PRoT-FL: A privacy-preserving and robust Training Manager for Federated Learning

IF 7.4 1区管理学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Processing & Management Pub Date : 2024-10-11 DOI:10.1016/j.ipm.2024.103929

Idoia Gamiz , Cristina Regueiro , Eduardo Jacob , Oscar Lage , Marivi Higuero

{"title":"PRoT-FL: A privacy-preserving and robust Training Manager for Federated Learning","authors":"Idoia Gamiz , Cristina Regueiro , Eduardo Jacob , Oscar Lage , Marivi Higuero","doi":"10.1016/j.ipm.2024.103929","DOIUrl":null,"url":null,"abstract":"<div><div>Federated Learning emerged as a promising solution to enable collaborative training between organizations while avoiding centralization. However, it remains vulnerable to privacy breaches and attacks that compromise model robustness, such as data and model poisoning. This work presents PRoT-FL, a privacy-preserving and robust Training Manager capable of coordinating different training sessions at the same time. PRoT-FL conducts each training session through a Federated Learning scheme that is resistant to privacy attacks while ensuring robustness. To do so, the model exchange is conducted by a “Private Training Protocol” through secure channels and the protocol is combined with a public blockchain network to provide auditability, integrity and transparency. The original contribution of this work includes: (i) the proposal of a “Private Training Protocol” that breaks the link between a model and its generator, (ii) the integration of this protocol into a complete system, PRoT-FL, which acts as an orchestrator and manages multiple trainings and (iii) a privacy, robustness and performance evaluation. The theoretical analysis shows that PRoT-FL is suitable for a wide range of scenarios, being capable of dealing with multiple privacy attacks while maintaining a flexible selection of methods against attacks that compromise robustness. The experimental results are conducted using three benchmark datasets and compared with traditional Federated Learning using different robust aggregation rules. The results show that those rules still apply to PRoT-FL and that the accuracy of the final model is not degraded while maintaining data privacy.</div></div>","PeriodicalId":50365,"journal":{"name":"Information Processing & Management","volume":null,"pages":null},"PeriodicalIF":7.4000,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Processing & Management","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0306457324002887","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning emerged as a promising solution to enable collaborative training between organizations while avoiding centralization. However, it remains vulnerable to privacy breaches and attacks that compromise model robustness, such as data and model poisoning. This work presents PRoT-FL, a privacy-preserving and robust Training Manager capable of coordinating different training sessions at the same time. PRoT-FL conducts each training session through a Federated Learning scheme that is resistant to privacy attacks while ensuring robustness. To do so, the model exchange is conducted by a “Private Training Protocol” through secure channels and the protocol is combined with a public blockchain network to provide auditability, integrity and transparency. The original contribution of this work includes: (i) the proposal of a “Private Training Protocol” that breaks the link between a model and its generator, (ii) the integration of this protocol into a complete system, PRoT-FL, which acts as an orchestrator and manages multiple trainings and (iii) a privacy, robustness and performance evaluation. The theoretical analysis shows that PRoT-FL is suitable for a wide range of scenarios, being capable of dealing with multiple privacy attacks while maintaining a flexible selection of methods against attacks that compromise robustness. The experimental results are conducted using three benchmark datasets and compared with traditional Federated Learning using different robust aggregation rules. The results show that those rules still apply to PRoT-FL and that the accuracy of the final model is not degraded while maintaining data privacy.

查看原文本刊更多论文

PRoT-FL：用于联盟学习的保护隐私且稳健的培训管理器

联盟学习（Federated Learning）是一种很有前途的解决方案，既能实现组织间的协作培训，又能避免集中化。然而，它仍然容易受到隐私泄露和攻击的影响，从而破坏模型的鲁棒性，如数据和模型中毒。本研究提出的 PRoT-FL 是一种保护隐私且稳健的培训管理器，能够在同一时间协调不同的培训会话。PRoT-FL 通过联邦学习方案进行每个训练会话，该方案既能抵御隐私攻击，又能确保稳健性。为此，模型交换由 "私人培训协议 "通过安全通道进行，该协议与公共区块链网络相结合，以提供可审计性、完整性和透明度。这项工作的原创性贡献包括(i) 提出 "私人训练协议"，打破模型与其生成器之间的联系；(ii) 将该协议集成到一个完整的系统 PRoT-FL 中，该系统作为协调器管理多个训练；(iii) 进行隐私、稳健性和性能评估。理论分析表明，PRoT-FL 适用于广泛的应用场景，既能应对多种隐私攻击，又能保持灵活的方法选择，抵御损害鲁棒性的攻击。实验结果使用了三个基准数据集，并使用不同的鲁棒性聚合规则与传统的联邦学习进行了比较。结果表明，这些规则仍然适用于 PRoT-FL，而且在维护数据隐私的同时，最终模型的准确性并没有降低。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Processing & Management 工程技术-计算机：信息系统

CiteScore

17.00

自引率

11.60%

发文量

276

审稿时长

39 days

期刊介绍： Information Processing and Management is dedicated to publishing cutting-edge original research at the convergence of computing and information science. Our scope encompasses theory, methods, and applications across various domains, including advertising, business, health, information science, information technology marketing, and social computing. We aim to cater to the interests of both primary researchers and practitioners by offering an effective platform for the timely dissemination of advanced and topical issues in this interdisciplinary field. The journal places particular emphasis on original research articles, research survey articles, research method articles, and articles addressing critical applications of research. Join us in advancing knowledge and innovation at the intersection of computing and information science.