Staged Noise Perturbation for Privacy-Preserving Federated Learning

Abstract

Federated learning (FL) is a distributed machine learning paradigm that addresses the challenges of privacy leakage and data silos by collaboratively training the global model through parameter exchange, rather than data, between the central server and local clients. However, recent researches highlight the vulnerability of FL to gradient leakage attacks where adversaries exploit shared parameters from clients to reconstruct sensitive training data. Differential privacy (DP) effectively mitigates this threat by adding noise to shared parameters, yet introduces a trade-off between privacy and accuracy in FL. To better balance the privacy and accuracy, in this paper we propose a staged noise perturbation strategy, called alternating noise permutation (ANP), from a novel perspective. ANP adds Gaussian-distributed random noise to model parameters during the critical learning period of FL, following DP principles. While in non-critical learning period, ANP alternately permutes the noise during odd and even communication rounds, achieving near mutual cancellation and mitigating the negative impact. Experimental results across three datasets and two neural networks under both independent identical distribution (IID) and NonIID scenarios demonstrate that ANP significantly improves classification accuracy and exhibits robustness against gradient leakage attack, ensuring the effectiveness of FL for secure and accurate collaborative model training.