| Federated learning can effectively solve the problem of data "islands" through collaborative learning of data distributed among multiple users.In the process of federated learning training,users only need to interact with each other through model parameter information or gradient information,instead of directly contacting the local proprietary data of other clients.However,federated learning still faces a series of security and privacy challenges,including data membership inference attack,model stealing attack and poisoning attack.This paper focuses on the data privacy problem in federated learning.Users need to train locally and submit the model parameters to the server for aggregation,so as to obtain the global model.However,in this process,attackers may try to deduce a user's parameter information according to the interactive information,causing data privacy leakage.In this paper,by analyzing the model parameters of interactive information leakage,from the perspective of protecting client privacy,we deeply study how to prevent the model parameters stealing attack suffered by the victim user.The main contributions of this paper are summarized as the following two points:(1)This paper proposes a novel privacy preserving collaborative learning framework(PPCL).By deeply studying the existing privacy attack and defense schemes in federated learning,a privacy protection collaborative learning framework is designed from the perspective of data to alleviate the privacy leakage problem caused by model stealing attack.Specifically,a privacy preserving network transformation method based on random permutation mechanism is proposed,which prevents the inference of victim model parameters by curious servers and malicious clients.Secondly,partial random upload mechanism is applied to reduce the information inference through visualization.In order to further improve the efficiency of training,network pruning technology is introduced and used to accelerate the convergence of training.Combined with security analysis and experimental verification,it shows that the proposed scheme can achieve privacy protection and ensure the convergence and accuracy of security aggregation.(2)This paper proposes an effective model heterogeneous aggregation training scheme(MHAT).Through in-depth study of the existing system architecture and aggregation scheme in federated learning,an effective model heterogeneous aggregation training scheme is designed from the perspective of model,so as to avoid the execution of model stealing attack and realize effective aggregation.Specifically,firstly,knowledge distillation technology is used to extract the update information of all heterogeneous clients.This method relaxes the requirement of unified user model architecture,effectively avoids the execution of attacks,and reduces the communication consumption between users and server.Secondly,by training the auxiliary model on the server,the effective information aggregation is realized,and the resource consumption of the participants in the training process is significantly reduced,while the acceptable convergence accuracy of the model is ensured.Experimental results show that the proposed scheme can achieve privacy protection while ensuring accuracy,and improve the performance of Federated learning. |
PDF Full Text Request