大数据

• •    

联邦学习攻击与防御综述

吴建汉; 司世景; 王健宗; 肖京   

  1. 平安科技(深圳)有限公司
  • 作者简介:吴建汉(1998- ),男,中国科学技术大学硕士研究生,中国计算机学 会学生会员,平安科技(深圳)有限公司算法工程师。主要研究方向为计算机视觉和联 邦学习。 司世景(1988‒ ),男,博士,平安科技(深圳)有限公司资深算 法研究员,深圳市海外高层次人才。美国杜克大学人工智能博士后,中国计算机学会会 员,主要研究方向为机器学习和及其在人工智能领域应用。 王健宗(1983‒ ),男,博士,平安科技(深圳)有限公司副总工程 师,资深人工智能总监,联邦学习技术部总经理。美国佛罗里达大学人工智能博士后, 中国计算机学会高级会员,中国计算机学会大数据专家委员会委员,曾任美国莱斯大学电子与计算机工程系研究员,主要研究方向为联邦学习和人工智能等。 肖京(1972‒ ),男,博士,中国平安集团首席科学家,2019年吴文俊人工智能杰出贡献奖获得者,中国计算机学会深圳分部副主席。主要研究方向为计算机图形学学科、自动驾驶、3D显示、医疗诊断、联邦学习等。

Threats and defenses of Federated Learning: A survey

Wu jianhan, Si shijing, Wang jianzong, Xiao jing   

  1. Ping An Technology(Shenzhen) Co. Ltd.

摘要: 随着机器学习技术的广泛应用,数据安全问题时有发生。人们对于数据隐私保护的需求也日渐显现,这无疑降低了不同实体间共享数据的可能性,使得数据难以共享使用,造成了数据孤岛问题。联邦学习(federated learning,FL)可以有效地解决数据孤岛问题。它本质上是一种分布式的机器学习,其最大的特点是将用户数据保存在用户本地,使模型联合训练过程中不会泄露各参与方的原始数据。尽管如此,联邦学习在现实中仍然存在许多安全隐患,需要深入研究。本文对联邦学习可能受到的攻击手段和相应的防御措施进行了全面的调查,并进行了系统地梳理。首先我们根据联邦学习的训练环节对其可能受到的攻击和威胁进行了分类,列举各个类别的攻击方法,并介绍了相应攻击的攻击原理。而后针对这些攻击和威胁总结了具体的防御措施,并进行了原理分析,以期为初次接触这一领域的研究人员提供详实的参考。最后,我们对该研究领域的未来工作进行了展望,指出几个需要重点关注的方向,帮助提高联邦学习的安全性。

关键词: 联邦学习, 攻击, 防御, 隐私保护, 机器学习

Abstract: With the comprehensive application of machine learning technology, data security problems occur from time to time, and people's demand for privacy protection is also emerging, which undoubtedly reduces the possibility of data sharing between different entities, making it difficult to make full use of data and giving rise to data islands. Federated Learning (FL), as an effective method to solve the problem of data isolation, is essentially distributed machine learning. Its biggest characteristic is to save user data locally so that the models’ joint training process won’t leak sensitive data of partners. Nevertheless, there are still many security risks in federated learning in reality, which need to be further studied. This paper investigates the possible attack means and corresponding defense measures in federal learning comprehensively and systematically. Firstly, we classify the possible attacks and threats according to the training stages of federal learning, enumerate common attack methods of each category, and introduce the attack principle of corresponding attacks. Then the specific defense measures against these attacks and threats are summarized along with the principle analysis, to provide a detailed reference for the researchers who first contact this field. Finally, we highlight the future work in this research area and point out several areas that need to be focused on to help improve the security of federal learning.

No Suggested Reading articles found!