SFLES: Shuffled differentially private federated learning with early-stopping strategy

IF 7.5 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Expert Systems with Applications Pub Date : 2025-10-10 DOI:10.1016/j.eswa.2025.129970

Yanhui Li , Chen Huang , Yuxin Zhao , Xinjie Du , Junqing Huang , Ye Yuan

{"title":"SFLES: Shuffled differentially private federated learning with early-stopping strategy","authors":"Yanhui Li , Chen Huang , Yuxin Zhao , Xinjie Du , Junqing Huang , Ye Yuan","doi":"10.1016/j.eswa.2025.129970","DOIUrl":null,"url":null,"abstract":"<div><div>Federated Learning (FL) allows multiple clients to collaboratively train a global model without sharing raw data, yet it remains susceptible to privacy attacks. The recently proposed shuffle model of differential privacy (DP) offers a promising solution by leveraging privacy amplification to achieve strong local privacy guarantees while maintaining high utility. However, existing approaches based on this model rely on conventional Gaussian or Laplace mechanisms, which introduce unbounded noise and risk significant data distortion. Furthermore, these methods typically exhibit inefficient privacy budget allocation and suffer from excessive communication overhead and computational costs imposed by fixed training rounds, ultimately degrading performance. To address these limitations, we present SFLES, a novel shuffled differentially private FL framework designed to robustly prevent privacy leakage while optimizing model utility. In particular, SFLES employs Top-<em>k</em> sparsification to compress local model updates and integrates an adaptive, layer-wise bounded noise mechanism based on a symmetric piecewise distribution for fine-grained noise injection. To enhance efficiency, we propose a novel directional similarity-aware aggregation strategy, which prioritizes updates with consistent directional trends, accelerating convergence under DP constraints. Additionally, SFLES incorporates a dynamic early-stopping strategy that tracks update conflict rates and global accuracy trends, dynamically terminating training upon convergence detection and reallocating residual privacy budgets to subsequent rounds for improved utility. Extensive evaluations on MNIST, Fashion-MNIST, and CIFAR-10 demonstrate that SFLES surpasses state-of-the-art alternatives in balancing privacy-utility trade-offs, convergence speed, and communication efficiency.</div></div>","PeriodicalId":50461,"journal":{"name":"Expert Systems with Applications","volume":"299 ","pages":"Article 129970"},"PeriodicalIF":7.5000,"publicationDate":"2025-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Expert Systems with Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0957417425035857","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning (FL) allows multiple clients to collaboratively train a global model without sharing raw data, yet it remains susceptible to privacy attacks. The recently proposed shuffle model of differential privacy (DP) offers a promising solution by leveraging privacy amplification to achieve strong local privacy guarantees while maintaining high utility. However, existing approaches based on this model rely on conventional Gaussian or Laplace mechanisms, which introduce unbounded noise and risk significant data distortion. Furthermore, these methods typically exhibit inefficient privacy budget allocation and suffer from excessive communication overhead and computational costs imposed by fixed training rounds, ultimately degrading performance. To address these limitations, we present SFLES, a novel shuffled differentially private FL framework designed to robustly prevent privacy leakage while optimizing model utility. In particular, SFLES employs Top-k sparsification to compress local model updates and integrates an adaptive, layer-wise bounded noise mechanism based on a symmetric piecewise distribution for fine-grained noise injection. To enhance efficiency, we propose a novel directional similarity-aware aggregation strategy, which prioritizes updates with consistent directional trends, accelerating convergence under DP constraints. Additionally, SFLES incorporates a dynamic early-stopping strategy that tracks update conflict rates and global accuracy trends, dynamically terminating training upon convergence detection and reallocating residual privacy budgets to subsequent rounds for improved utility. Extensive evaluations on MNIST, Fashion-MNIST, and CIFAR-10 demonstrate that SFLES surpasses state-of-the-art alternatives in balancing privacy-utility trade-offs, convergence speed, and communication efficiency.

查看原文本刊更多论文

基于早期停止策略的不同洗牌私有联邦学习

联邦学习（FL）允许多个客户端在不共享原始数据的情况下协作训练全局模型，但它仍然容易受到隐私攻击。最近提出的差分隐私（DP） shuffle模型提供了一个很有前途的解决方案，它利用隐私放大来实现强大的本地隐私保证，同时保持高效用。然而，现有的基于该模型的方法依赖于传统的高斯或拉普拉斯机制，这些机制会引入无界噪声，并有严重的数据失真风险。此外，这些方法通常表现出低效的隐私预算分配，并且由于固定的训练轮次而遭受过多的通信开销和计算成本，最终降低了性能。为了解决这些限制，我们提出了sles，这是一种新颖的洗刷差分私有FL框架，旨在在优化模型效用的同时稳健地防止隐私泄露。特别地，sles采用Top-k稀疏化来压缩局部模型更新，并集成了一种基于对称分段分布的自适应分层有界噪声机制，用于细粒度噪声注入。为了提高效率，我们提出了一种新的定向相似感知聚合策略，该策略优先考虑具有一致方向趋势的更新，加速了DP约束下的收敛。此外，sles集成了动态早期停止策略，跟踪更新冲突率和全局准确性趋势，在收敛检测时动态终止训练，并将剩余隐私预算重新分配给后续轮次，以提高效用。对MNIST、Fashion-MNIST和CIFAR-10的广泛评估表明，sles在平衡隐私-效用权衡、收敛速度和通信效率方面超过了最先进的替代方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Expert Systems with Applications 工程技术-工程：电子与电气

CiteScore

13.80

自引率

10.60%

发文量

2045

审稿时长

8.7 months

期刊介绍： Expert Systems With Applications is an international journal dedicated to the exchange of information on expert and intelligent systems used globally in industry, government, and universities. The journal emphasizes original papers covering the design, development, testing, implementation, and management of these systems, offering practical guidelines. It spans various sectors such as finance, engineering, marketing, law, project management, information management, medicine, and more. The journal also welcomes papers on multi-agent systems, knowledge management, neural networks, knowledge discovery, data mining, and other related areas, excluding applications to military/defense systems.