大数据 ›› 2022, Vol. 8 ›› Issue (5): 45-54.doi: 10.11959/j.issn.2096-0271.2022056

• 专题:数据流通与隐私计算 • 上一篇    下一篇

纵向联邦线性模型在线推理过程中成员推断攻击的隐私保护研究

尹虹舒, 周旭华, 周文君   

  1. 中国电信股份有限公司研究院安全技术研究所,上海 201315
  • 出版日期:2022-09-15 发布日期:2022-09-01
  • 作者简介:尹虹舒(1993- ),女,中国电信股份有限公司研究院安全技术研究所中级工程师、安全技术研究员,主要研究方向为数据安全、信息安全等
    周旭华(1983- ),男,博士,中国电信股份有限公司研究院安全技术研究所研究员,主要研究方向为隐私保护计算、密码学、数据安全等
    周文君(1980- ),女,中国电信股份有限公司研究院安全技术研究所研究员,主要研究方向为数据安全、系统与应用安全等
  • 基金资助:
    国家重点研发计划资助项目(2021YFB3101300)

Research on privacy preservation of member inference attacks in online inference process for vertical federated learning linear model

Hongshu YIN, Xuhua ZHOU, Wenjun ZHOU   

  1. Security Technology Research Division, China Telecom Research Institute, Shanghai 201315, China
  • Online:2022-09-15 Published:2022-09-01
  • Supported by:
    The National Key Research and Development Program of China(2021YFB3101300)

摘要:

随着大数据的发展以及数据安全相关法规的出台,人们的隐私保护意识逐渐加强,“数据孤岛”现象愈发严重。联邦学习技术作为解决该问题的有效方法之一,已成为当下备受关注的热点。在纵向联邦学习在线推理过程中,当前的主流方法并未考虑对数据标识的保护。针对此问题,提出一种适用于纵向联邦线性模型在线推理过程中的成员推断攻击的隐私保护方法,通过构造具有假阳率的过滤器来避免对数据标识的精确定位,从而保证数据的安全性;使用同态加密实现在线推理过程的全密态,保护中间计算结果;根据同态加密的密文倍乘性质,使用随机数乘法盲化操作,保证最终推理结果的安全性。该方案进一步提高了纵向联邦学习在线推理过程中用户隐私的安全性,且具有更低的计算开销和通信开销。

关键词: 联邦学习, 纵向联邦线性模型, 在线推理, 部分同态加密, 数据盲化

Abstract:

With the development of big data and the introduction of data security regulations, the awareness of privacy protection has gradually increased, and the phenomenon of data isolation has become more and more serious.Federated learning technology as one of the effective methods to solve this problem has become a hot spot of concern.In the online inference process of vertical federated learning, the current mainstream methods do not consider the protection of data identity, which is easy to leak user privacy.A privacy protection method for member inference attacks was proposed in the online inference process of the vertical federated linear model.A filter with a false positive rate was constructed to avoid the accurate positioning of data identity to ensure the security of data.Homomorphic encryption was used to realize the full encrypted state of the online inference process and protect the intermediate calculation results.According to the ciphertext multiplication property of homomorphic encryption, the random number multiplication method was used to mask data, which ensured the security of the final inference result.This scheme further improved the security of user privacy in the online inference process of vertical federated learning and had lower computation overhead and communication costs.

Key words: federated learning, vertical federated learning linear model, online inference, partial homomorphic encryption, data masking

中图分类号: 

No Suggested Reading articles found!