School of Automation, Hangzhou Dianzi University, Hangzhou 310018, China.
School of Automation, Guangdong University of Petrochemical Technology, Maoming 525000, China.
Sensors (Basel). 2022 Mar 22;22(7):2424. doi: 10.3390/s22072424.
As an emerging artificial intelligence technology, federated learning plays a significant role in privacy preservation in machine learning, although its main objective is to prevent peers from peeping data. However, attackers from the outside can steal metadata in transit and through data reconstruction or other techniques to obtain the original data, which poses a great threat to the security of the federated learning system. In this paper, we propose a differential privacy strategy including encryption and decryption methods based on local features of non-Gaussian noise, which aggregates the noisy metadata through a sequential Kalman filter in federated learning scenarios to increase the reliability of the federated learning method. We name the local features of non-Gaussian noise as the non-Gaussian noise fragments. Compared with the traditional methods, the proposed method shows stronger security performance for two reasons. Firstly, non-Gaussian noise fragments contain more complex statistics, making them more difficult for attackers to identify. Secondly, in order to obtain accurate statistical features, attackers must aggregate all of the noise fragments, which is very difficult due to the increasing number of clients. We conduct experiments that demonstrate that the proposed method can greatly enhanced the system's security.
作为一种新兴的人工智能技术,联邦学习在机器学习中的隐私保护方面发挥着重要作用,尽管其主要目的是防止同行窥视数据。然而,来自外部的攻击者可以通过传输中的元数据窃取和通过数据重建或其他技术来获取原始数据,这对联邦学习系统的安全性构成了巨大威胁。在本文中,我们提出了一种基于非高斯噪声局部特征的加密和解密方法的差分隐私策略,该策略通过联邦学习场景中的顺序卡尔曼滤波器对带噪元数据进行聚合,从而提高联邦学习方法的可靠性。我们将非高斯噪声的局部特征命名为非高斯噪声片段。与传统方法相比,所提出的方法具有更强的安全性,原因有二。首先,非高斯噪声片段包含更复杂的统计信息,这使得攻击者更难以识别。其次,为了获得准确的统计特征,攻击者必须聚合所有的噪声片段,但由于客户端数量的增加,这非常困难。我们进行的实验表明,所提出的方法可以大大提高系统的安全性。
