轻量级多层去标识架构：联邦学习中的安全客户端选择

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture Pub Date : 2025-09-09 DOI:10.1016/j.sysarc.2025.103569

Jiheon Choi, Sangyoon Oh

{"title":"轻量级多层去标识架构：联邦学习中的安全客户端选择","authors":"Jiheon Choi, Sangyoon Oh","doi":"10.1016/j.sysarc.2025.103569","DOIUrl":null,"url":null,"abstract":"<div><div>Despite federated learning (FL) let us avoid raw data-sharing, recent studies shows that existing client selection schemes poses privacy vulnerabilities that might be led to organizational identity leaks. To address this problem, we present a lightweight, multi-layered de-identification architecture that enables privacy-preserving client selection while maintaining selection efficiency in FL environments. The architecture comprises lightweight dynamic hash-based identifier, a secure salt distribution protocol, and an enhanced, resizable Bloom filter verifier. Together, these components provide three critical security properties, formal k-anonymity, <span><math><mi>ϵ</mi></math></span>-connection resistance, and <span><math><mi>α</mi></math></span>-membership confusion, protecting FL training against dictionary attacks, cross-round linkability attacks, and membership-inference attacks. We also offer a theoretical framework that allows fine-grained control of the privacy-efficiency trade-off through adjustable parameters. Empirical experiment on MNIST, Fashion-MNIST, CIFAR-10) with Non-IID datasets and heterogeneous client environments show that our method keeps model accuracy within 0.02 to 15.3 pp of FedAvg and Power-of-Choice while adding only 3.6% to 6.3% of computation overhead. These results demonstrate the effectiveness of our approach and show that balanced client selection between performance and privacy is achievable.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"168 ","pages":"Article 103569"},"PeriodicalIF":4.1000,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Lightweight multi-layered de-identification architecture: Secure client selection in federated learning\",\"authors\":\"Jiheon Choi, Sangyoon Oh\",\"doi\":\"10.1016/j.sysarc.2025.103569\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Despite federated learning (FL) let us avoid raw data-sharing, recent studies shows that existing client selection schemes poses privacy vulnerabilities that might be led to organizational identity leaks. To address this problem, we present a lightweight, multi-layered de-identification architecture that enables privacy-preserving client selection while maintaining selection efficiency in FL environments. The architecture comprises lightweight dynamic hash-based identifier, a secure salt distribution protocol, and an enhanced, resizable Bloom filter verifier. Together, these components provide three critical security properties, formal k-anonymity, <span><math><mi>ϵ</mi></math></span>-connection resistance, and <span><math><mi>α</mi></math></span>-membership confusion, protecting FL training against dictionary attacks, cross-round linkability attacks, and membership-inference attacks. We also offer a theoretical framework that allows fine-grained control of the privacy-efficiency trade-off through adjustable parameters. Empirical experiment on MNIST, Fashion-MNIST, CIFAR-10) with Non-IID datasets and heterogeneous client environments show that our method keeps model accuracy within 0.02 to 15.3 pp of FedAvg and Power-of-Choice while adding only 3.6% to 6.3% of computation overhead. These results demonstrate the effectiveness of our approach and show that balanced client selection between performance and privacy is achievable.</div></div>\",\"PeriodicalId\":50027,\"journal\":{\"name\":\"Journal of Systems Architecture\",\"volume\":\"168 \",\"pages\":\"Article 103569\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2025-09-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Systems Architecture\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1383762125002413\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems Architecture","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1383762125002413","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

尽管联邦学习（FL）让我们避免了原始数据共享，但最近的研究表明，现有的客户端选择方案存在隐私漏洞，可能导致组织身份泄露。为了解决这个问题，我们提出了一个轻量级的、多层的去识别架构，它可以在FL环境中保持客户端选择的隐私，同时保持选择的效率。该体系结构包括轻量级的动态基于哈希的标识符、安全的盐分发协议和一个增强的、可调整大小的Bloom过滤器验证器。总之，这些组件提供了三个关键的安全属性：正式的k-匿名性、ϵ-connection抵抗性和α-成员混淆，保护FL训练免受字典攻击、跨轮链接性攻击和成员推理攻击。我们还提供了一个理论框架，允许通过可调参数对隐私效率权衡进行细粒度控制。在非iid数据集和异构客户端环境下的MNIST， Fashion-MNIST, CIFAR-10)的实证实验表明，我们的方法将模型精度保持在FedAvg和Power-of-Choice的0.02到15.3 pp之间，同时仅增加3.6%到6.3%的计算开销。这些结果证明了我们方法的有效性，并表明在性能和隐私之间实现平衡的客户端选择是可以实现的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Lightweight multi-layered de-identification architecture: Secure client selection in federated learning

Despite federated learning (FL) let us avoid raw data-sharing, recent studies shows that existing client selection schemes poses privacy vulnerabilities that might be led to organizational identity leaks. To address this problem, we present a lightweight, multi-layered de-identification architecture that enables privacy-preserving client selection while maintaining selection efficiency in FL environments. The architecture comprises lightweight dynamic hash-based identifier, a secure salt distribution protocol, and an enhanced, resizable Bloom filter verifier. Together, these components provide three critical security properties, formal k-anonymity,

ϵ

-connection resistance, and

α

-membership confusion, protecting FL training against dictionary attacks, cross-round linkability attacks, and membership-inference attacks. We also offer a theoretical framework that allows fine-grained control of the privacy-efficiency trade-off through adjustable parameters. Empirical experiment on MNIST, Fashion-MNIST, CIFAR-10) with Non-IID datasets and heterogeneous client environments show that our method keeps model accuracy within 0.02 to 15.3 pp of FedAvg and Power-of-Choice while adding only 3.6% to 6.3% of computation overhead. These results demonstrate the effectiveness of our approach and show that balanced client selection between performance and privacy is achievable.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Systems Architecture 工程技术-计算机：硬件

CiteScore

8.70

自引率

15.60%

发文量

226

审稿时长

46 days

期刊介绍： The Journal of Systems Architecture: Embedded Software Design (JSA) is a journal covering all design and architectural aspects related to embedded systems and software. It ranges from the microarchitecture level via the system software level up to the application-specific architecture level. Aspects such as real-time systems, operating systems, FPGA programming, programming languages, communications (limited to analysis and the software stack), mobile systems, parallel and distributed architectures as well as additional subjects in the computer and system architecture area will fall within the scope of this journal. Technology will not be a main focus, but its use and relevance to particular designs will be. Case studies are welcome but must contribute more than just a design for a particular piece of software. Design automation of such systems including methodologies, techniques and tools for their design as well as novel designs of software components fall within the scope of this journal. Novel applications that use embedded systems are also central in this journal. While hardware is not a part of this journal hardware/software co-design methods that consider interplay between software and hardware components with and emphasis on software are also relevant here.