| The performance of machine learning models largely depends on the amount of data.However,with the improvement of privacy awareness,data sharing has become more and more difficult.Many institutions are unwilling to share data due to field characteristics or interests,which reduces the use value of data and poses a greater challenge to machine learning.The proposal of Federated Learning framework has alleviated this problem.It allows participants to jointly train a machine learning model without exposing local data.In Federated Learning,participants train their local models,upload parameters to the server for aggregation,and get a common global model,so as to achieve the effect of training with common data.Although the participants' data is not directly exposed to the outside world,Federated Learning still faces a series of privacy threats.For example,inference attacks can still deduce data information through model gradients.It puts forward higher requirements for the privacy protection function of Federal Learning.Generally speaking,the server calculates average value for model aggregation.For some poisoning-resistant scenarios,the central server has higher computing ability or data permissions.Privacy threats still exist in this scenario.Thesis focuses on the research of privacy protection in the Federated Learning,and aims to the application design of homomorphic encryption and secret sharing in this framework.Thesis constructs a privacy protection framework with high flexibility and strong security capability.The work of thesis is divided into two aspects below:(1)Aiming at the inference threat caused by the exposure of model parameters in communication and on the server side,thesis designs a privacy protection scheme of Federated Learning under average aggregation.Thesis demonstrates confidentiality,analyzes the function and performance and compares them with similar schemes,and verifies the scheme by experiments.The analysis shows that the scheme can resist privacy threats from the third party,the server and user collusion,have tolerance for user disconnection.Besides,the interaction process of this scheme is relatively simple.(2)In view of the privacy threat caused by the server's defense against poisoning attack and the contradiction between the data access requirements of privacy protection and poisoning detection,thesis designs a Federated Learning scheme combining privacy protection and poisoning defense.Thesis demonstrates confidentiality and feasibility,analyzes function and performance,and compares them with similar schemes.Finally the accuracy and time indicators of the scheme are presented through experiments.The analysis shows that the scheme can not only protect the privacy of model parameters,but also resist certain collusion threats. |
PDF Full Text Request