BSR-FL：高效的拜占庭稳健隐私保护联合学习框架

IF 3.6 2区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computers Pub Date : 2024-03-22 DOI:10.1109/TC.2024.3404102

Honghong Zeng;Jie Li;Jiong Lou;Shijing Yuan;Chentao Wu;Wei Zhao;Sijin Wu;Zhiwen Wang

{"title":"BSR-FL：高效的拜占庭稳健隐私保护联合学习框架","authors":"Honghong Zeng;Jie Li;Jiong Lou;Shijing Yuan;Chentao Wu;Wei Zhao;Sijin Wu;Zhiwen Wang","doi":"10.1109/TC.2024.3404102","DOIUrl":null,"url":null,"abstract":"Federated learning (FL) is a technique that enables clients to collaboratively train a model by sharing local models instead of raw private data. However, existing reconstruction attacks can recover the sensitive training samples from the shared models. Additionally, the emerging poisoning attacks also pose severe threats to the security of FL. However, most existing Byzantine-robust privacy-preserving federated learning solutions either reduce the accuracy of aggregated models or introduce significant computation and communication overheads. In this paper, we propose a novel \n<underline>B\nlockchain-based \n<underline>S\necure and \n<underline>R\nobust \n<underline>F\nederated \n<underline>L\nearning (BSR-FL) framework to mitigate reconstruction attacks and poisoning attacks. BSR-FL avoids accuracy loss while ensuring efficient privacy protection and Byzantine robustness. Specifically, we first construct a lightweight non-interactive functional encryption (NIFE) scheme to protect the privacy of local models while maintaining high communication performance. Then, we propose a privacy-preserving defensive aggregation strategy based on NIFE, which can resist encrypted poisoning attacks without compromising model privacy through secure cosine similarity and incentive-based Byzantine-tolerance aggregation. Finally, we utilize the blockchain system to assist in facilitating the processes of federated learning and the implementation of protocols. Extensive theoretical analysis and experiments demonstrate that our new BSR-FL has enhanced privacy security, robustness, and high efficiency.","PeriodicalId":13087,"journal":{"name":"IEEE Transactions on Computers","volume":"73 8","pages":"2096-2110"},"PeriodicalIF":3.6000,"publicationDate":"2024-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"BSR-FL: An Efficient Byzantine-Robust Privacy-Preserving Federated Learning Framework\",\"authors\":\"Honghong Zeng;Jie Li;Jiong Lou;Shijing Yuan;Chentao Wu;Wei Zhao;Sijin Wu;Zhiwen Wang\",\"doi\":\"10.1109/TC.2024.3404102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Federated learning (FL) is a technique that enables clients to collaboratively train a model by sharing local models instead of raw private data. However, existing reconstruction attacks can recover the sensitive training samples from the shared models. Additionally, the emerging poisoning attacks also pose severe threats to the security of FL. However, most existing Byzantine-robust privacy-preserving federated learning solutions either reduce the accuracy of aggregated models or introduce significant computation and communication overheads. In this paper, we propose a novel \\n<underline>B\\nlockchain-based \\n<underline>S\\necure and \\n<underline>R\\nobust \\n<underline>F\\nederated \\n<underline>L\\nearning (BSR-FL) framework to mitigate reconstruction attacks and poisoning attacks. BSR-FL avoids accuracy loss while ensuring efficient privacy protection and Byzantine robustness. Specifically, we first construct a lightweight non-interactive functional encryption (NIFE) scheme to protect the privacy of local models while maintaining high communication performance. Then, we propose a privacy-preserving defensive aggregation strategy based on NIFE, which can resist encrypted poisoning attacks without compromising model privacy through secure cosine similarity and incentive-based Byzantine-tolerance aggregation. Finally, we utilize the blockchain system to assist in facilitating the processes of federated learning and the implementation of protocols. Extensive theoretical analysis and experiments demonstrate that our new BSR-FL has enhanced privacy security, robustness, and high efficiency.\",\"PeriodicalId\":13087,\"journal\":{\"name\":\"IEEE Transactions on Computers\",\"volume\":\"73 8\",\"pages\":\"2096-2110\"},\"PeriodicalIF\":3.6000,\"publicationDate\":\"2024-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Computers\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10536902/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computers","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10536902/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

联合学习（FL）是一种使客户能够通过共享本地模型而不是原始私人数据来协同训练模型的技术。然而，现有的重构攻击可以从共享模型中恢复敏感的训练样本。此外，新出现的中毒攻击也对 FL 的安全性构成了严重威胁。然而，大多数现有的拜占庭式隐私保护联合学习解决方案要么降低了聚合模型的准确性，要么带来了巨大的计算和通信开销。在本文中，我们提出了一种新颖的基于区块链的安全稳健联合学习（BSR-FL）框架，以减轻重构攻击和中毒攻击。BSR-FL 可避免准确性损失，同时确保高效的隐私保护和拜占庭鲁棒性。具体来说，我们首先构建了一个轻量级非交互式功能加密（NIFE）方案，以保护本地模型的隐私，同时保持较高的通信性能。然后，我们在 NIFE 的基础上提出了一种保护隐私的防御聚合策略，通过安全余弦相似性和基于激励的拜占庭容错聚合，在不损害模型隐私的情况下抵御加密中毒攻击。最后，我们利用区块链系统来协助促进联合学习和协议实施的过程。广泛的理论分析和实验证明，我们的新型 BSR-FL 具有更强的隐私安全性、鲁棒性和高效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

BSR-FL: An Efficient Byzantine-Robust Privacy-Preserving Federated Learning Framework

Federated learning (FL) is a technique that enables clients to collaboratively train a model by sharing local models instead of raw private data. However, existing reconstruction attacks can recover the sensitive training samples from the shared models. Additionally, the emerging poisoning attacks also pose severe threats to the security of FL. However, most existing Byzantine-robust privacy-preserving federated learning solutions either reduce the accuracy of aggregated models or introduce significant computation and communication overheads. In this paper, we propose a novel B lockchain-based S ecure and R obust F ederated L earning (BSR-FL) framework to mitigate reconstruction attacks and poisoning attacks. BSR-FL avoids accuracy loss while ensuring efficient privacy protection and Byzantine robustness. Specifically, we first construct a lightweight non-interactive functional encryption (NIFE) scheme to protect the privacy of local models while maintaining high communication performance. Then, we propose a privacy-preserving defensive aggregation strategy based on NIFE, which can resist encrypted poisoning attacks without compromising model privacy through secure cosine similarity and incentive-based Byzantine-tolerance aggregation. Finally, we utilize the blockchain system to assist in facilitating the processes of federated learning and the implementation of protocols. Extensive theoretical analysis and experiments demonstrate that our new BSR-FL has enhanced privacy security, robustness, and high efficiency.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Computers 工程技术-工程：电子与电气

CiteScore

6.60

自引率

5.40%

发文量

199

审稿时长

6.0 months

期刊介绍： The IEEE Transactions on Computers is a monthly publication with a wide distribution to researchers, developers, technical managers, and educators in the computer field. It publishes papers on research in areas of current interest to the readers. These areas include, but are not limited to, the following: a) computer organizations and architectures; b) operating systems, software systems, and communication protocols; c) real-time systems and embedded systems; d) digital devices, computer components, and interconnection networks; e) specification, design, prototyping, and testing methods and tools; f) performance, fault tolerance, reliability, security, and testability; g) case studies and experimental and theoretical evaluations; and h) new and important applications and trends.