面向Non-IID数据的拜占庭鲁棒联邦学习

doi:10.11959/j.issn.1000-436x.2023115

通信学报 ›› 2023, Vol. 44 ›› Issue (6): 138-153.doi: 10.11959/j.issn.1000-436x.2023115

面向Non-IID数据的拜占庭鲁棒联邦学习

马鑫迪¹, 李清华¹, 姜奇¹, 马卓¹, 高胜², 田有亮³, 马建峰¹

¹ 西安电子科技大学网络与信息安全学院，陕西西安 710071
² 中央财经大学信息学院，北京 100081
³ 贵州大学计算机科学与技术学院，贵州贵阳 550025

修回日期:2023-03-09 出版日期:2023-06-25 发布日期:2023-06-01
作者简介:马鑫迪（1989- ），男，山东淄博人，博士，西安电子科技大学副教授、硕士生导师，主要研究方向为数据安全、隐私保护、人工智能安全等
李清华（1998- ），男，江西吉安人，西安电子科技大学硕士生，主要研究方向为隐私保护、联邦学习等
姜奇（1983- ），男，安徽全椒人，博士，西安电子科技大学教授，主要研究方向为安全协议分析、无线网络安全
马卓（1980- ），男，陕西延安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为人工智能与无人系统安全、无线网络安全等
高胜（1987- ），男，湖北黄冈人，博士，中央财经大学副教授，主要研究方向为数据安全与隐私保护、区块链技术及应用
田有亮（1982- ），男，贵州盘州人，博士，贵州大学教授、博士生导师，主要研究方向为算法博弈论、密码学与安全协议、大数据安全与隐私保护、区块链与电子货币等
马建峰（1963- ），男，陕西西安人，博士，西安电子科技大学教授、博士生导师，主要研究方向为密码学、无线和移动安全等
基金资助:
国家重点研发计划基金资助项目(2021YFB3101100);国家自然科学基金资助项目(U21A20464);国家自然科学基金资助项目(62220106004);国家自然科学基金资助项目(62072352);国家自然科学基金资助项目(62261160651);陕西省重点研发计划基金资助项目(2023-ZDLGY-52);陕西省重点研发计划基金资助项目(2023-YBSF-206);信息网络安全公安部重点实验室开放课题资助项目(C1904);中央高校基本科研业务费专项资金资助项目(ZYTS23167)

Byzantine-robust federated learning over Non-IID data

Xindi MA¹, Qinghua LI¹, Qi JIANG¹, Zhuo MA¹, Sheng GAO², Youliang TIAN³, Jianfeng MA¹

¹ School of Cyber Engineering, Xidian University, Xi’an 710071, China
² School of Information, Central University of Finance and Economics, Beijing 100081, China
³ School of Computer Science and Technology, Guizhou University, Guiyang 550025, China

Revised:2023-03-09 Online:2023-06-25 Published:2023-06-01
Supported by:
The National Key Research and Development Program of China(2021YFB3101100);The National Natural Science Foundation of China(U21A20464);The National Natural Science Foundation of China(62220106004);The National Natural Science Foundation of China(62072352);The National Natural Science Foundation of China(62261160651);The Key Research and Development Program of Shaanxi Province(2023-ZDLGY-52);The Key Research and Development Program of Shaanxi Province(2023-YBSF-206);Key Lab of Information Network Security, Ministry of Public Security(C1904);The Fundamental Research Funds for the Central Universities(ZYTS23167)

摘要/Abstract

摘要：

面向数据分布特征为非独立同分布的联邦学习拜占庭节点恶意攻击问题进行研究，提出了一种隐私保护的鲁棒梯度聚合算法。该算法设计参考梯度用于识别模型训练中“质量较差”的共享梯度，并通过信誉度评估来降低数据分布异质对拜占庭节点识别的影响。同时，结合同态加密和随机噪声混淆技术来保护模型训练和拜占庭节点识别过程中的用户隐私。最后，在真实数据集中进行仿真测试，测试结果表明所提算法能够在保护用户隐私的条件下，准确、高效地识别拜占庭攻击节点，具有较好的收敛性和鲁棒性。

关键词: 联邦学习, 拜占庭攻击, 非独立同分布, 隐私保护, 同态加密

Abstract:

The malicious attacks of Byzantine nodes in federated learning was studied over the non-independent and identically distributed dataset , and a privacy protection robust gradient aggregation algorithm was proposed.A reference gradient was designed to identify “poor quality” shared gradients in model training, and the influence of heterogeneity data on Byzantine node recognition was reduced by reputation evaluation.Meanwhile, the combination of homomorphic encryption and random noise obfuscation technology was introduced to protect user privacy in the process of model training and Byzantine node recognition.Finally, through the evaluation over the real-world datasets, the simulation results show that the proposed algorithm can accurately and efficiently identify Byzantine attack nodes while protecting user privacy and has good convergence and robustness.

Key words: federated learning, Byzantine attack, Non-IID, privacy protection, homomorphic encryption

中图分类号:

TN92

马鑫迪, 李清华, 姜奇, 马卓, 高胜, 田有亮, 马建峰. 面向Non-IID数据的拜占庭鲁棒联邦学习[J]. 通信学报, 2023, 44(6): 138-153.

Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data[J]. Journal on Communications, 2023, 44(6): 138-153.

图/表 10

表1

图1

图2

图3

图4

图5

图6

图7

图8

图9

参考文献 33

[1]	YANG Q , LIU Y , CHEN T J ,et al. Federated machine learning:concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019,10(2): 1-19.
[2]	杨强 . AI与数据隐私保护:联邦学习的破解之道[J]. 信息安全研究, 2019,5(11): 961-965.
	YANG Q Y . AI and data privacy protection:the way to federated learning[J. Journal of Information Security Research, 2019,5(11): 961-965.
[3]	KAIROUZ P , MCMAHAN H B , AVENT B ,et al. Advances and open problems in federated learning[J]. Foundations and Trends in Machine Learning, 2021,14(1-2): 1-210.
[4]	LAMPORT L , SHOSTAK R , PEASE M . The Byzantine general problem[M]. New York: ACM Books, 2019.
[5]	CHEN Y D , SU L L , XU J M . Distributed statistical machine learning in adversarial settings:Byzantine gradient descent[C]// Proceedings of the 2018 ACM International Conference on Measurement and Modeling of Computer Systems. New York:ACM Press, 2018: 96-96.
[6]	MCMAHAN B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[C]// Proceedings of Artificial intelligence and statistics. New York:PMLR, 2017: 1273-1282.
[7]	LI X , HUANG K , YANG W ,et al. On the convergence of FedAvg on non-IID data[J]. arXiv Preprint,arXiv:1907.02189, 2019.
[8]	BLANCHARD P , ELMHAMDI E M , GUERRAOUI R ,et al. Machine learning with adversaries:Byzantine tolerant gradient descent[C]// Proceedings of the 31st International Conference on Neural Information Processing Systems. New York:ACM Press, 2017: 118-128.
[9]	LI T , SAHU A K , TALWALKAR A ,et al. Federated learning:challenges,methods,and future directions[J]. IEEE Signal Processing Magazine, 2020,37(3): 50-60.
[10]	ZHU L , LIU Z , HAN S . Deep leakage from gradients[J]. arXiv Preprint,arXiv:1906.08935, 2019.
[11]	HU R , GUO Y X , LI H N ,et al. Personalized federated learning with differential privacy[J]. IEEE Internet of Things Journal, 2020,7(10): 9530-9539.
[12]	BELL J H , BONAWITZ K A , GASCóN A ,et al. Secure single-server aggregation with (poly)logarithmic overhead[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 1253-1269.
[13]	ZHANG C , LI S , XIA J ,et al. Batchcrypt:efficient homomorphic encryption for cross-silo federated learning[C]// Proceedings of the 2020 USENIX Annual Technical Conference. Berkeley:USENIX Association, 2020: 493-506.
[14]	XIE C , KOYEJO O , GUPTA I . Generalized byzantine-tolerant SGD[J]. arXiv Preprint,arXiv:1802.10116, 2018.
[15]	GUERRAOUI R , ROUAULT S . The hidden vulnerability of distributed learning in Byzantium[C]// Proceedings of International Conference on Machine Learning. New York:PMLR, 2018: 3521-3530.
[16]	YIN D , CHEN Y , KANNAN R ,et al. Byzantine-robust distributed learning:towards optimal statistical rates[C]// Proceedings of International Conference on Machine Learning. New York:PMLR, 2018: 5650-5659.
[17]	WU Z X , LING Q , CHEN T Y ,et al. Federated variance-reduced stochastic gradient descent with robustness to Byzantine attacks[J]. IEEE Transactions on Signal Processing, 2020,68: 4583-4596.
[18]	HE L , KARIMIREDDY S P , JAGGI M . Byzantine-robust learning on heterogeneous datasets via resampling[J]. arXiv Preprint,arXiv:2006.09365, 2020.
[19]	LI L , XU W , CHEN T ,et al. RSA:Byzantine-robust stochastic aggregation methods for distributed learning from heterogeneous datasets[C]// Proceedings of the AAAI Conference on Artificial Intelligence. Palo Alto:AAAI Press, 2019: 1544-1551.
[20]	PRAKASH S , AVESTIMEHR A S . Mitigating Byzantine attacks in federated learning[J]. arXiv Preprint,arXiv:2010.07541, 2020.
[21]	XIE C , KOYEJO S , GUPTA I . Zeno:distributed stochastic gradient descent with suspicion-based fault-tolerance[C]// Proceedings of International Conference on Machine Learning. New York:PMLR, 2019: 6893-6901.
[22]	CAO X Y , FANG M H , LIU J ,et al. FLTrust:Byzantine-robust federated learning via trust bootstrapping[C]// Proceedings of 2021 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2021: 1-18.
[23]	ZHAI K , REN Q , WANG J ,et al. Byzantine-robust federated learning via credibility assessment on non-IID data[J]. arXiv Preprint,arXiv:2109.02396, 2021.
[24]	PENG J , WU Z , LING Q ,et al. Byzantine-robust variance-reduced federated learning over distributed non-IID data[J]. Information Sciences, 2022,616: 367-391.
[25]	CHEN M , MAO B , MA T . FedSA:a staleness-aware asynchronous federated learning algorithm with non-IID data[J]. Future Generation Computer Systems, 2021,120: 1-12.
[26]	HE L , KARIMIREDDY S P , JAGGI M . Secure Byzantine-robust machine learning[J]. arXiv Preprint,arXiv:2006.04747, 2020.
[27]	SO J , GüLER B , AVESTIMEHR A S . Byzantine-resilient secure federated learning[J]. IEEE Journal on Selected Areas in Communications, 2021,39(7): 2168-2181.
[28]	KHAZBAK Y , TAN T X , CAO G H . MLGuard:mitigating poisoning attacks in privacy preserving distributed collaborative learning[C]// Proceedings of 29th International Conference on Computer Communications and Networks. Piscataway:IEEE Press, 2020: 1-9.
[29]	MA X D , JIANG Q , SHOJAFAR M ,et al. DisBezant:secure and robust federated learning against Byzantine attack in IoT-enabled MTS[J]. IEEE Transactions on Intelligent Transportation Systems, 2023,24(2): 2492-2502.
[30]	KENNEY J F , KEEPING E S . Mathematics of statistics-part one[J]. 1954,43(242): 332-335.
[31]	LIU X M , DENG R H , CHOO K K R ,et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys[J]. IEEE Transactions on Information Forensics and Security, 2016,11(11): 2401-2414.
[32]	BOST R , POPA R A , TU S ,et al. Machine learning classification over encrypted data[C]// Proceedings of 2015 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2015: 1-15.
[33]	KAMARA S , MOHASSEL P , RAYKOVA M . Outsourcing multi-party computation[J]. Cryptology ePrint Archive, 2011,1(1): 1-41.

方案	实现方法	抵抗拜占庭攻击	隐私保护	训练有效性
文献[11]	DP+FedAvg	×	√	低
文献[12]	MPC+FedAvg	×	√	高
文献[13]	HE+FedAvg	×	√	高
文献[8]	Krum	√	×	高
文献[19]	RSA	√	×	高
文献[21]	Zeno	√	×	高
本文	PPRAgg	√	√	高

面向Non-IID数据的拜占庭鲁棒联邦学习

Byzantine-robust federated learning over Non-IID data

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 33

相关文章 15

Metrics

推荐阅读 0

[1]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[2]	田有亮, 吴柿红, 李沓, 王林冬, 周骅. 基于激励机制的联邦学习优化算法[J]. 通信学报, 2023, 44(5): 169-180.
[3]	张佳乐, 朱诚诚, 孙小兵, 陈兵. 基于GAN的联邦学习成员推理攻击与防御方法[J]. 通信学报, 2023, 44(5): 193-205.
[4]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[5]	李开菊, 许强, 王豪. 冗余数据去除的联邦学习高效通信方法[J]. 通信学报, 2023, 44(5): 79-93.
[6]	余晟兴, 陈泽凯, 陈钟, 刘西蒙. DAGUARD：联邦学习下的分布式后门攻击防御方案[J]. 通信学报, 2023, 44(5): 110-122.
[7]	姜慧, 何天流, 刘敏, 孙胜, 王煜炜. 面向异构流式数据的高性能联邦持续学习算法[J]. 通信学报, 2023, 44(5): 123-136.
[8]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[9]	胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200.
[10]	徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127.
[11]	余晟兴, 陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023, 44(1): 14-28.
[12]	汤凌韬, 王迪, 刘盛云. 面向非独立同分布数据的联邦学习数据增强方案[J]. 通信学报, 2023, 44(1): 164-176.
[13]	杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting：支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111.
[14]	范绍帅, 吴剑波, 田辉. 面向能量受限工业物联网设备的联邦学习资源管理[J]. 通信学报, 2022, 43(8): 65-77.
[15]	张学旺, 黎志鸿, 林金朝. 基于公平盲签名和分级加密的联盟链隐私保护方案[J]. 通信学报, 2022, 43(8): 131-141.