Chinese Journal of Network and Information Security ›› 2022, Vol. 8 ›› Issue (5): 56-65.doi: 10.11959/j.issn.2096-109x.2022069

• Topic: Big Data and Artifical Intelligence Security • Previous Articles     Next Articles

Privacy-preserving federated learning framework with dynamic weight aggregation

Zuobin YING1, Yichen FANG1, Yiwen ZHANG2   

  1. 1 City University of Macau, Macau 999078, China
    2 Anhui Xinhua University, Hefei 230000, China
  • Revised:2022-09-06 Online:2022-10-15 Published:2022-10-01
  • Supported by:
    General R&D Subsidy Program Fund Macau(0038/2022/A)

Abstract:

There are two problems with the privacy-preserving federal learning framework under an unreliable central server.① A fixed weight, typically the size of each participant’s dataset, is used when aggregating distributed learning models on the central server.However, different participants have non-independent and homogeneously distributed data, then setting fixed aggregation weights would prevent the global model from achieving optimal utility.② Existing frameworks are built on the assumption that the central server is honest, and do not consider the problem of data privacy leakage of participants due to the untrustworthiness of the central server.To address the above issues, based on the popular DP-FedAvg algorithm, a privacy-preserving federated learning DP-DFL algorithm for dynamic weight aggregation under a non-trusted central server was proposed which set a dynamic model aggregation weight.The proposed algorithm learned the model aggregation weight in federated learning directly from the data of different participants, and thus it is applicable to non-independent homogeneously distributed data environment.In addition, the privacy of model parameters was protected using noise in the local model privacy protection phase, which satisfied the untrustworthy central server setting and thus reduced the risk of privacy leakage in the upload of model parameters from local participants.Experiments on dataset CIFAR-10 demonstrate that the DP-DFL algorithm not only provides local privacy guarantees, but also achieves higher accuracy rates with an average accuracy improvement of 2.09% compared to the DP-FedAvg algorithm models.

Key words: federated learning, differential privacy, dynamic aggregation weight, non-independent and identically distributed data

CLC Number: 

No Suggested Reading articles found!