为可解释的联合学习实现自适应隐私保护

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Mobile Computing Pub Date : 2024-08-15 DOI:10.1109/TMC.2024.3443862

Zhe Li;Honglong Chen;Zhichen Ni;Yudong Gao;Wei Lou

{"title":"为可解释的联合学习实现自适应隐私保护","authors":"Zhe Li;Honglong Chen;Zhichen Ni;Yudong Gao;Wei Lou","doi":"10.1109/TMC.2024.3443862","DOIUrl":null,"url":null,"abstract":"Federated learning (FL) is an effective privacy-preserving mechanism that collaboratively trains the global model in a distributed manner by solely sharing model parameters rather than data from local clients, like mobile devices, to a central server. Nevertheless, recent studies have illustrated that FL still suffers from gradient leakage as adversaries try to recover training data by analyzing shared parameters from local clients. To address this issue, differential privacy (DP) is adopted to add noise to the parameters of local models before aggregation occurs on the server. It, however, results in the poor performance of gradient-based interpretability, since some important weights capturing the salient region in feature maps will be perturbed. To overcome this problem, we propose a simple yet effective adaptive gradient protection (AGP) mechanism that selectively adds noisy perturbations to certain channels of each client model that have a relatively small impact on interpretability. We also offer a theoretical analysis of the convergence of FL using our method. The evaluation results on both IID and Non-IID data demonstrate that the proposed AGP can achieve a good trade-off between privacy protection and interpretability in FL. Furthermore, we verify the robustness of the proposed method against two different gradient leakage attacks.","PeriodicalId":50389,"journal":{"name":"IEEE Transactions on Mobile Computing","volume":"23 12","pages":"14471-14483"},"PeriodicalIF":7.7000,"publicationDate":"2024-08-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Adaptive Privacy Protection for Interpretable Federated Learning\",\"authors\":\"Zhe Li;Honglong Chen;Zhichen Ni;Yudong Gao;Wei Lou\",\"doi\":\"10.1109/TMC.2024.3443862\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Federated learning (FL) is an effective privacy-preserving mechanism that collaboratively trains the global model in a distributed manner by solely sharing model parameters rather than data from local clients, like mobile devices, to a central server. Nevertheless, recent studies have illustrated that FL still suffers from gradient leakage as adversaries try to recover training data by analyzing shared parameters from local clients. To address this issue, differential privacy (DP) is adopted to add noise to the parameters of local models before aggregation occurs on the server. It, however, results in the poor performance of gradient-based interpretability, since some important weights capturing the salient region in feature maps will be perturbed. To overcome this problem, we propose a simple yet effective adaptive gradient protection (AGP) mechanism that selectively adds noisy perturbations to certain channels of each client model that have a relatively small impact on interpretability. We also offer a theoretical analysis of the convergence of FL using our method. The evaluation results on both IID and Non-IID data demonstrate that the proposed AGP can achieve a good trade-off between privacy protection and interpretability in FL. Furthermore, we verify the robustness of the proposed method against two different gradient leakage attacks.\",\"PeriodicalId\":50389,\"journal\":{\"name\":\"IEEE Transactions on Mobile Computing\",\"volume\":\"23 12\",\"pages\":\"14471-14483\"},\"PeriodicalIF\":7.7000,\"publicationDate\":\"2024-08-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Mobile Computing\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10637763/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10637763/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

联合学习（FL）是一种有效的隐私保护机制，它通过将模型参数而非数据从本地客户端（如移动设备）共享到中央服务器，以分布式方式协作训练全局模型。然而，最近的研究表明，FL 仍然存在梯度泄漏问题，因为对手试图通过分析本地客户端的共享参数来恢复训练数据。为了解决这个问题，人们采用了差分隐私（DP）技术，在服务器上进行聚合之前为本地模型的参数添加噪声。然而，这会导致基于梯度的可解释性表现不佳，因为捕捉特征图中突出区域的一些重要权重会受到扰动。为了克服这个问题，我们提出了一种简单而有效的自适应梯度保护（AGP）机制，它可以有选择性地向每个客户端模型的某些通道添加对可解释性影响相对较小的噪声扰动。我们还对使用我们方法的 FL 的收敛性进行了理论分析。对 IID 和 Non-IID 数据的评估结果表明，所提出的 AGP 可以在 FL 的隐私保护和可解释性之间实现良好的权衡。此外，我们还验证了所提方法对两种不同梯度泄漏攻击的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Adaptive Privacy Protection for Interpretable Federated Learning

Federated learning (FL) is an effective privacy-preserving mechanism that collaboratively trains the global model in a distributed manner by solely sharing model parameters rather than data from local clients, like mobile devices, to a central server. Nevertheless, recent studies have illustrated that FL still suffers from gradient leakage as adversaries try to recover training data by analyzing shared parameters from local clients. To address this issue, differential privacy (DP) is adopted to add noise to the parameters of local models before aggregation occurs on the server. It, however, results in the poor performance of gradient-based interpretability, since some important weights capturing the salient region in feature maps will be perturbed. To overcome this problem, we propose a simple yet effective adaptive gradient protection (AGP) mechanism that selectively adds noisy perturbations to certain channels of each client model that have a relatively small impact on interpretability. We also offer a theoretical analysis of the convergence of FL using our method. The evaluation results on both IID and Non-IID data demonstrate that the proposed AGP can achieve a good trade-off between privacy protection and interpretability in FL. Furthermore, we verify the robustness of the proposed method against two different gradient leakage attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Mobile Computing 工程技术-电信学

CiteScore

12.90

自引率

2.50%

发文量

403

审稿时长

6.6 months

期刊介绍： IEEE Transactions on Mobile Computing addresses key technical issues related to various aspects of mobile computing. This includes (a) architectures, (b) support services, (c) algorithm/protocol design and analysis, (d) mobile environments, (e) mobile communication systems, (f) applications, and (g) emerging technologies. Topics of interest span a wide range, covering aspects like mobile networks and hosts, mobility management, multimedia, operating system support, power management, online and mobile environments, security, scalability, reliability, and emerging technologies such as wearable computers, body area networks, and wireless sensor networks. The journal serves as a comprehensive platform for advancements in mobile computing research.