基于模型分割的联邦学习数据隐私保护方法

陈卡

doi:10.11959/j.issn.1000-0801.2024206

您当前的位置：

首页 >

文章列表页 >

基于模型分割的联邦学习数据隐私保护方法

研究与开发 | 更新时间：2024-11-25

- 基于模型分割的联邦学习数据隐私保护方法
- Model split-based data privacy protection method for federated learning
- 电信科学 2024年40卷第9期页码：136-145
- 作者机构：
  
  驻马店职业技术学院，河南驻马店 463000
- 作者简介：
  
  [ "陈卡（1981- ），男，驻马店职业技术学院副教授，主要研究方向为计算机应用。" ]
- 基金信息：
  
  2024年河南省科技发展计划项目(242400410491);河南省科技攻关计划项目(212102210516);2021年度河南省高等教育教学改革研究与实践立项项目(2021SJGLX865)
- DOI：10.11959/j.issn.1000-0801.2024206
  中图分类号： TN18
- 收稿日期：2024-03-02，
  
  修回日期：2024-09-05，
  
  纸质出版日期：2024-09-20
- 稿件说明：
移动端阅览
陈卡.基于模型分割的联邦学习数据隐私保护方法[J].电信科学,2024,40(09):136-145.

CHEN Ka.Model split-based data privacy protection method for federated learning[J].Telecommunications Science,2024,40(09):136-145.
陈卡.基于模型分割的联邦学习数据隐私保护方法[J].电信科学,2024,40(09):136-145. DOI： 10.11959/j.issn.1000-0801.2024206.

CHEN Ka.Model split-based data privacy protection method for federated learning[J].Telecommunications Science,2024,40(09):136-145. DOI： 10.11959/j.issn.1000-0801.2024206.

摘要

在不共享原始数据的前提下，分割学习（split learning，SL）允许客户端同服务端协作训练深度学习模型，进而保护数据隐私。然而，SL仍存在数据隐私泄露问题。为此，提出基于二值分割学习的数据隐私保护（binarized split learning-based data privacy protection，BLDP）算法。将客户端所训练的本地模型进行二值化，降低由分割层输出值引起的数据泄露损失。同时，BLDP算法采用泄露约束训练机制，进一步减少数据泄露损失。该机制以本地数据泄露损失和模型精度损失为总体损失值进行模型训练，进而在维护模型精度的同时，保护数据隐私。以4个常用的基准数据集进行训练，分析BLDP算法的分类准确率以及减少数据隐私泄露损失方面的性能。分析结果表明，所提BLDP算法能在分类准确率和数据隐私泄露损失间达成平衡。

Abstract

Split learning (SL) enables data privacy preservation by allowing clients to collaboratively train a deep learning model with the server without sharing raw data. However

the SL still has limitations such as potential data privacy leakage. Therefore

binarized split learning-based data privacy protection (BLDP) algorithm was proposed. In BLDP

the local layers of client were binarized to reduce privacy leakage from SL smashed data. In addition

the leakage-restriction training strategy was proposed to further reduce data leaks. The strategy combines leak loss of local private data and model accuracy loss that enhances privacy while maintaining model accuracy. To evaluate the proposed BLDP algorithm

experiments were conducted on four commonly benchmarked datasets and the leakage loss and model accuracy were analyzed. The results show that the proposed BLDP algorithm can achieve a balance between classification accuracy and data privacy loss.

关键词

Keywords

references

张哲源 , 顾幸生 . 基于分布式深度神经网络的双馈风机低压故障穿越研究 [J ] . 华东理工大学学报（自然科学版） 2023 , 49 ( 3 ): 401 - 409 .

ZHANG Z Y , GU X S . Low voltage ride through research on distributed deep neural network-based doubly fed induction generator [J ] . Journal of East China University of Science and Technology , 2023 , 49 ( 3 ): 401 - 409 .

董业 , 侯炜 , 陈小军 , 等 . 基于秘密分享和梯度选择的高效安全联邦学习 [J ] . 计算机研究与发展 , 2020 , 57 ( 10 ): 2241 - 2250 .

DONG Y , HOU W , CHEN X J , et al . Efficient and secure federated learning based on secret sharing and gradients selection [J ] . Journal of Computer Research and Development , 2020 , 57 ( 10 ): 2241 - 2250 .

汤凌韬 , 陈左宁 , 张鲁飞 , 等 . 联邦学习中的隐私问题研究进展 [J ] . 软件学报 , 2023 , 34 ( 1 ): 197 - 229 .

TANG L T , CHEN Z N , ZHANG L F , et al . Research progress of privacy issues in federated learning [J ] . Journal of Software , 2023 , 34 ( 1 ): 197 - 229 .

AYAD A , FREI M , SCHMEINK A . Efficient and private ECG classification on the edge using a modified split learning mechanism [C ] // Proceedings of the 2022 IEEE 10th International Conference on Healthcare Informatics (ICHI) . Piscataway : IEEE Press , 2022 : 1 - 6 .

ALI KHOWAJA S , LEE I H , DEV K , et al . Get your foes fooled: proximal gradient split learning for defense against model inversion attacks on IoMT data [J ] . IEEE Transactions on Network Science and Engineering , 2023 , 10 ( 5 ): 2607 - 2616 .

ABUADBBA S , KIM K , KIM M , et al . Can we use split learning on 1D CNN models for privacy preserving training? [C ] // Proceedings of the Proceedings of the 15th ACM Asia Conference on Computer and Communications Security . New York : ACM Press , 2020 : 305 - 318 .

DONG H , WU C , WEI Z , et al . Dropping activation outputs with localized first-layer deep network for enhancing user privacy and data security [J ] . IEEE Transactions on Information Forensics and Security , 2018 , 13 ( 3 ): 662 - 670 .

姚玉鹏 , 魏立斐 , 张蕾 . APFL: 一种隐私保护的抗投毒攻击联邦学习方案 [J ] . 计算机工程 , 2024 : 1 - 14 [ 2024-06-28 ] .

YAO Y P , WEI L F , ZHANG L . APFL: A privacy-preserving federated learning scheme against poisoning attack [J ] . Computer Engineering , 2024 : 1 - 14 [ 2024-06-28 ] .

孙敏 , 丁希宁 , 成倩 . 基于差分隐私的联邦学习方案 [J ] . 计算机科学 , 2024 , 51 ( S1 ): 912 - 917 .

SUN M , DING X N , CHENG Q . Federated learning scheme based on differential privacy [J ] . Computer Science , 2024 , 51 ( S1 ): 912 - 917 .

乐俊青 , 谭州勇 , 张迪 , 等 . 面向车联网数据持续共享的安全高效联邦学习 [J ] . 计算机研究与发展 , 2024 , 61 ( 9 ): 2199 - 2212 .

LE J Q , TAN Z Y , ZHANG D , et al . Secure and efficient federated learning for continuous IoV data sharing [J ] . Journal of Computer Research and Development , 2024 , 61 ( 9 ): 2199 - 2212 .

YU C H , CHOU C N , CHANG E . Distributed layer-partitioned training for privacy-preserved deep learning [C ] // Proceedings of the 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR) . Piscataway : IEEE Press , 2019 : 343 - 346 .

VEPAKOMMA P , SINGH A , GUPTA O , et al . NoPeek: information leakage reduction to share activations in distributed deep learning [C ] // Proceedings of the 2020 International Conference on Data Mining Workshops (ICDMW) . Piscataway : IEEE Press , 2020 : 933 - 942 .

YOSHIZAWA R , YAMAMOTO K , OHTSUKI T . Investigation of data leakage in deep-learning-based blood pressure estimation using photoplethysmogram/electrocardiogram [J ] . IEEE Sensors Journal , 2023 ( 12 ): 13311 - 13318 .

GUPTA O , RASKAR R . Distributed learning of deep neural network over multiple agents [J ] . Journal of Network and Computer Applications , 2018 ( 116 ): 1 - 8 .

HE Z C , ZHANG T W , LEE R B . Model inversion attacks against collaborative inference [C ] // Proceedings of the Proceedings of the 35th Annual Computer Security Applications Conference . New York : ACM Press , 2019 .

DENG L . The MNIST database of handwritten digit images for machine learning research[best of the web [J ] . IEEE Signal Processing Magazine , 2012 , 29 ( 6 ): 141 - 142 .

XIAO H , RASUL K , VOLLGRAF R . Fashion-MNIST: A novel image dataset for benchmarking machine learning algorithms [J ] . IEEE Signal Processing Magazine , 2014 , 30 ( 5 ): 45 - 54 .

吴雨林 . 基于半监督和无监督深度学习模型的图像识别与分割 [D ] . 济南 : 山东大学 , 2022 .

WU Y L . Image recognition and segmentation based on semi-supervised and unsupervised deep learning models [D ] . Jinan ： Shandong University , 2022 .

张占军 , 彭艳兵 , 程光 . 基于CIFAR-10的图像分类模型优化 [J ] . 计算机应用与软件 , 2018 , 35 ( 3 ): 177 - 182 .

ZHANG Z J , PENG Y B , CHENG G . The optimization of image categorization model based on CIFAR-10 [J ] . Computer Application and Software , 2018 , 35 ( 3 ): 177 - 182 .

PASQUINI D , ATENIESE G , BERNASCHI M . Unleashing the tiger: inference attacks on split learning [C ] // Proceedings of the Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security . New York : ACM Press , 2021 : 2113 - 2129 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于国密算法的算力网络安全研究

数字孪生辅助的智能楼宇多模态通信资源管理方法

大数据安全特征与运营实践

面向机器学习的隐私保护关键技术研究综述

面向智慧医疗的可信边缘计算