Research On Robust Federated Learning Method With Personalized Privacy

With the rapid development of artificial intelligence,deep learning has been more and more applied to real scenes.However,due to multi-source data,information security,enterprise competition and other factors,in most industries,data exists in the form of islands and cannot be interconnected.Federated learning became the coping method.Federated learning is a distributed machine learning training method.The client can train the local data and upload the model parameters to the server,so that the training can be completed on the premise that the customer data is stored locally.In the urban traffic flow prediction scenario,the collected traffic flow data come from multiple channels and are stored in different public institutions,so researchers have used federated learning to predict urban traffic flow.But federated learning itself has its pitfalls.The original gradients uploaded by customers may reveal information about local data,and ordinary weighted average aggregation rules cannot resist the threat of Byzantine attacks.In this dissertation,the following work has been done to solve the above problems.Firstly,for the privacy problem of federated learning gradient,we choose to use differential privacy technology to protect model parameter updates,and propose F-DPGRU(Federated Differential Privacy Gated Recurrent Unit)algorithm.Compared with the ordinary federated learning GRU(Gate Recurrent Unit)training,the client in this dissertation adds noise to the gradient in the local GRU model,and then uploads the model parameters to the server.It makes the client algorithm(ε,δ)-differential privacy,parameter update is random,which effectively prevents parameters from being stolen by attackers and protects data privacy.Secondly,in view of the vulnerability of the general weighted average aggregation mechanism in the F-DPGRU algorithm,the server selects the median mechanism to aggregate the model parameter updates to improve the robustness of the model.It keeps the error rate of the global model within the order optimal error rate,and ensures the convergence of the global model even if individual work nodes fail.Thirdly,different clients may have different privacy protection needs.Combining local differential privacy with user differential privacy,a personalized differential privacy mechanism is proposed.Clients are divided into two categories.The client that do not trust the server perform local differential privacy protection and upload disturbed model parameters to the server.The client that trusts the server uploads the original model parameter updates,and then performs differential privacy protection on the server.Thus,under the premise of meeting different privacy needs,the accuracy of the model is effectively improved.Aiming at these three points,this dissertation has carried out experiments on two traffic flow data sets,and achieved good prediction results under different scenarios,which reflects the feasibility and superiority of this method,and has a good reference for the field of traffic flow prediction.