中毒攻击基于轻量级同态加密的弹性隐私保护联邦学习方案

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-03-27 DOI:10.1016/j.inffus.2025.103131

Chong Zhang , Xiaojun Zhang , Xingchun Yang , Bingyun Liu , Yuan Zhang , Rang Zhou

{"title":"中毒攻击基于轻量级同态加密的弹性隐私保护联邦学习方案","authors":"Chong Zhang , Xiaojun Zhang , Xingchun Yang , Bingyun Liu , Yuan Zhang , Rang Zhou","doi":"10.1016/j.inffus.2025.103131","DOIUrl":null,"url":null,"abstract":"<div><div>Federated learning ensures that multiple participants train the same model without leaking the local raw data. Each participant uploads the local gradient model instead of the original data, however, the uploaded local gradient model may contain certain sensitive information, which can be exploited by an adversary to break privacy protection. Meanwhile, some adversaries can make the model training results contrary to the expected results by tampering with the uploaded local gradient model or mixing malicious data into the local dataset, thereby inducing the model to produce wrong results for specific data. To this end, we devise a privacy-preserving federated learning scheme based on lightweight homomorphic encryption, which simultaneously reduces the weight of malicious data in gradient aggregation and supports anomaly detection of data, achieves the effect of resistance to poisoning attacks. Through theoretical analysis and experimental simulation, the proposed scheme has lightweight computation advantages compared with existing federated learning schemes.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"121 ","pages":"Article 103131"},"PeriodicalIF":14.7000,"publicationDate":"2025-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Poisoning attacks resilient privacy-preserving federated learning scheme based on lightweight homomorphic encryption\",\"authors\":\"Chong Zhang , Xiaojun Zhang , Xingchun Yang , Bingyun Liu , Yuan Zhang , Rang Zhou\",\"doi\":\"10.1016/j.inffus.2025.103131\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Federated learning ensures that multiple participants train the same model without leaking the local raw data. Each participant uploads the local gradient model instead of the original data, however, the uploaded local gradient model may contain certain sensitive information, which can be exploited by an adversary to break privacy protection. Meanwhile, some adversaries can make the model training results contrary to the expected results by tampering with the uploaded local gradient model or mixing malicious data into the local dataset, thereby inducing the model to produce wrong results for specific data. To this end, we devise a privacy-preserving federated learning scheme based on lightweight homomorphic encryption, which simultaneously reduces the weight of malicious data in gradient aggregation and supports anomaly detection of data, achieves the effect of resistance to poisoning attacks. Through theoretical analysis and experimental simulation, the proposed scheme has lightweight computation advantages compared with existing federated learning schemes.</div></div>\",\"PeriodicalId\":50367,\"journal\":{\"name\":\"Information Fusion\",\"volume\":\"121 \",\"pages\":\"Article 103131\"},\"PeriodicalIF\":14.7000,\"publicationDate\":\"2025-03-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Fusion\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1566253525002040\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525002040","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

联邦学习确保多个参与者在不泄漏本地原始数据的情况下训练相同的模型。每个参与者上传的是局部梯度模型而不是原始数据，然而，上传的局部梯度模型可能包含某些敏感信息，这些信息可能被攻击者利用来破坏隐私保护。同时，一些攻击者可以通过篡改上传的局部梯度模型或在局部数据集中混入恶意数据，使模型训练结果与预期结果相反，从而诱导模型对特定数据产生错误的结果。为此，我们设计了一种基于轻量级同态加密的隐私保护联邦学习方案，在降低梯度聚合中恶意数据权重的同时，支持数据的异常检测，达到抵抗投毒攻击的效果。通过理论分析和实验仿真，与现有的联邦学习方案相比，该方案具有计算量轻的优点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Poisoning attacks resilient privacy-preserving federated learning scheme based on lightweight homomorphic encryption

Federated learning ensures that multiple participants train the same model without leaking the local raw data. Each participant uploads the local gradient model instead of the original data, however, the uploaded local gradient model may contain certain sensitive information, which can be exploited by an adversary to break privacy protection. Meanwhile, some adversaries can make the model training results contrary to the expected results by tampering with the uploaded local gradient model or mixing malicious data into the local dataset, thereby inducing the model to produce wrong results for specific data. To this end, we devise a privacy-preserving federated learning scheme based on lightweight homomorphic encryption, which simultaneously reduces the weight of malicious data in gradient aggregation and supports anomaly detection of data, achieves the effect of resistance to poisoning attacks. Through theoretical analysis and experimental simulation, the proposed scheme has lightweight computation advantages compared with existing federated learning schemes.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.