纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究

doi:10.11959/j.issn.2096-0271.2022056

大数据 ›› 2022, Vol. 8 ›› Issue (5): 45-54.doi: 10.11959/j.issn.2096-0271.2022056

• 专题：数据流通与隐私计算 • 上一篇下一篇

纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究

尹虹舒, 周旭华, 周文君

中国电信股份有限公司研究院安全技术研究所，上海 201315

出版日期:2022-09-15 发布日期:2022-09-01
作者简介:尹虹舒（1993- ），女，中国电信股份有限公司研究院安全技术研究所中级工程师、安全技术研究员，主要研究方向为数据安全、信息安全等
周旭华（1983- ），男，博士，中国电信股份有限公司研究院安全技术研究所研究员，主要研究方向为隐私保护计算、密码学、数据安全等
周文君（1980- ），女，中国电信股份有限公司研究院安全技术研究所研究员，主要研究方向为数据安全、系统与应用安全等
基金资助:
国家重点研发计划资助项目(2021YFB3101300)

Research on privacy preservation of member inference attacks in online inference process for vertical federated learning linear model

Hongshu YIN, Xuhua ZHOU, Wenjun ZHOU

Security Technology Research Division, China Telecom Research Institute, Shanghai 201315, China

Online:2022-09-15 Published:2022-09-01
Supported by:
The National Key Research and Development Program of China(2021YFB3101300)

摘要/Abstract

摘要：

随着大数据的发展以及数据安全相关法规的出台，人们的隐私保护意识逐渐加强，“数据孤岛”现象愈发严重。联邦学习技术作为解决该问题的有效方法之一，已成为当下备受关注的热点。在纵向联邦学习在线推理过程中，当前的主流方法并未考虑对数据标识的保护。针对此问题，提出一种适用于纵向联邦线性模型在线推理过程中的成员推断攻击的隐私保护方法，通过构造具有假阳率的过滤器来避免对数据标识的精确定位，从而保证数据的安全性；使用同态加密实现在线推理过程的全密态，保护中间计算结果；根据同态加密的密文倍乘性质，使用随机数乘法盲化操作，保证最终推理结果的安全性。该方案进一步提高了纵向联邦学习在线推理过程中用户隐私的安全性，且具有更低的计算开销和通信开销。

关键词: 联邦学习, 纵向联邦线性模型, 在线推理, 部分同态加密, 数据盲化

Abstract:

With the development of big data and the introduction of data security regulations, the awareness of privacy protection has gradually increased, and the phenomenon of data isolation has become more and more serious.Federated learning technology as one of the effective methods to solve this problem has become a hot spot of concern.In the online inference process of vertical federated learning, the current mainstream methods do not consider the protection of data identity, which is easy to leak user privacy.A privacy protection method for member inference attacks was proposed in the online inference process of the vertical federated linear model.A filter with a false positive rate was constructed to avoid the accurate positioning of data identity to ensure the security of data.Homomorphic encryption was used to realize the full encrypted state of the online inference process and protect the intermediate calculation results.According to the ciphertext multiplication property of homomorphic encryption, the random number multiplication method was used to mask data, which ensured the security of the final inference result.This scheme further improved the security of user privacy in the online inference process of vertical federated learning and had lower computation overhead and communication costs.

Key words: federated learning, vertical federated learning linear model, online inference, partial homomorphic encryption, data masking

中图分类号:

TP309.2

尹虹舒, 周旭华, 周文君. 纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究[J]. 大数据, 2022, 8(5): 45-54.

Hongshu YIN, Xuhua ZHOU, Wenjun ZHOU. Research on privacy preservation of member inference attacks in online inference process for vertical federated learning linear model[J]. Big Data Research, 2022, 8(5): 45-54.

图/表 4

图1

表1

图2

图3

参考文献 15

[1]	杨强 . AI与数据隐私保护:联邦学习的破解之道[J]. 信息安全研究, 2019,5(11): 961-965.
	YANG Q . AI and data privacy protection:the way to federated learning[J]. Journal of Information Security Research, 2019,5(11): 961-965.
[2]	YANG Q , LIU Y , CHEN T J ,et al. Federated machine learning:concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019,10(2): 1-19.
[3]	杨强, 童咏昕, 王晏晟 ,等. 群体智能中的联邦学习算法综述[J]. 智能科学与技术学报, 2022,4(1): 29-44.
	YANG Q , TONG Y X , WANG Y S ,et al. A survey on federated learning in crowd intelligence[J]. Chinese Journal of Intelligent Science and Technology, 2022,4(1): 29-44.
[4]	NASR M , SHOKRI R , HOUM ANSADR A . Comprehensive privacy analysis of deep learning:passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 739-753.
[5]	罗丹, 徐茹枝, 关志涛 . 物联网环境中基于深度学习的差分隐私预算优化方法[J]. 物联网学报, 2022,6(2): 65-76.
	LUO D , XU R Z , GUAN Z T . Differential privacy budget optimization based on deep learning in IoT[J]. Chinese Journal on Internet of Things, 2022,6(2): 65-76.
[6]	BARRENO M , NELSON B , SE ARS R ,et al. Can machine learning be secure?[C]// Proceedings of 2006 ACM Symposium on Information,Computer and Communications Security. New York:ACM Press, 2006: 16-25.
[7]	BOUACIDA N , MOHAPATRA P . Vulnerabilities in federated learning[J]. IEEE Access, 2021,9: 63229-63249.
[8]	LUO X J , WU Y C , XIAO X K ,et al. Feature inference attack on model predictions in vertical federated learning[C]// Proceedings of IEEE 37th International Conference on Data Engineering. Piscataway:IEEE Press, 2021: 181-192.
[9]	LYU L J , YU H , YANG Q . Threats to federated learning:a survey[J]. arXiv preprint,2020,arXiv:02133.
[10]	李宗育, 桂小林, 顾迎捷 ,等. 同态加密技术及其在云计算隐私保护中的应用[J]. 软件学报, 2018,29(7): 1830-1851.
	LI Z Y , GUI X L , GU Y J ,et al. Survey on homomorphic encryption algorithm and its application in the privacy-preserving for cloud computing[J]. Journal of Software, 2018,29(7): 1830-1851.
[11]	李顺东, 窦家维, 王道顺 . 同态加密算法及其在云安全中的应用[J]. 计算机研究与发展, 2015,52(6): 1378-1388.
	LI S D , DOU J W , WANG D S . Survey on homomorphic encryption and its applications to cloud security[J]. Journal of Computer Research and Development, 2015,52(6): 1378-1388.
[12]	陈前昕, 毕仁万, 林劼 ,等. 支持多数不规则用户的隐私保护联邦学习框架[J]. 网络与信息安全学报, 2022,8(1): 139-150.
	CHEN Q X , BI R W , LIN J ,et al. Privacypreserving federated learning framework with irregular-majority users[J]. Chinese Journal of Network and Information Security, 2022,8(1): 139-150.
[13]	PATGIRI R , NAYAK S , MU PPALANENI N B . Is Bloom filter a bad choice for security and privacy?[C]// Proceedings of 2021 International Conference on Information Networking. Piscataway:IEEE Press, 2021: 648-653.
[14]	BRODER A , MITZENMACHER M . Network applications of Bloom filters:a survey[J]. Internet Mathematics, 2004,1(4): 485-509.
[15]	SELVARAJ S , SADASIVAM G S , GOUTHAM D T ,et al. Privacy preserving Bloom recommender system[C]// Proceedings of 2021 International Conference on Computer Communication and Informatics. Piscataway:IEEE Press, 2021: 1-6.

符号	说明
PK,SK	同态加密算法的密钥对，PK为公钥，SK为私钥
G	发起方
H	响应方
	发起方的部分模型
	响应方的部分模型
id	待预测数据的唯一标识，如身份证号的哈希值等
	针对数据标识id创建的具有假阳率的过滤器
	满足过滤器规则的数据标识集
	集合S中的元素个数
	针对过滤器F_id的响应方H的特征数据集
	响应方H的部分预测结果
	针对过滤器F_id的响应方H的部分预测结果集
	发起方G的特征数据
	响应方H的特征数据
	发起方G的部分预测结果
	模型的最终预测结果
	发起方G的用于数据盲化的随机数
	使用公钥PK对某数值R进行同态加密计算得到的密文

纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究

Research on privacy preservation of member inference attacks in online inference process for vertical federated learning linear model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 15

相关文章 6

Metrics

推荐阅读 0

[1]	张传尧, 司世景, 王健宗, 肖京. 联邦元学习综述[J]. 大数据, 2023, 9(2): 122-146.
[2]	吴建汉, 司世景, 王健宗, 肖京. 联邦学习攻击与防御综述[J]. 大数据, 2022, 8(5): 12-32.
[3]	张燕, 杨一帆, 伊人, 罗圣美, 唐剑飞, 夏正勋. 隐私计算场景下数据质量治理探索与实践[J]. 大数据, 2022, 8(5): 55-73.
[4]	朱智韬, 司世景, 王健宗, 肖京. 联邦推荐系统综述[J]. 大数据, 2022, 8(4): 105-132.
[5]	王健宗, 孔令炜, 黄章成, 陈霖捷, 刘懿, 卢春曦, 肖京. 联邦学习隐私保护研究进展[J]. 大数据, 2021, 7(3): 130-149.
[6]	王健宗, 孔令炜, 黄章成, 陈霖捷, 刘懿, 何安珣, 肖京. 联邦学习算法综述[J]. 大数据, 2020, 6(6): 64-82.