联邦学习隐私保护研究进展

王健宗; 孔令炜; 黄章成; 陈霖捷; 刘懿; 卢春曦; 肖京

doi:10.11959/j.issn.2096-0271.2021030

您当前的位置：

首页 >

文章列表页 >

联邦学习隐私保护研究进展

研究 | 更新时间：2024-06-03

- 联邦学习隐私保护研究进展
- Research advances on privacy protection of federated learning
- 大数据 2021年7卷第3期页码：2021030
- 作者机构：
- 作者简介：
  
  [ "王健宗（1983- ），男，博士，平安科技（深圳）有限公司副总工程师，资深人工智能总监，联邦学习技术部总经理。美国佛罗里达大学人工智能博士后，中国计算机学会高级会员，中国计算机学会大数据专家委员会委员，主要研究方向为联邦学习和人工智能等。" ]
  [ "孔令炜（1995- ），男，平安科技（深圳）有限公司联邦学习团队算法工程师，中国计算机学会会员，主要研究方向为联邦学习系统和安全通信等。" ]
  [ "黄章成（1990- ），男，平安科技（深圳）有限公司联邦学习团队资深算法工程师，人工智能专家，中国计算机学会会员，主要研究方向为联邦学习、分布式计算及系统和加密通信等。" ]
  [ "陈霖捷（1994- ），男，平安科技（深圳）有限公司联邦学习团队算法工程师，主要研究方向为联邦学习与隐私保护、机器翻译等。" ]
  [ "刘懿（1994- ），女，平安科技（深圳）有限公司联邦学习团队算法工程师，主要研究方向为联邦学习系统等。" ]
  [ "卢春曦（1994- ），女，平安科技（深圳）有限公司联邦学习技术团队产品经理，负责联邦学习系统研发与应用落地。" ]
  [ "肖京（1972- ），男，博士，中国平安集团首席科学家，2019年吴文俊人工智能杰出贡献奖获得者，中国计算机学会深圳分部副主席，主要研究方向为计算机图形学、自动驾驶、3D显示、医疗诊断、联邦学习等。" ]
- 基金信息：
  
  国家重点研发计划资助项目;The National Key Research and Development Program of China(2018YFB1003503;2018YFB0204400;2017YFB1401202)
- DOI：10.11959/j.issn.2096-0271.2021030
  中图分类号： TP311
- 网络首发：2021-05，
  
  纸质出版：2021-05-15
- 稿件说明：
移动端阅览
王健宗, 孔令炜, 黄章成, 等. 联邦学习隐私保护研究进展[J]. 大数据, 2021,7(3):2021030.

Jianzong WANG, Lingwei KONG, Zhangcheng HUANG, et al. Research advances on privacy protection of federated learning[J]. Big data research, 2021, 7(3): 2021030.
王健宗, 孔令炜, 黄章成, 等. 联邦学习隐私保护研究进展[J]. 大数据, 2021,7(3):2021030. DOI： 10.11959/j.issn.2096-0271.2021030.

Jianzong WANG, Lingwei KONG, Zhangcheng HUANG, et al. Research advances on privacy protection of federated learning[J]. Big data research, 2021, 7(3): 2021030. DOI： 10.11959/j.issn.2096-0271.2021030.

摘要

针对隐私保护的法律法规相继出台，数据孤岛现象已成为阻碍大数据和人工智能技术发展的主要瓶颈。联邦学习作为隐私计算的重要技术被广泛关注。从联邦学习的历史发展、概念、架构分类角度，阐述了联邦学习的技术优势，同时分析了联邦学习系统的各种攻击方式及其分类，讨论了不同联邦学习加密算法的差异。总结了联邦学习隐私保护和安全机制领域的研究，并提出了挑战和展望。

Abstract

To this end

many laws and regulations on privacy protection have been introduced

and the phenomenon of data-island has become a major bottleneck hindering the development of big data and artificial intelligence technology.Federated learning has received widespread attention to break this phenomenon.Started with the historical development of federated learning

the definition

and architecture and classification of federated learning

the advantages of federated learning in privacy protection domainwere introduced.At the same time

various attack methods and their classification aboutfederated learning were introduced in detail.The classification of various encryption algorithms in federated learning were summarized.In conclusion

the contribution of federated learning in privacy protection and security mechanism were summarized and the new challenges in these domains were proposed.

关键词

Keywords

references

KONEČNÝ J , MCMAHAN H B , RAMAGE D , et al . Federated optimization:distributed machine learning for ondevice intelligence [J ] . arXiv preprint , 2016 ,arXiv:1610.02527.

GOODFELLOW I , YOSHUA B , AARON C . Deep learning [M ] . Massachusetts : MIT Press , 2016 .

王健宗 , 黄章成 , 肖京 . 人工智能赋能金融科技 [J ] . 大数据 , 2018 , 4 ( 3 ): 114 - 119 .

WANG J Z , HUANG Z C , XIAO J . Artificial intelligence energize Fintech [J ] . Big Data Research , 2018 , 4 ( 3 ): 114 - 119 .

KONEN J , MCMAHAN H B , YU F X , et al . Federated learning:strategies for improving communication efficiency [J ] . arXiv preprint , 2016 ,arXiv:1610.05492.

刘雅辉 , 张铁赢 , 靳小龙 , 等 . 大数据时代的个人隐私保护 [J ] . 计算机研究与发展 , 2015 , 52 ( 1 ): 229 - 247 .

LIU Y H , ZHANG T Y , JIN X L , et al . Personal privacy protection in the era of big data [J ] . Journal of Computer Research and Development , 2015 , 52 ( 1 ): 229 - 247 .

孟绪颖 , 张琦佳 , 张瀚文 , 等 . 社交网络链路预测的个性化隐私保护方法 [J ] . 计算机研究与发展 , 2019 , 56 ( 6 ): 1244 - 1251 .

MENG X Y , ZHANG Q J , ZHANG H W , et al . Personalized privacy preserving link prediction in social networks [J ] . Journal of Computer Research and Development , 2019 , 56 ( 6 ): 1244 - 1251 .

韩璇 , 袁勇 , 王飞跃 . 区块链安全问题:研究现状与展望 [J ] . 自动化学报 , 2019 , 45 ( 1 ): 206 - 225 .

HAN X , YUAN Y , WANG F Y . Security problems on blockchain:the state of the art and future trends [J ] . Acta Automatica Sinica , 2019 , 45 ( 1 ): 206 - 225 .

YANG Q , LIU Y , CHEN T J , et al . Federated machine learning:concept and applications [J ] . ACM Transactions on Intelligent Systems and Technology , 2019 , 10 ( 2 ): 1 - 19 .

PHONG L T , AONO Y , HAYASHI T , et al . Privacy-preserving deep learning via additively homomorphic encryption [J ] . IEEE Transactions on Information Forensics and Security , 2018 ( 5 ): 1 .

ZHU L , LIU Z , HAN S . Deep leakage from gradients [C ] // Proceedings of the Advances in Neural Information Processing Systems .[S.l:s.n. ] , 2019 : 14774 - 14784 .

BAGDASARYAN E , VEIT A , HUA Y , et al . How to backdoor federated learning [C ] // Proceedings of the International Conference on Artificial Intelligence and Statistics .[S.l.:s.n. ] , 2020 .

BHAGOJI A N , CHAKRABORTY S , MITTAL P , et al . Analyzing federated learning through an adversarial lens [C ] // Proceedings of the International Conference on Machine Learning .[S.l.:s.n. ] , 2019 .

CHEN L J , WANG H Y , CHARLES Z , et al . DRACO:byzantine-resilient distributed training via redundant gradients [J ] . arXiv preprint , 2018 ,arXiv:1803.09877.

FUNG C , YOON C J M , BESCHASTNIKH I . Mitigating sybils in federated learning poisoning [J ] . arXiv preprint , 2018 ,arXiv:1808.04866.

ABHISHEK B , JOHN D , JULIEN F , et al . Protection against reconstruction and its applications in private federated learning [J ] . arXiv preprint , 2018 ,arXiv:1812.00984.

CARLINI N , LIU C , KOS J , et al . The secret sharer:measuring unintended neural network memorization ＆ extracting secrets [J ] . arXiv preprint , 2018 ,arXiv:1802.08232.

FREDRIKSON M , JHA S , RISTENPART T . Model inversion attacks that exploit confidence information and basic countermeasures [C ] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2015 : 1322 - 1333 .

BARRENO M , NELSON B , SEARS R , et al . Can machine learning be secure [C ] // Proceedings of the 2006 ACM Symposium on Information,Computer and Communications Security . New York:ACM Press , 2006 .

孙慧中 , 杨健宇 , 程祥 , 等 . 一种基于随机投影的本地差分隐私高维数值型数据收集算法 [J ] . 大数据 , 2020 , 6 ( 1 ): 1 - 11 .

SUN H Z , YANG J Y , CHENG X , et al . A high-dimensional numeric data collection algorithm for local difference privacy based on random projection [J ] . Big Data Research , 2020 , 6 ( 1 ): 1 - 11 .

王平 , 张玉书 , 何兴 , 等 . 基于安全压缩感知的大数据隐私保护 [J ] . 大数据 , 2020 , 6 ( 1 ): 12 - 22 .

WANG P , ZHANG Y S , HE X , et al . Big data privacy protection based on secure compressive sensing [J ] . Big Data Research , 2020 , 6 ( 1 ): 12 - 22 .

卢文雄 , 王浩宇 . 基于同源策略的移动应用细粒度隐私保护技术 [J ] . 大数据 , 2020 , 6 ( 1 ): 23 - 34 .

LU W X , WANG H Y . Same origin based fine-grained privacy protection for mobile applications [J ] . Big Data Research , 2020 , 6 ( 1 ): 23 - 34 .

孟小峰 , 王雷霞 . 人工智能时代的数据隐私、垄断与公平 [J ] . 大数据 , 2020 , 6 ( 1 ): 35 - 46 .

MENG X F , WANG L X . Data privacy,monopoly and fairness for AI [J ] . Big Data Research , 2020 , 6 ( 1 ): 35 - 46 .

李政 , 洪莹 . 基于隐私保护的政府大数据治理研究 [J ] . 大数据 , 2020 , 6 ( 2 ): 69 - 82 .

LI Z , HONG Y . Study on big data management for government based on privacy protection [J ] . Big Data Research , 2020 , 6 ( 2 ): 69 - 82 .

YAO C C , . How to generate and exchange secrets [C ] // Proceedings of the Symposium on Foundations of Computer Science . Piscataway:IEEE Press , 2008 .

NAOR M , PINKAS B . Efficient oblivious transfer protocols [C ] // Proceedings of the 20th Annual Symposium on Discrete Algorithms .[S.l.:s.n. ] , 2001 .

RABIN M O . How to exchange secrets with oblivious transfer [J ] . IACR Cryptol.ePrint Arch. , 2005 ( 187 ).

HALEVI S , SHOUP V . Design and implementation of a homomorphicencryption library [J ] . IBM Research (Manuscript) , 2013 , 6 : 12 - 15 .

DAI W , SUNAR B . A homomorphic encryption accelerator library [C ] // Proceedings of the Springer International Publishing .[S.l.:s.n. ] , 2015 .

YUAN J W , YU S C . Privacy preserving back-propagation neural net-work learning made practical with cloud computing [J ] . IEEE Transactions on Parallel and Distributed Systems , 2013 , 5 ( 1 ): 212 - 221 .

HO Q R,CIPARJ , CUI H G , et al . More effective distributed ml via a stale synchronous parallel parameter server [J ] . Advances in Neural Information Processing Systems , 2013 : 1223 - 1231 .

HARDY S , HENECKA W,IVEY-LAW H , et al . Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption [J ] . arXiv preprint , 2017 ,arXiv:1711.10677.

DWORK C . A firm foundation for private data analysis [J ] . Communications of the ACM , 2011 , 54 ( 1 ): 86 - 95 .

ABADIM , CHUA , GOODFELLOW I , et al . Deep learning with differential privacy [C ] // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2016 : 308 - 318 .

DWORK C , MCSHERRY F , NISSIM K , et al . Calibrating noise to sensitivity in private data analysis [C ] // Proceedings of the Theory of Cryptography Conference .[S.l.:s.n. ] , 2006 : 265 - 284 .

DWORK C , ROTH A . The algorithmic foundations of differential privacy [J ] . Foundations and Trends® in Databases , 2014 , 9 ( 3-4 ): 211 - 407 .

BASSILY R , SMITH A , THAKURTA A . Private empirical risk minimization:efficient algorithms and tight error bounds [C ] // Proceedings of the 2014 IEEE 55th Annual Symposium on Foundations of Computer Science . Piscataway:IEEE Press , 2014 : 464 - 473 .

PAPERNOT N , SONG S , MIRONOV I , et al . Scalable private learning with pate [J ] . arXiv preprint , 2018 ,arXiv:1802.08908.

WU X , LI F G , KUMAR A , et al . Bolt-on differential privacy for scalable stochastic gradient descent-based analytics [C ] // Proceedings of the 2017 ACM International Conference on Management of Data . New York:ACM Press , 2017 : 1307 - 1322 .

LUCA M , GEORGE D , EMILIANO DE C . Efficient private statistics with succinct sketches [J ] . arXiv preprint , 2015 ,arXiv:1508.06110.

BUN M , STEINKE T . Concentrated differential privacy:simplifications,extensions,and lower bounds [C ] // Proceedings of the Theory of Cryptography Conference . Berlin:Springer , 2016 : 635 - 658 .

CHOUDHURY O , GKOULALAS-DIVANIS A , SALONIDIS T , et al . Differential privacy-enabled federated learning for sensitive health data [J ] . arXiv preprint , 2019 ,arXiv:1910.02578.

GEYER R C , KLEIN T , NABI M . Differentially private federated learning:a client level perspective [J ] . arXiv preprint , 2017 ,arXiv:1712.07557.

TIAN X X , SHA C F , WANG X L , et al . Privacy preserving query processing on secret share based data storage [C ] // Proceedings of the International Conference on Database Systems for Advanced Applications . Berlin:Springer , 2011 : 108 - 122 .

BONAWITZ K , IVANOV V , KREUTER B , et al . Practical secure aggregation for federated learning on user-held data [J ] . arXiv preprint , 2016 ,arXiv:1611.04482.

TASSA T . Hierarchical threshold secret sharing [J ] . Journal of Cryptology , 2007 , 20 ( 2 ): 237 - 264 .

PETTAI M , PEETER L . Combining differential privacy and secure multiparty computation [C ] // Proceedings of the 31st Annual Computer Security Applications Conference . New York:ACM Press , 2015 .

JEONG E , OH S , KIM H , et al . Communication-efficient on-device machine learning:federated distillation and augmentation under non-iid private data [J ] . arXiv preprint , 2018 ,arXiv:1811.11479.

BONAWITZ K , IVANOV V , KREUTER B , et al . Practical secure aggregation for privacy-preserving machine learning [C ] // Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . New York:ACM Press , 2017 : 1175 - 1191 .

XU R H , BARACALDO N , ZHOU Y , et al . HybridAlpha:an efficient approach for privacy-preserving federated learning [C ] // Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security . New York:ACM Press , 2019 .

CHAUM D . The dining cryptographers problem:unconditional sender and recipient untraceability [J ] . Journal of Cryptology , 1988 , 1 ( 1 ): 65 - 75 .

SLAWOMIR G , LI X . A comprehensive comparison of multiparty secure additions with differential privacy [J ] . IEEE Transactions on Dependable and Secure Computing , 2015 , 14 ( 5 ): 463 - 477 .

SADEGH RM , CHRISTIAN W , OLEKSANDR T , et al . Chameleon:a hybrid secure computation framework for machine learning applications [C ] // Proceedings of the 2018 on Asia Conference on Computer and Communications Security . New York:ACM Press , 2018 : 707 - 721 .

FENG D G , QIN Y , FENG W , et al . The theory and practice in the evolution of trusted computing [J ] . Chinese Science Bulletin , 2014 , 59 ( 32 ): 4173 - 4189 .

浏览量

3032

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

联邦元学习综述

联邦学习攻击与防御综述

融合区块链和联邦学习技术的数据资产流通交易方案研究

基于联邦学习的政务大数据平台应用研究

联邦学习的公平性研究综述