Research On Federated Learning Method Based On Differential Privacy

With the rapid development of artificial intelligence technology,the application of machine learning technology to various algorithms has brought changes to people's lifestyles,but at the same time it also brings the risk of privacy leakage.Throughout the development history of machine learning,it can be found that due to people's attention to private data and the increasingly strong protection of citizens' privacy by relevant laws and regulations of various countries,the problem of data island has become increasingly prominent.However,without the support of massive data,the model accuracy is difficult to improve.In this dilemma,Google research team proposed the concept of federated machine learning,which can not only meet the needs of privacy protection of all parties,but also improve the accuracy of the model.Therefore,once proposed,federated learning quickly became the focus.This paper focuses on the horizontal federated learning algorithm and proposes a horizontal federated learning algorithm based on localized differential privacy.The main work of this paper is as follows:First of all,this paper studies and analyzes the basic process of federated learning,such as local model training,model parameter transmission,coordinators model parameter aggregation averaging,etc.In the process of model parameter transmission,scholars have proved that once a data leak occurs,an attacker can infer the user's sensitive data based on gradient changes.To solve this problem,this paper studies the differential privacy correlation algorithm,and according to some characteristics of the localized differential privacy,the localized differential privacy is applied to federated learning.Then,this paper proposes a new federated learning algorithm based on localized differential privacy-GR-FedAvg(Gradient Random response-FedAvg)algorithm: Based on the theory of localized differential privacy,the GR-FedAvg algorithm is used locally on the Trainer side(On the user side)the model parameters that will be transferred to the server side(data collection side)are converted into binary and a new method of random perturbation based on the binary string is proposed.Then,due to the different perturbation methods,the server side is The binary string sent from the Trainer terminal is designed with corresponding decoding,correction schemes and regression statistical methods.All the binary strings transmitted from the Trainer terminal are added by bit,and then corrected according to the bit weight,and averaged.Finally,this paper compares the GR-FedAvg algorithm with the classic horizontal federation FedAvg algorithm.Experiments show that because the GR-FedAvg algorithm satisfies the -localized differential privacy,it greatly enhances the privacy protection of communication data.Compared with the two FedAvg algorithm reproduction experiments,there is only a small loss of accuracy,and these costs are completely acceptable.