NID：基于神经信息扩散的隐私保护算子

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2025-06-13 DOI:10.1016/j.jisa.2025.104105

Muhammad Luqman Naseem , Zipeng Ye , Qi Zhou , Wenjian Luo

{"title":"NID：基于神经信息扩散的隐私保护算子","authors":"Muhammad Luqman Naseem , Zipeng Ye , Qi Zhou , Wenjian Luo","doi":"10.1016/j.jisa.2025.104105","DOIUrl":null,"url":null,"abstract":"<div><div>Gradient inversion attacks (GIAs) pose a significant privacy threat to distributed learning paradigms, aiming to reconstruct the victim’s training data with high fidelity through shared gradients. To mitigate this issue, numerous privacy-preserving strategies have been proposed, yet few methods achieve a balance between efficiency, utility and privacy. In this paper, we will explore the limitations of the widely adopted privacy-preserving method in distributed learning, i.e., Local Differential Privacy (LDP), and expose that there is a discrepancy between the conceptualization of privacy budget and its practical application against gradient leakage attacks; simultaneously, we will reveal that under imbalanced data distributions, privacy-preserving methods based on random perturbations inevitably exacerbate the degradation of model performance. To alleviate these issues, we propose a plug-and-play privacy protection method based on Neural Information Diffusion (NID). In our approach, participants in training need only diffuse neural information in an unbiased manner, thus ensuring the privacy through propagatable randomness. We have evaluated our method in privacy-vulnerable scenarios and thoroughly demonstrated its effectiveness in resisting GIAs. Meanwhile, a comprehensive array of experimental configurations robustly shows that NID possesses the capability to balance model utility and privacy.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"93 ","pages":"Article 104105"},"PeriodicalIF":3.8000,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"NID: A privacy-preserving operator based on Neural Information Diffusion\",\"authors\":\"Muhammad Luqman Naseem , Zipeng Ye , Qi Zhou , Wenjian Luo\",\"doi\":\"10.1016/j.jisa.2025.104105\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Gradient inversion attacks (GIAs) pose a significant privacy threat to distributed learning paradigms, aiming to reconstruct the victim’s training data with high fidelity through shared gradients. To mitigate this issue, numerous privacy-preserving strategies have been proposed, yet few methods achieve a balance between efficiency, utility and privacy. In this paper, we will explore the limitations of the widely adopted privacy-preserving method in distributed learning, i.e., Local Differential Privacy (LDP), and expose that there is a discrepancy between the conceptualization of privacy budget and its practical application against gradient leakage attacks; simultaneously, we will reveal that under imbalanced data distributions, privacy-preserving methods based on random perturbations inevitably exacerbate the degradation of model performance. To alleviate these issues, we propose a plug-and-play privacy protection method based on Neural Information Diffusion (NID). In our approach, participants in training need only diffuse neural information in an unbiased manner, thus ensuring the privacy through propagatable randomness. We have evaluated our method in privacy-vulnerable scenarios and thoroughly demonstrated its effectiveness in resisting GIAs. Meanwhile, a comprehensive array of experimental configurations robustly shows that NID possesses the capability to balance model utility and privacy.</div></div>\",\"PeriodicalId\":48638,\"journal\":{\"name\":\"Journal of Information Security and Applications\",\"volume\":\"93 \",\"pages\":\"Article 104105\"},\"PeriodicalIF\":3.8000,\"publicationDate\":\"2025-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Information Security and Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2214212625001425\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625001425","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

梯度反转攻击（GIAs）旨在通过共享梯度重构受害者的训练数据，对分布式学习范式构成了严重的隐私威胁。为了缓解这一问题，人们提出了许多隐私保护策略，但很少有方法能在效率、效用和隐私之间取得平衡。在本文中，我们将探讨在分布式学习中广泛采用的隐私保护方法，即局部差分隐私（LDP）的局限性，并揭示隐私预算的概念与其针对梯度泄漏攻击的实际应用之间存在差异；同时，我们将揭示在数据分布不平衡的情况下，基于随机扰动的隐私保护方法不可避免地加剧了模型性能的退化。为了解决这些问题，我们提出了一种基于神经信息扩散（NID）的即插即用隐私保护方法。在我们的方法中，训练参与者只需要以无偏的方式扩散神经信息，从而通过可传播的随机性确保隐私。我们已经在隐私易受攻击的情况下评估了我们的方法，并彻底证明了它在抵抗gis方面的有效性。同时，一系列实验配置有力地表明，NID具有平衡模型实用性和隐私性的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

NID: A privacy-preserving operator based on Neural Information Diffusion

Gradient inversion attacks (GIAs) pose a significant privacy threat to distributed learning paradigms, aiming to reconstruct the victim’s training data with high fidelity through shared gradients. To mitigate this issue, numerous privacy-preserving strategies have been proposed, yet few methods achieve a balance between efficiency, utility and privacy. In this paper, we will explore the limitations of the widely adopted privacy-preserving method in distributed learning, i.e., Local Differential Privacy (LDP), and expose that there is a discrepancy between the conceptualization of privacy budget and its practical application against gradient leakage attacks; simultaneously, we will reveal that under imbalanced data distributions, privacy-preserving methods based on random perturbations inevitably exacerbate the degradation of model performance. To alleviate these issues, we propose a plug-and-play privacy protection method based on Neural Information Diffusion (NID). In our approach, participants in training need only diffuse neural information in an unbiased manner, thus ensuring the privacy through propagatable randomness. We have evaluated our method in privacy-vulnerable scenarios and thoroughly demonstrated its effectiveness in resisting GIAs. Meanwhile, a comprehensive array of experimental configurations robustly shows that NID possesses the capability to balance model utility and privacy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.