基于区块链和联邦学习的边缘计算隐私保护方法

doi:10.11959/j.issn.1000-436x.2021190

通信学报 ›› 2021, Vol. 42 ›› Issue (11): 28-40.doi: 10.11959/j.issn.1000-436x.2021190

所属专题：边缘计算；联邦学习；区块链

• 专题：计算机通信与网络系统安全技术 • 上一篇下一篇

基于区块链和联邦学习的边缘计算隐私保护方法

方晨¹, 郭渊博¹, 王一丰¹, 胡永进¹, 马佳利¹, 张晗², 胡阳阳³

¹ 信息工程大学密码工程学院，河南郑州 450001
² 郑州大学网络空间安全学院，河南郑州 450003
³ 加利福尼亚大学河滨分校，河滨 CA92521

修回日期:2021-09-15 出版日期:2021-11-25 发布日期:2021-11-01
作者简介:方晨（1993− ），男，安徽宿松人，信息工程大学博士生，主要研究方向为机器学习隐私安全
郭渊博（1975− ），男，陕西周至人，博士，信息工程大学教授、博士生导师，主要研究方向为大数据安全、态势感知
王一丰（1994− ），男，江苏泰兴人，信息工程大学博士生，主要研究方向为深度学习、网络安全
胡永进（1981− ），男，山东潍坊人，信息工程大学讲师，主要研究方向为大数据安全、态势感知
马佳利（1996− ），男，河北邢台人，信息工程大学博士生，主要研究方向为数字孪生、机器学习
张晗（1985− ），女，河南项城人，郑州大学讲师，主要研究方向为机器学习、自然语言处理
胡阳阳（1990− ），男，江苏南京人，加利福尼亚大学河滨分校博士生，主要研究方向为机器学习
基金资助:
国家自然科学基金资助项目(61501515)

Edge computing privacy protection method based on blockchain and federated learning

Chen FANG¹, Yuanbo GUO¹, Yifeng WANG¹, Yongjin HU¹, Jiali MA¹, Han ZHANG², Yangyang HU³

¹ Department of Cryptogram Engineering, Information Engineering University, Zhengzhou 450001, China
² School of Cyberspace Security, Zhengzhou University, Zhengzhou 450003, China
³ University of California, Riverside, Riverside CA92521, USA

Revised:2021-09-15 Online:2021-11-25 Published:2021-11-01
Supported by:
The National Natural Science Foundation of China(61501515)

摘要/Abstract

摘要：

针对边缘计算的数据隐私性、计算结果正确性和数据处理过程可审计性等需求，提出了一种基于区块链和联邦学习的边缘计算隐私保护方法，不需要可信环境和特殊硬件设施即可在网络边缘处联合多设备实现安全可靠的协同训练。利用区块链赋予边缘计算防篡改和抗单点故障攻击等特性，并在共识协议中融入梯度验证和激励机制，鼓励更多的本地设备诚实地向联邦学习贡献算力和数据。对于联邦学习共享模型参数导致的潜在隐私泄露问题，设计自适应差分隐私机制保护参数隐私的同时减小噪声对模型准确性的影响，并通过时刻统计精确追踪训练过程中的隐私损失。实验结果表明，所提方法能够抵抗30%的中毒攻击，并且能以较高的模型准确率实现隐私保护，适用于对安全性和准确性要求较高的边缘计算场景。

关键词: 联邦学习, 边缘计算, 区块链, 中毒攻击, 隐私保护

Abstract:

Aiming at the needs of edge computing for data privacy, the correctness of calculation results and the auditability of data processing, a privacy protection method for edge computing based on blockchain and federated learning was proposed, which can realize collaborative training with multiple devices at the edge of the network without a trusted environment and special hardware facilities.The blockchain was used to endow the edge computing with features such as tamper-proof and resistance to single-point-of-failure attacks, and the gradient verification and incentive mechanism were incorporated into the consensus protocol to encourage more local devices to honestly contribute computing power and data to the federated learning.For the potential privacy leakage problems caused by sharing model parameters, an adaptive differential privacy mechanism was designed to protect parameter privacy while reducing the impact of noise on the model accuracy, and moments accountant was used to accurately track the privacy loss during the training process.Experimental results show that the proposed method can resist 30% of poisoning attacks, and can achieve privacy protection with high model accuracy, and is suitable for edge computing scenarios that require high level of security and accuracy.

Key words: federated learning, edge computing, blockchain, poisoning attack, privacy preservation

中图分类号:

TP301

方晨, 郭渊博, 王一丰, 胡永进, 马佳利, 张晗, 胡阳阳. 基于区块链和联邦学习的边缘计算隐私保护方法[J]. 通信学报, 2021, 42(11): 28-40.

Chen FANG, Yuanbo GUO, Yifeng WANG, Yongjin HU, Jiali MA, Han ZHANG, Yangyang HU. Edge computing privacy protection method based on blockchain and federated learning[J]. Journal on Communications, 2021, 42(11): 28-40.

图/表 10

图1

表1

主要符号"

符号	定义
g_{i ,t}	第t轮训练时设备i的本地梯度
${\bar{g}}_{i, t}$	第t轮训练时设备i的带噪梯度
${\tilde{g}}_{t}$	第t轮训练的全局梯度
C_t	第t轮训练的梯度裁剪阈值
G	先验阈值
n_i	设备i的本地数据集大小
$T_{{local, i}}^{t}$	第t轮训练时设备i的本地运算时间
T	算法总的训练轮数
K	设备总数量
seed_i	第t轮训练时共识协议中的随机种子

表1

图2

表2

图3

图4

表3

图5

图6

图7

参考文献 29

[1]	周俊, 沈华杰, 林中允 ,等. 边缘计算隐私保护研究进展[J]. 计算机研究与发展, 2020,57(10): 2027-2051.
	ZHOU J , SHEN H J , LIN Z Y ,et al. Research advances on privacy preserving in edge computing[J]. Journal of Computer Research and Development, 2020,57(10): 2027-2051.
[2]	MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv Preprint,arXiv:1602.05629, 2016.
[3]	曾诗钦, 霍如, 黄韬 ,等. 区块链技术研究综述：原理、进展与应用[J]. 通信学报, 2020,41(1): 134-151.
	ZENG S Q , HUO R , HUANG T ,et al. Survey of blockchain:principle,progress and application[J]. Journal on Communications, 2020,41(1): 134-151.
[4]	KIM H , PARK J , BENNIS M ,et al. Blockchained on-device federated learning[J]. IEEE Communications Letters, 2020,24(6): 1279-1283.
[5]	QU Y Y , POKHREL S R , GARG S ,et al. A blockchained federated learning framework for cognitive computing in industry 4.0 networks[J]. IEEE Transactions on Industrial Informatics, 2021,17(4): 2964-2973.
[6]	WANG Q L , GUO Y F , WANG X F ,et al. AI at the edge:blockchain-empowered secure multiparty learning with heterogeneous models[J]. IEEE Internet of Things Journal, 2020,7(10): 9600-9610.
[7]	LU Y L , HUANG X H , ZHANG K ,et al. Blockchain empowered asynchronous federated learning for secure data sharing in Internet of vehicles[J]. IEEE Transactions on Vehicular Technology, 2020,69(4): 4298-4311.
[8]	QU Y Y , GAO L X , LUAN T H ,et al. Decentralized privacy using blockchain-enabled federated learning in fog computing[J]. IEEE Internet of Things Journal, 2020,7(6): 5171-5183.
[9]	ZHAO Y , ZHAO J , JIANG L S ,et al. Privacy-preserving blockchain-based federated learning for IoT devices[J]. IEEE Internet of Things Journal, 2021,8(3): 1817-1829.
[10]	LU Y L , HUANG X H , DAI Y Y ,et al. Blockchain and federated learning for privacy-preserved data sharing in industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2020,16(6): 4177-4186.
[11]	QI Y H , HOSSAIN M S , NIE J T ,et al. Privacy-preserving blockchain-based federated learning for traffic flow prediction[J]. Future Generation Computer Systems, 2021,117: 328-337.
[12]	LIU Y , PENG J L , KANG J W ,et al. A secure federated learning framework for 5G networks[J]. IEEE Wireless Communications, 2020,27(4): 24-31.
[13]	SHORT A R , LELIGOU H C , PAPOUTSIDAKIS M ,et al. Using blockchain technologies to improve security in federated learning systems[C]// Proceedings of 2020 IEEE 44th Annual Computers,Software,and Applications Conference (COMPSAC). Piscataway:IEEE Press, 2020: 1183-1188.
[14]	GILAD Y , HEMO R , MICALI S ,et al. Algorand:scaling Byzantine agreements for cryptocurrencies[C]// Proceedings of the 26th Symposium on Operating Systems Principles. New York:ACM Press, 2017: 51-68.
[15]	DWORK C , ROTH A . The algorithmic foundations of differential privacy[J]. Foundations and Trends? in Theoretical Computer Science, 2013,9(3/4): 211-407.
[16]	FREDRIKSON M , JHA S , RISTENPART T . Model inversion attacks that exploit confidence information and basic countermeasures[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 1322-1333.
[17]	CHEN L J , KOUTRIS P , KUMAR A . Model-based pricing for machine learning in a data marketplace[J]. arXiv Preprint,arXiv:1805.11450, 2018.
[18]	KURTULMUS A B , DANIEL K . Trustless machine learning contracts;evaluating and exchanging machine learning models on the ethereum blockchain[J]. arXiv Preprint,arXiv:1802.10185, 2018.
[19]	LI C L , FU Y C , YU F R ,et al. Vehicle position correction:a vehicular blockchain networks-based GPS error sharing framework[J]. IEEE Transactions on Intelligent Transportation Systems, 2020,22(2): 898-912.
[20]	CHEN L , XU L , SHAH N ,et al. On security analysis of proof-ofelapsed-time (PoET)[C]// Proceedings of International Symposium on Stabilization,Safety,and Security of Distributed Systems. Berlin:Springer International Publishing, 2017: 282-297.
[21]	WENG J S , WENG J , ZHANG J L ,et al. DeepChain:auditable and privacy-preserving deep learning with blockchain-based incentive[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(5): 2438-2455.
[22]	SHAYAN M , FUNG C , YOON C J M ,et al. Biscotti:a ledger for private and secure peer-to-peer machine learning[J]. arXiv Preprint,arXiv:1811.09904, 2018.
[23]	ABADI M , CHU A , GOODFELLOW I ,et al. Deep learning with differential privacy[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 308-318.
[24]	GEYER R C , KLEIN T , NABI M . Differentially private federated learning:a client level perspective[J]. arXiv Preprint,arXiv:1712.07557, 2017.
[25]	FANG C , GUO Y B , HU Y J ,et al. Privacy-preserving and communication-efficient federated learning in Internet of Things[J]. Computers＆ Security, 2021,103: 102199.
[26]	XU C G , REN J , ZHANG D Y ,et al. GANobfuscator:mitigating information leakage under GAN via differential privacy[J]. IEEE Transactions on Information Forensics and Security, 2019,14(9): 2358-2371.
[27]	BLANCHARD P , MHAMDI E M E , GUERRAOUI R ,et al. Machine learning with adversaries:byzantine tolerant gradient descent[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems.New York:Curran Associates Inc.. 2017: 118-128.
[28]	DEMERS A , GREENE D , HAUSER C ,et al. Epidemic algorithms for replicated database maintenance[C]// Proceedings of the 6th annual ACM Symposium on Principles of distributed computing. New York:ACM Press, 1987: 1-12.
[29]	HUANG L , JOSEPH A D , NELSON B ,et al. Adversarial machine learning[C]// Proceedings of the 4th ACM workshop on Security and artificial intelligence. New York:ACM Press, 2011: 43-58.

数据集	准确率	δ	ε_D	ε_A	减少率	平均值
	94%		2.12	1.64	22.6%
MNIST	96%	10^{- 4}	3.43	1.96	42.9%	37%
	97%		5.15	2.78	46.0%
	68%		4.39	3.28	25.3%
CIFAR10	70%	10^{- 4}	6.05	4.11	32.1%	29%
	72%		8.77	6.08	30.7%

设备数量（事务数量）/个	MNIST数据集			CIFAR10数据集
设备数量（事务数量）/个	TPS₁	TPS₂	减少率	TPS₁	TPS₂	减少率
10	0.66	0.56	15.2%	0.65	0.54	16.9%
20	1.36	1.10	19.1%	1.32	1.03	22.0%
30	1.88	1.44	23.4%	1.96	1.42	27.6%
40	2.58	1.82	29.5%	2.53	1.67	34.0%
50	3.09	2.00	35.3%	3.13	1.89	39.6%

基于区块链和联邦学习的边缘计算隐私保护方法

Edge computing privacy protection method based on blockchain and federated learning

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153.
[2]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[3]	张海波, 曹钰坤, 刘开健, 王汝言. 车联网中基于区块链的分布式信任管理方案[J]. 通信学报, 2023, 44(5): 148-157.
[4]	田有亮, 吴柿红, 李沓, 王林冬, 周骅. 基于激励机制的联邦学习优化算法[J]. 通信学报, 2023, 44(5): 169-180.
[5]	张佳乐, 朱诚诚, 孙小兵, 陈兵. 基于GAN的联邦学习成员推理攻击与防御方法[J]. 通信学报, 2023, 44(5): 193-205.
[6]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[7]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[8]	李开菊, 许强, 王豪. 冗余数据去除的联邦学习高效通信方法[J]. 通信学报, 2023, 44(5): 79-93.
[9]	余晟兴, 陈泽凯, 陈钟, 刘西蒙. DAGUARD：联邦学习下的分布式后门攻击防御方案[J]. 通信学报, 2023, 44(5): 110-122.
[10]	姜慧, 何天流, 刘敏, 孙胜, 王煜炜. 面向异构流式数据的高性能联邦持续学习算法[J]. 通信学报, 2023, 44(5): 123-136.
[11]	鲁蔚锋, 李宁, 徐佳, 徐力杰, 徐建. 多接入边缘计算中相关性任务的联合调度算法[J]. 通信学报, 2023, 44(4): 87-98.
[12]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[13]	苏新, 张桂福, 行鸿彦, Zenghui Wang. 基于平衡生成对抗网络的海洋气象传感网入侵检测研究[J]. 通信学报, 2023, 44(4): 124-136.
[14]	胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200.
[15]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.