摘要
为了解决联邦学习中梯度隐私保护、服务器推理攻击和客户端数据投毒导致的低准确率等问题,针对服务器-客户端的两层架构,提出了一种基于多方计算的安全拜占庭弹性联邦学习方案。首先,提出了一种基于加法秘密共享的两方密文计算方法,对本地模型梯度进行拆分,来抵抗服务器的推理攻击。其次,设计了一种密态数据下的投毒检测算法和客户端筛选机制来抵御投毒攻击。最后,在MNIST数据集和CIFAR-10数据集上进行实验来验证方案的可行性。与传统的Trim-mean和Median方法相比,当拜占庭参与者比例达到40%时,模型的准确率提升了3%~6%。综上所述,所提方案既能抵御推理攻击和投毒攻击,又能提高全局模型的准确率,足以证明方案的有效性。
To address issues such as gradient privacy protection,server inference attacks,and low accuracy caused by client data poisoning in federated learning,a secure Byzantine resilient federated learning scheme based on multi-party computation was proposed,targeting the server-client two-layer architecture.Firstly,a two-party ciphertext calculation method based on additive secret sharing was proposed to split the local model gradient to resist the inference attack of the server.Secondly,a poisoning detection algorithm and client screening mechanism under confidential data were designed to resist poisoning attacks.Finally,experiments were conducted on the MNIST and CIFAR-10 datasets to verify the feasibility of the scheme.Compared with the traditional Trim-mean and Median methods,when the proportion of Byzantine participants reaches 40%,the accuracy of the model is improved by 3%~6%.In summary,the proposed scheme can not only resist inference attacks and poisoning attacks,but also improve the accuracy of the global model,which is sufficient to prove the effectiveness of the scheme.
作者
高鸿峰
黄浩
田有亮
GAO Hongfeng;HUANG Hao;TIAN Youliang(College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;Network and Information Management Center,Guizhou University,Guiyang 550025,China;State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China)
出处
《通信学报》
北大核心
2025年第2期108-122,共15页
Journal on Communications
基金
国家重点研发计划基金资助项目(No.2021YFB3101100)
国家自然科学基金资助项目(No.62462012,No.62272123)
国家自然科学基金联合基金重点支持项目(No.U1836205)。
关键词
联邦学习
隐私保护
多方计算
推理攻击
投毒攻击
federated learning
privacy protection
multi-party computation
inference attack
poisoning attack
