大数据 ›› 2022, Vol. 8 ›› Issue (5): 12-32.doi: 10.11959/j.issn.2096-0271.2022038
吴建汉1,2, 司世景1, 王健宗1, 肖京1
出版日期:
2022-09-15
发布日期:
2022-09-01
作者简介:
吴建汉(1998- ),男,中国科学技术大学硕士生,平安科技(深圳)有限公司算法工程师,中国计算机学会(CCF)学生会员,主要研究方向为计算机视觉和联邦学习基金资助:
Jianhan WU1,2, Shijing SI1, Jianzong WANG1, Jing XIAO1
Online:
2022-09-15
Published:
2022-09-01
Supported by:
摘要:
随着机器学习技术的广泛应用,数据安全问题时有发生,人们对数据隐私保护的需求日渐显现,这无疑降低了不同实体间共享数据的可能性,导致数据难以共享,形成“数据孤岛”。联邦学习可以有效解决“数据孤岛”问题。联邦学习本质上是一种分布式的机器学习,其最大的特点是将用户数据保存在用户本地,模型联合训练过程中不会泄露各参与方的原始数据。尽管如此,联邦学习在实际应用中仍然存在许多安全隐患,需要深入研究。对联邦学习可能受到的攻击及相应的防御措施进行系统性的梳理。首先根据联邦学习的训练环节对其可能受到的攻击和威胁进行分类,列举各个类别的攻击方法,并介绍相应攻击的攻击原理;然后针对这些攻击和威胁总结具体的防御措施,并进行原理分析,以期为初次接触这一领域的研究人员提供详实的参考;最后对该研究领域的未来工作进行展望,指出几个需要重点关注的方向,帮助提高联邦学习的安全性。
中图分类号:
吴建汉, 司世景, 王健宗, 肖京. 联邦学习攻击与防御综述[J]. 大数据, 2022, 8(5): 12-32.
Jianhan WU, Shijing SI, Jianzong WANG, Jing XIAO. Threats and defenses of federated learning: a survey[J]. Big Data Research, 2022, 8(5): 12-32.
表2
联邦学习的攻击类型对比"
攻击类型 | 攻击原理 | 攻击方法 |
数据中毒 | 攻击者向训练数据集中添加恶意数据或篡改数据集中的某些数据,以达到攻击目的 | 干净标签中毒攻击[ |
模型攻击 | 通过更改被攻击客户端本地模型的更新来更改全局模型更新 | 拜占庭攻击[ |
推理攻击 | 通过攻击手段(如窃听、监视等)获取某些信息,然后利用这些信息推理获得目标信息 | 成员、特征、标签推理攻击[ |
服务器漏洞 | 服务器所处环境缺少安全防御措施,导致易受到攻击,或存在恶意服务器 | 脆弱、恶意服务器攻击[ |
表3
联邦学习通用隐私保护措施对比"
技术结合 | 参考文献 | 特性 |
中心化差分隐私 | [51-52] | 聚合和更新分别通过添加与删除噪声来达到保护隐私的目的,但需要一个可信的数据收集库 |
本地化差分隐私 | [53-55] | 将数据的隐私化处理过程转移至每个用户的设备上,使得用户能够单独地处理和保护个人数据,但这会影响模型的精度 |
分布式差分隐私 | [56-57] | 结合密码学技术来改进本地差分隐私和中心差分隐私 |
全同态加密 | [60] | 对隐私有绝对的保护,但计算复杂度非常高 |
部分同态加密 | [60-63] | 只对梯度进行加密处理,可以在很大程度上降低通信成本,实用性强 |
秘密共享 | [65] | 属于典型的密钥分发机制,在联邦学习中应用成熟 |
可验证性秘密共享 | [67-69] | 通过引入可验证机制,进一步提高秘密共享的安全性,且能与其他技术结合使用 |
表4
联邦学习针对性防御措施对比"
防御类型 | 参考文献 | 防御措施 | 特点 |
防御数据中毒 | [71] | 检测上下文信息 | 通过与之前的数据进行对比来检测数据点 |
[72-73] | 最小化图像总方差,HGD | 使用压缩、降噪和减少全局方差等方法来处理数据,进而达到保护数据的目的 | |
[75-77] | 对抗训练 | 将真实样本和对抗样本放在一起作为训练集进行训练 | |
防御模型攻击 | [78] | 检测错误的模型更新 | 直接或间接使用模型参数之间的数值差异来检测异常模型 |
[80-83] | 安全聚合 | 使用不同的聚合算法来保护模型参数 | |
防御推理攻击 | [84-85] | 模型堆叠,DNN | 将多种模型进行集成或者组合,以提高模型的复杂度 |
防御服务器漏洞 | [87-[89] | TEE | 通过硬件隔离的技术来保护隐私 |
[90] | 安全多方计算 | 安全联合多个参与方完成某种协同计算 |
[12] | LIU Y , KANG Y , XING C P ,et al. A secure federated transfer learning framework[J]. IEEE Intelligent Systems, 2020,35(4): 70-82. |
[13] | KAIROUZ P , MCMAHAN H B , AVENT B ,et al. Advances and open problems in federated learning[J]. arXiv preprint,2019,arXiv:1912.04977. |
[14] | ZHAO S H , MA X J , ZHENG X ,et al. Clean-label backdoor attacks on video recognition models[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2020: 14431-14440. |
[15] | BHAGOJI A N , CHAKRABORTY S , MITTAL P ,et al. Analyzing federated learning through an adversarial lens[C]// Proceedings of the 36th International Conference On Machine Learning.[S.l.:s.n.], 2019: 634-643. |
[16] | SHAFAHI A , HUANG W R , NAJIBI M ,et al. Poison frogs! targeted clean-label poisoning attacks on neural networks[C]// Proceedings of the 32nd International Conference on Neural Information Processing Systems.Red Hook:Curran Associates Inc. , 2018: 6106-6116. |
[17] | BIGGIO B , NELSON B , LASKOV P . Poisoning attacks against support vector machines[J]. arXiv preprint,2012,arXiv:1206.6389. |
[18] | CHEN X Y , LIU C , LI B ,et al. Targeted backdoor attacks on deep learning systems using data poisoning[J]. arXiv preprint,2017,arXiv:1712.05526. |
[19] | TOLPEGIN V , TRUEX S , GURSOY M E ,et al. Data poisoning attacks against federated learning systems[C]// Proceedings of 2020 European Symposium on Research in Computer Security. Cham:Springer, 2020: 480-501. |
[20] | BAGDASARYAN E , VEIT A , HUA Y Q ,et al. How to backdoor federated learning[J]. arXiv preprint,2018,arXiv:1807.00459. |
[21] | JERE M S , FARNAN T , KOUSHANFAR F . A taxonomy of attacks on federated learning[J]. IEEE Security & Privacy, 2021,19(2): 20-28. |
[22] | ZHOU X C , XU M , WU Y M ,et al. Deep model poisoning attack on federated learning[J]. Future Internet, 2021,13(3): 73. |
[23] | FANG M H , CAO X Y , JIA J Y ,et al. Local model poisoning attacks to byzantinerobust federated learning[C]// Proceedings of the 29th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2020: 1623-1640. |
[24] | BERNSTEIN J , ZHAO J W , AZIZZADENESHELI K ,et al. signSGD with majority vote is communication efficient and fault tolerant[J]. arXiv preprint,2018,arXiv:1810.05291. |
[25] | XIE C , KOYEJO S , GUPTA I . Fall of empires:breaking Byzantine-tolerant SGD by inner product manipulation[J]. arXiv preprint,2019,arXiv:1903.03936. |
[26] | SHEJWALKAR V , HOUMANSADR A . Manipulating the Byzantine:optimizing model poisoning attacks and defenses for federated learning[C]// Proceedings of 2021 Network and Distributed System Security Symposium. Reston:Internet Society, 2021:18. |
[27] | LIU Y F , MA X J , BAILEY J ,et al. Reflection backdoor:a natural backdoor attack on deep neural networks[C]// Proceedings of 2020 European Conference on Computer Vision. Cham:Springer, 2020: 182-199. |
[28] | COSTA G , PINELLI F , SODERI S ,et al. Covert channel attack to federated learning systems[J]. arXiv preprint,2021,arXiv:2104.10561. |
[29] | LEE H , KIM J , HUSSAIN R ,et al. On defensive neural networks against inference attack in federated learning[C]// Proceedings of 2021 IEEE International Conference on Communications. Piscataway:IEEE Press, 2021: 1-6. |
[30] | AONO Y , HAYASHI T , PHONG L T ,et al. Scalable and secure logistic regression via homomorphic encryption[C]// Proceedings of the 6th ACM Conference on Data and Application Security and Privacy. New York:ACM Press, 2016: 142-144. |
[31] | LUO X J , WU Y C , XIAO X K ,et al. Feature inference attack on model predictions in vertical federated learning[C]// Proceedings of 2021 IEEE 37th International Conference on Data Engineering. Piscataway:IEEE Press, 2021: 181-192. |
[32] | WAINAKH A , VENTOLA F , Mü?IG T , ,et al. User label leakage from gradients in federated learning[J]. arXiv preprint,2021,arXiv:2105.09369. |
[33] | NASR M , SHOKRI R , HOUMANSADR A . Comprehensive privacy analysis of deep learning:passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 739-753. |
[34] | DONG Y P , SU H , WU B Y ,et al. Efficient decision-based black-box adversarial attacks on face recognition[C]// Proceedings of 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2019: 7706-7714. |
[35] | YIN Z Y , YUAN Y , GUO P F ,et al. Backdoor attacks on federated learning with lottery ticket hypothesis[J]. arXiv preprint,2021,arXiv:2109.10512. |
[1] | ZHANG C , XIE Y , BAI H ,et al. A survey on federated learning[J]. KnowledgeBased Systems, 2021,216: 106775. |
[2] | ALEDHARI M , RAZZAK R , PARIZI R M ,et al. Federated learning:a survey on enabling technologies,protocols,and applications[J]. IEEE Access:Practical Innovations,Open Solutions, 2020,8: 140699-140725. |
[36] | CHENG M H , LE T , CHEN P Y ,et al. Query-efficient hard-label black-box attack:an optimization-based approach[J]. arXiv preprint,2018,arXiv:1807.04457. |
[37] | LI Y D , LI L J , WANG L Q ,et al. NATTACK:learning the distributions of adversarial examples for an improved black-box attack on deep neural networks[C]// Proceedings of the 36th International Conference on Machine Learning.[S.l.:s.n.], 2019: 3866-3876. |
[3] | BLANCO-JUSTICIA A , DOMINGOFERRER J , MARTíNEZ S , ,et al. Achieving security and privacy in federated learning systems:survey,research challenges and future directions[J]. Engineering Applications of Artificial Intelligence, 2021,106: 104468. |
[4] | YANG Q , LIU Y , CHENG Y ,et al. Federated learning[J]. Synthesis Lectures on Artificial Intelligence and Machine Learning, 2019,13(3): 1-207. |
[38] | BAI Y , CHEN D G , CHEN T ,et al. GANMIA:GAN-based black-box membership inference attack[C]// Proceedings of 2021 IEEE International Conference on Communications. Piscataway:IEEE Press, 2021: 1-6. |
[39] | ZHANG Y H , JIA R X , PEI H Z ,et al. The secret revealer:generative modelinversion attacks against deep neural networks[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2020: 250-258. |
[5] | LI T , SAHU A K , TALWALKAR A ,et al. Federated learning:challenges,methods,and future directions[J]. IEEE Signal Processing Magazine, 2020,37(3): 50-60. |
[6] | TRUONG N , SUN K , WANG S Y ,et al. Privacy preservation in federated learning:an insightful survey from the GDPR perspective[J]. Computers &Security, 2021,110: 102402. |
[40] | REN H C , DENG J J , XIE X H . GRNN:generative regression neural network—a data leakage attack for federated learning[J]. ACM Transactions on Intelligent Systems and Technology, 2022,13(4): 1-24. |
[41] | HITAJ B , ATENIESE G , PEREZCRUZ F . Deep models under the GAN:information leakage from collaborative deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 603-618. |
[7] | KONE?NY J , MCMAHAN H B , YU F X ,et al. Federated learning:strategies for improving communication efficiency[J]. arXiv preprint,2016,arXiv:1610.05492. |
[8] | 马嘉华, 孙兴华, 夏文超 ,等. 基于标签量信息的联邦学习节点选择算法[J]. 物联网学报, 2021,5(4): 46-53. |
[42] | LYU L J , YU H , YANG Q . Threats to federated learning:a survey[J]. arXiv preprint,2020,arXiv:2003.02133. |
[43] | SONG M K , WANG Z B , ZHANG Z F ,et al. Analyzing user-level privacy attack against federated learning[J]. IEEE Journal on Selected Areas in Communications, 2020,38(10): 2430-2444. |
[8] | MA J H , SUN X H , XIA W C ,et al. Node selection based on label quantity information in federated learning[J]. Chinese Journal on Internet of Things, 2021,5(4): 46-53. |
[9] | ABDULRAHMAN S , TOUT H , OULDSLIMANE H ,et al. A survey on federated learning:the journey from centralized to distributed on-site learning and beyond[J]. IEEE Internet of Things Journal, 2021,8(7): 5476-5497. |
[44] | BOUACIDA N , MOHAPATRA P . Vulnerabilities in federated learning[J]. IEEE Access, 2021,9: 63229-63249. |
[45] | WANG Z B , SONG M K , ZHANG Z F ,et al. Beyond inferring class representatives:user-level privacy leakage from federated learning[C]// Proceedings of 2019 IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2019: 2512-2520. |
[10] | 王健宗, 孔令炜, 黄章成 ,等. 联邦学习算法综述[J]. 大数据, 2020,6(6): 64-82. |
WANG J Z , KONG L W , HUANG Z C ,et al. Research review of federated learning algorithms[J]. Big Data Research, 2020,6(6): 64-82. | |
[46] | MOTHUKURI V , PARIZI R M , POURIYEH S ,et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021,115: 619-640. |
[47] | LYU L J , YU H , MA X J ,et al. Privacy and robustness in federated learning:attacks and defenses[J]. arXiv preprint,2020,arXiv:2012. 06337. |
[48] | WEI K , LI J , DING M ,et al. Federated learning with differential privacy:algorithms and performance analysis[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 3454-3469. |
[49] | GIRGIS A M , DATA D , DIGGAVI S ,et al. Shuffled model of differential privacy in federated learning[C]// Proceedings of 2021 International Conference on Artificial Intelligence and Statistics.[S.l.:s.n.], 2021: 2521-2529. |
[50] | HU R , GUO Y X , LI H N ,et al. Personalized federated learning with differential privacy[J]. IEEE Internet of Things Journal, 2020,7(10): 9530-9539. |
[51] | MCMAHAN H B , RAMAGE D , TALWAR K ,et al. Learning differentially private recurrent language models[J]. arXiv preprint,2017,arXiv:1710.06963. |
[52] | GEYER R C , KLEIN T , NABI M . Differentially private federated learning:a client level perspective[J]. arXiv preprint,2017,arXiv:1712.07557. |
[53] | SUN L C , QIAN J W , CHEN X . LDPFL:practical private aggregation in federated learning with local differential privacy[C]// Proceedings of the 30th International Joint Conference on Artificial Intelligence. California:International Joint Conferences on Artificial Intelligence Organization, 2021: 1571-1578. |
[54] | DUCHI J C , JORDAN M I , WAINWRIGHT M J . Local privacy and statistical minimax rates[C]// Proceedings of 2013 IEEE 54th Annual Symposium on Foundations of Computer Science. Piscataway:IEEE Press, 2013: 429-438. |
[55] | ERLINGSSON ú , PIHUR V , KOROLOVA A . RAPPOR:randomized aggregatable privacy-preserving ordinal response[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2014: 1054-1067. |
[56] | RASTOGI V , NATH S . Differentially private aggregation of distributed time-series with transformation and encryption[C]// Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data. New York:ACM Press, 2010: 735-746. |
[57] | AGARWAL N , SURESH A T , YU F ,et al. cpSGD:communication-efficient and differentially-private distributed SGD[C]// Proceedings of the 32nd International Conference on Neural Information Processing Systems.Red Hook:Curran Associates Inc. , 2018: 7575-7586. |
[58] | ZHANG C L , LI S Y , XIA J Z ,et al. BatchCrypt:efficient homomorphic encryption for cross-silo federated learning[C]// Proceedings of the 2020 USENIX Annual Technical Conference. Berkeley:USENIX Association, 2020: 493-506. |
[59] | FANG H K , QIAN Q . Privacy preserving machine learning with homomorphic encryption and federated learning[J]. Future Internet, 2021,13(4): 94. |
[60] | GENTRY C , . Fully homomorphic encryption using ideal lattices[C]// Proceedings of the 41st Annual ACM Symposium on Theory of Computing. New York:ACM Press, 2009: 169-178. |
[61] | PHONG L T , AONO Y , HAYASHI T ,et al. Privacy-preserving deep learning via additively homomorphic encryption[J]. IEEE Transactions on Information Forensics and Security, 2018,13(5): 1333-1345. |
[62] | YANG T , ANDREW G , EICHNER H ,et al. Applied federated learning:improving google keyboard query suggestions[J]. arXiv preprint,2018,arXiv:1812.02903. |
[63] | MADI A , STAN O , MAYOUE A ,et al. A secure federated learning framework using homomorphic encryption and verifiable computing[C]// Proceedings of 2021 Reconciling Data Analytics,Automation,Privacy,and Security:A Big Data Challenge. Piscataway:IEEE Press, 2020: 1-8. |
[64] | ZHU H F , MONG GOH R S , NG W K . Privacy-preserving weighted federated learning within the secret sharing framework[J]. IEEE Access, 2020,8: 198275-198284. |
[65] | CHA J , SINGH S K , KIM T W ,et al. Blockchain-empowered cloud architecture based on secret sharing for smart city[J]. Journal of Information Security and Applications, 2021,57: 102686. |
[66] | BONAWITZ K , IVANOV V , KREUTER B ,et al. Practical secure aggregation for privacy-preserving machine learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 1175-1191. |
[67] | HAN G , ZHANG T T , ZHANG Y H ,et al. Verifiable and privacy preserving federated learning without fully trusted centers[J]. Journal of Ambient Intelligence and Humanized Computing, 2022,13(3): 1431-1441. |
[68] | CHANDRAMOULI A , CHOUDHURY A , PATRA A . A survey on perfectlysecure verifiable secret-sharing[J]. ACM Computing Surveys, 2022. |
[69] | FEREIDOONI H , MARCHAL S , MIETTINEN M ,et al. SAFELearn:secure aggregation for private FEderated learning[C]// Proceedings of 2021 IEEE Security and Privacy Workshops. Piscataway:IEEE Press, 2021: 56-62. |
[70] | 周俊, 方国英, 吴楠 . 联邦学习安全与隐私保护研究综述[J]. 西华大学学报(自然科学版), 2020,39(4): 9-17. |
ZHOU J , FANG G Y , WU N . Survey on security and privacy-preserving in federated learning[J]. Journal of Xihua University (Natural Science Edition), 2020,39(4): 9-17. | |
[71] | BARACALDO N , CHEN B , LUDWIG H ,et al. Mitigating poisoning attacks on machine learning models:a data provenance based approach[C]// Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. New York:ACM Press, 2017: 103-110. |
[72] | SATTLER F , WIEDEMANN S , MüLLER K-R ,et al. Robust and communication-efficient federated learning from non-i.i.d.data[J]. IEEE Transactions on Neural Networks and Learning Systems, 2020,31(9): 3400-3413. |
[73] | LIAO F Z , LIANG M , DONG Y P ,et al. Defense against adversarial attacks using high-level representation guided denoiser[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2018: 1778-1787. |
[74] | XU W L , EVANS D , QI Y J . Feature squeezing:detecting adversarial examples in deep neural networks[J]. arXiv preprint,2017,arXiv:1704.01155. |
[75] | ZHU C , CHENG Y , GAN Z ,et al. FreeLB:enhanced adversarial training for language understanding[J]. arXiv preprint,2019,arXiv:1909.11764. |
[76] | SHAH D , DUBE P , CHAKRABORTY S ,et al. Adversarial training in communication constrained federated learning[J]. arXiv preprint,2021,arXiv:2103.01319. |
[77] | FUNG C , YOON C J M , BESCHASTNIKH I . Mitigating sybils in federated learning poisoning[J]. arXiv preprint,2018,arXiv:1808.04866. |
[78] | 王健宗, 孔令炜, 黄章成 ,等. 联邦学习隐私保护研究进展[J]. 大数据, 2021,7(3): 130-149. |
WANG J Z , KONG L W , HUANG Z C ,et al. Research advances on privacy protection of federated learning[J]. Big Data Research, 2021,7(3): 130-149. | |
[79] | ANDREINA S , MARSON G A , M?LLERING H ,et al. BaFFLe:backdoor detection via feedback-based federated learning[C]// Proceedings of 2021 IEEE 41st International Conference on Distributed Computing Systems. Piscataway:IEEE Press, 2021: 852-863. |
[80] | MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv preprint,2016,arXiv:1602.05629. |
[81] | YIN D , CHEN Y D , RAMCHANDRAN K ,et al. Byzantine-robust distributed learning:towards optimal statistical rates[J]. arXiv preprint,2018,arXiv:1803.01498. |
[82] | BLANCHARD P , MHAMDI E M E , GUERRAOUI R ,et al. Machine learning with adversaries:Byzantine tolerant gradient descent[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems.Red Hook:Curran Associates Inc. , 2017: 118-128. |
[83] | MHAMDI E M E , GUERRAOUI R , ROUAULT S . The hidden vulnerability of distributed learning in Byzantium[J]. arXiv preprint,2018,arXiv:1802.07927. |
[84] | SO J , GüLER B , AVESTIMEHR A S . Turbo-aggregate:breaking the quadratic aggregation barrier in secure federated learning[J]. IEEE Journal on Selected Areas in Information Theory, 2021,2(1): 479-489. |
[85] | LEE H , KIM J , AHN S ,et al. Digestive neural networks:a novel defense strategy against inference attacks in federated learning[J]. Computers & Security, 2021,109: 102378. |
[86] | 周传鑫, 孙奕, 汪德刚 ,等. 联邦学习研究综述[J]. 网络与信息安全学报, 2021,7(5): 77-92. |
ZHOU C X , SUN Y , WANG D G ,et al. Survey of federated learning research[J]. Chinese Journal of Network and Information Security, 2021,7(5): 77-92. | |
[87] | QUOC D L , FETZER C . SecFL:confidential federated learning using TEEs[J]. arXiv preprint,2021,arXiv:2110.00981. |
[88] | LI W H , XIA Y B , LU L ,et al. TEEv:virtualizing trusted execution environments on mobile platforms[C]// Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. New York:ACM Press, 2019: 2-16. |
[89] | CHEN Y , LUO F , LI T ,et al. A trainingintegrity privacy-preserving federated learning scheme with trusted execution environment[J]. Information Sciences, 2020,522: 69-79. |
[90] | ZHAO Y , ZHAO J , JIANG L S ,et al. Mobile edge computing,blockchain and reputation-based crowdsourcing IoT federated learning:a secure,decentralized and privacy-preserving system[J]. arXiv preprint,2019,arXiv:1906.10893. |
[11] | LI L , FAN Y X , TSE M ,et al. A review of applications in federated learning[J]. Computers & Industrial Engineering, 2020,149: 106854. |
[91] | DOSHI-VELEZ F , KIM B . Towards a rigorous science of interpretable machine learning[J]. arXiv preprint,2017,arXiv:1702.08608. |
[1] | 叶剑, 李文. 支持互联互通的隐私计算网关设计与实现[J]. 大数据, 2023, 9(6): 28-38. |
[2] | 李云辉, 陈家辉. 基于区块链的感知数据交易隐私保护方案[J]. 大数据, 2023, 9(6): 39-52. |
[3] | 唐浩彬, 张旭龙, 王健宗, 程宁, 肖京. 表现性语音合成综述[J]. 大数据, 2023, 9(6): 53-71. |
[4] | 张传尧, 司世景, 王健宗, 肖京. 联邦元学习综述[J]. 大数据, 2023, 9(2): 122-146. |
[5] | 张伶俐, 褚琦凯, 王桂娟, 张巍瀚, 蒲慧, 宋振金, 吴亚东. 文本情感可视分析技术及其在人文领域的应用[J]. 大数据, 2022, 8(6): 56-73. |
[6] | 尹虹舒, 周旭华, 周文君. 纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究[J]. 大数据, 2022, 8(5): 45-54. |
[7] | 阮雯强, 徐铭辛, 涂新宇, 宋鲁杉, 韩伟力. 数据租赁——数据流通的新方式[J]. 大数据, 2022, 8(5): 3-11. |
[8] | 李懿, 王劲松, 张洪玮. 基于区块链与函数加密的隐私数据安全共享模型研究[J]. 大数据, 2022, 8(5): 33-44. |
[9] | 张燕, 杨一帆, 伊人, 罗圣美, 唐剑飞, 夏正勋. 隐私计算场景下数据质量治理探索与实践[J]. 大数据, 2022, 8(5): 55-73. |
[10] | 朱智韬, 司世景, 王健宗, 肖京. 联邦推荐系统综述[J]. 大数据, 2022, 8(4): 105-132. |
[11] | 任帅, 陈丹丹, 储根深, 白鹤, 李慧昭, 何远杰, 胡长军. 基于材料数值计算大数据的材料辐照机理发现[J]. 大数据, 2021, 7(6): 3-18. |
[12] | 王健宗, 孔令炜, 黄章成, 陈霖捷, 刘懿, 卢春曦, 肖京. 联邦学习隐私保护研究进展[J]. 大数据, 2021, 7(3): 130-149. |
[13] | 乐洁玉, 罗超洋, 丁静姝, 李卿. 教育大数据隐私保护机制与技术研究[J]. 大数据, 2020, 6(6): 52-63. |
[14] | 王健宗, 孔令炜, 黄章成, 陈霖捷, 刘懿, 何安珣, 肖京. 联邦学习算法综述[J]. 大数据, 2020, 6(6): 64-82. |
[15] | 于璠. 新一代深度学习框架研究[J]. 大数据, 2020, 6(4): 69-80. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|