网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (3): 113-122.doi: 10.11959/j.issn.2096-109x.2023043

• 学术论文 • 上一篇    下一篇

基于生成对抗网络的隐私增强联邦学习方案

余锋1,2, 林庆新3, 林晖1,2, 汪晓丁1,2   

  1. 1 福建师范大学计算机与网络空间安全学院,福建 福州 350017
    2 网络安全与教育信息化福建省高校工程研究中心(福建师范大学),福建 福州 350017
    3 福州大学至诚学院,福建 福州 350002
  • 修回日期:2022-08-30 出版日期:2023-06-25 发布日期:2023-06-01
  • 作者简介:余锋(1998– ),男,湖北大悟人,福建师范大学硕士生,主要研究方向为联邦学习、隐私保护
    林庆新(1979- ),男,福建安溪人,福州大学副教授,主要研究方向为计算机网络安全
    林晖(1977– ),男,福建福州人,博士,福建师范大学教授、博士生导师,主要研究方向为机器学习、移动边缘计算和无线网络信息安全
    汪晓丁(1982- ),男,福建福州人,福建师范大学副教授,主要研究方向为网络优化与无线通信网络
  • 基金资助:
    国家自然科学基金(U1905211);国家自然科学基金(61702103);福建省自然科学基金(2020J01167);福建省自然科学基金(2020J01169)

Privacy-enhanced federated learning scheme based on generative adversarial networks

Feng YU1,2, Qingxin LIN3, Hui LIN1,2, Xiaoding WANG1,2   

  1. 1 College of Computer and Cyber Security, Fujian Normal University, Fuzhou 350017, China
    2 Engineering Research Center of Cyber Security and Education Informatization, Fujian Province University, Fuzhou 350117, China
    3 Zhicheng College, Fuzhou University, Fuzhou 350002, China
  • Revised:2022-08-30 Online:2023-06-25 Published:2023-06-01
  • Supported by:
    The National Natural Science Foundation of China(U1905211);The National Natural Science Foundation of China(61702103);The Natural Science Foundation of Fujian Province(2020J01167);The Natural Science Foundation of Fujian Province(2020J01169)

摘要:

联邦学习作为一种分布式机器学习范式,其具有隐私保护能力和异构协作等特性,引起了研究者极大的关注。然而,研究工作表明通过梯度可以确定一个确切的数据记录或一个具有特定属性的数据记录是否包含在其他参与者的批处理中,甚至揭露参与者的训练数据,通常称之为“梯度泄露”。同时,当前隐私增强联邦学习方法的工作可能存在准确率下降或者计算通信开销增加等问题,甚至引发新的不安全因素。因此,提出一种差分隐私增强的生成对抗网络模型,该模型向vanilla GAN中引入了识别器,通过生成器与鉴别器、生成器与识别器两个博弈过程,生成器合成的数据尽可能接近输入数据的同时满足差分隐私的约束。将此模型应用到联邦学习框架中,在一定程度上保证了模型准确率,并且提高了联邦学习框架的隐私保护能力。仿真实验验证了所提方案在客户端/服务器联邦学习架构下的有效性,相比 DP-SGD 方法,所提方案平衡了数据隐私性与实用性而不是以牺牲准确率为代价来增强隐私保护能力。从理论上分析了所提模型在点对点(P2P,peer-to-peer)架构下的可用性,并讨论了未来研究工作。

关键词: 联邦学习, 梯度泄露, 隐私增强, 生成对抗网络, 差分隐私

Abstract:

Federated learning, a distributed machine learning paradigm, has gained a lot of attention due to its inherent privacy protection capability and heterogeneous collaboration.However, recent studies have revealed a potential privacy risk known as “gradient leakage”, where the gradients can be used to determine whether a data record with a specific property is included in another participant’s batch, thereby exposing the participant’s training data.Current privacy-enhanced federated learning methods may have drawbacks such as reduced accuracy, computational overhead, or new insecurity factors.To address this issue, a differential privacy-enhanced generative adversarial network model was proposed, which introduced an identifier into vanilla GAN, thus enabling the input data to be approached while satisfying differential privacy constraints.Then this model was applied to the federated learning framework, to improve the privacy protection capability without compromising model accuracy.The proposed method was verified through simulations under the client/server (C/S) federated learning architecture and was found to balance data privacy and practicality effectively compared with the DP-SGD method.Besides, the usability of the proposed model was theoretically analyzed under a peer-to-peer (P2P) architecture, and future research work was discussed.

Key words: federated learning, gradient leakage, privacy enhancement, generative adversarial network, differential privacy

中图分类号: 

No Suggested Reading articles found!