Research On Detection And Defense Technology Of Free-rider Attack In Federated Learning

As countries of the laws and regulations of the data security and privacy of users continuously introduce,user data between different institutions or different department are not allowed to flow gradually.The development of machine learning began to encounter the bottleneck of "data island".Federated learning is the most popular machine learning technology solution to this change.However,there are also some security issues in Federated learning.In recent years,people have successively proposed attack methods such as Poison Attack,Inference Attack,and Free-rider Attack.They did some research on the specifications of these attacks and detection and defense techniques.Among them,people's research on Free-rider Attack basically stays at the theoretical stage.There are only some preliminary studies on the detection and defense of Free-rider,and no detection and defense scheme of paradigm has been proposed.In order to resist these attacks,Federated Learning has continuously introduced some privacy protection technologies,such as homomorphic encryption,secure aggregation,and differential privacy(DP),etc.Homomorphic encryption and secure aggregation technologies have been used in the encryption and privacy protection modules of some Federated learning open-source frameworks,while differential privacy is temporarily in the stage of theoretical research.In response to the above problems,this thesis first summarizes and expands several strategies and attack paradigms for Free-rider attacks in Federated learning.Based on a Deep Autoencoding Gaussian Mixture Model(DAGMM),we propose Delta-DAGMM,a detection and defense algorithm suitable for all Free-rider attack strategies.Furthermore,this thesis studies the Free-rider attack paradigm under the Federated learning framework based on differential privacy.We propose the detection and defense algorithm Delta-DPDAGMM.Finally,based on the above research content,we designed and implemented a Federated learning multi-party secure online computing platform that supports differential privacy.The contribution of the research content of this thesis is as follows:(1)We propose a plaintext-based federated learning Free-rider attack method,and a detection and defense algorithm Delta-DAGMM for this attack method.First,we analyze the scenes of Free-rider in plaintext-based Federated learning,then summarize and summarize several strategies of Free-rider attacks in Federated learning,and finally propose corresponding attack methods.Based on DAGMM,a multi-dimensional abnormal data detection model,a detection and defense algorithm Delta-DAGMM is proposed to adapt to all plaintext free-rider attack strategies.The detection scheme includes three stages of sample processing,compression network,and evaluation network.(2)We study the free-rider attack method under the Federated learning framework based on global differential privacy,and propose a detection and defense algorithm,Delta-DP-DAGMM.We study the global differential privacy framework for federated learning that is most suitable for technology implementation,and on the basis of this framework.We research and propose a Free-rider attack method,and then based on DAGMM,we propose a detection and defense algorithm for all free-rider attacks based on global differential privacy,Delta-DAGMM.(3)In order to fill the gap in the differential privacy technology of the current Federated learning open-source framework,we designed and implemented a Federated learning secure computing system.The system not only supports multiple privacy protection technologies based on security aggregation,homomorphic encryption,and differential privacy,but also encapsulates Free-rider attacks and detection defenses into microservices.The system also provides visualization applications,including multiple index analysis of model analysis and visualization of detection log and detection result of Free-rider attack.In summary,our proposed attack detection and defense algorithms: DeltaDAGMM based on plaintext and Delta-DP-DAGMM,an attack detection scheme based on global differential privacy.They solve the problem that the traditional highdimensional abnormal data detection scheme DAGMM cannot effectively detect all types of Free-rider attack.After experiments,we find that Delta-DAGMM and DeltaDP-DAGMM are significantly better than DAGMM in single and overall precision and F1-score.This thesis also pioneers the realization of a multi-party secure computing platform for Federated learning based on global differential privacy,and encapsulated the offense and defense of Free-rider as microservices,saving computing resources.