of a Byzantine-robust federated learning scheme under a dual-server model.Theoretical scrutiny substantiates the security of this scheme.Experiments validate that SecFed-DMC efficiently identifies Byzantine attack nodes with precision,demonstrating robustness,all while preserving user privacy.In particular,this scheme compared with the state-of-the-art robust federated learning algorithm,the Byzantine attack node detection accuracy is improved by 12%~24%,the global model accuracy is improved by 4.45%~18.48%,and the computational efficiency is improved by 33.21%~47.31%on the CIFAR10 dataset.
作者
穆旭彤
程珂
宋安霄
张涛
张志为
沈玉龙
MU Xu-Tong;CHENG Ke;SONG An-Xiao;ZHANG Tao;ZHANG Zhi-Wei;SHEN Yu-Long(School of Computer Science and Technology,Xidian University,Xi'an 710071)
出处
《计算机学报》
EI
CAS
CSCD
北大核心
2024年第4期842-861,共20页
Chinese Journal of Computers
基金
国家自然科学基金(No.62220106004,62302368)
国家自然科学基金重大研究计划项目(No.92267204)
陕西省重点研发计划项目(No.2022KXJ-093,2021ZDLGY07-05)
陕西省创新能力支持计划(No.2023-CX-TD-02)
陕西省自然科学基础研究计划资助项目(No.2024JC-YBQN-0701)
山东省重点研发计划项目(No.2023CXPT056)
中央高校基本科研业务费专项(No.XJSJ23040,ZDRC2202)资金资助。
关键词
联邦学习
拜占庭攻击
安全多方计算
隐私保护
模型鲁棒性
隐私计算
federated learning
Byzantine attacks
secure multi-party computation
privacy protection
model robustness
private computing