基于矩阵映射的拜占庭鲁棒联邦学习算法

刘飚; 张方佼; 王文鑫; 谢康; 张健毅

doi:10.7544/issn1000-1239.2021.20210633

基于矩阵映射的拜占庭鲁棒联邦学习算法

¹(北京电子科技学院北京 100070)
²(信息网络安全公安部重点实验室(公安部第三研究所) 上海 200031)
³(中国科学院网络测评技术重点实验室(中国科学院信息工程研究所) 北京 100093) (liubiao@besti.edu.cn)

基金项目: 国家重点研发计划项目(2018YFB1004100)；信息网络安全公安部重点实验室(公安部第三研究所)开放基金资助课题(C18612)；中国科学院网络测评技术重点实验室(中国科学院信息工程研究所)项目(KFKT2019-004)

详细信息

中图分类号: TP391; TP309.2
计量
- 文章访问数: 617
- HTML全文浏览量: 3
- PDF下载量: 543
出版历程
- 发布日期: 2021-10-31

A Byzantine-Robust Federated Learning Algorithm Based on Matrix Mapping

¹(Beijing Electronic Science and Technology Institute, Beijing 100070)
²(Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security), Shanghai 200031)
³(CAS Key Laboratory of Network Assessment Technology (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100093)

Funds: This work was supported by the National Key Research and Development Program of China (2018YFB1004100), the Opening Project of Key Lab of Information Network Security of Ministry of Public Security (The Third Research Institute of Ministry of Public Security) (C18612), and the Project of CAS Key Laboratory of Network Assessment Technology (Institute of Information Engineering, Chinese Academy of Sciences) (KFKT2019-004).

摘要

摘要: 联邦学习(federated learning)由于参数服务器端只收集客户端模型而不接触客户端本地数据，从而更好地保护数据隐私.然而其基础聚合算法FedAvg容易受到拜占庭客户端攻击.针对此问题，很多研究提出了不同聚合算法，但这些聚合算法存在防守能力不足、模型假设不贴合实际等问题.因此，提出一种新型的拜占庭鲁棒聚合算法.与现有聚合算法不同，该算法侧重于检测Softmax层的概率分布.具体地，参数服务器在收集客户端模型之后，通过构造的矩阵去映射模型的更新部分来获取此模型的Softmax层概率分布，排除分布异常的客户端模型.实验结果表明：在不降低FedAvg精度的前提下，在阻碍收敛攻击中，将拜占庭容忍率从40%提高到45%，在后门攻击中实现对边缘后门攻击的防守.此外，根据目前最先进的自适应攻击框架，设计出专门针对该聚合算法的自适应攻击，并进行了实验评估，实验结果显示，该聚合算法可以防御至少30%的拜占庭客户端.
- 联邦学习 /
- 矩阵映射 /
- 阻碍收敛攻击 /
- 后门攻击 /
- 鲁棒聚合算法
Abstract: Federated learning can better protect data privacy because the parameter server only collects the client model and does not touch the local data of the client. However, its basic aggregation algorithm FedAvg is vulnerable to Byzantine client attacks. In response to this problem, many studies have proposed different aggregation algorithms, but these aggregation algorithms have insufficient defensive capabilities, and the model assumptions do not fit the reality. Therefore, we propose a new type of Byzantine robust aggregation algorithm. Different from the existing aggregation algorithms, our algorithm focuses on detecting the probability distribution of the Softmax layer. Specifically, after collecting the client model, the parameter server obtains the Softmax layer probability distribution of the model through the generated matrix to map the updated part of the model, and eliminates the client model with abnormal distribution. The experimental results show that without reducing the accuracy of FedAvg, the Byzantine tolerance rate is increased from 40% to 45% in convergence prevention attacks, and the defense against edge-case backdoor attacks is realized in backdoor attacks. In addition, according to the current state-of-the-art adaptive attack framework, an adaptive attack is designed specifically for our algorithm, and experimental evaluations have been carried out. The experimental results show that our aggregation algorithm can defend at least 30% of Byzantine clients.
- federated learning /
- matrix mapping /
- convergence prevention attack /
- backdoor attack /
- robust aggregation algorithm

HTML全文

参考文献(0)

施引文献(14)

期刊类型引用(8)

1.	刘金全，张铮，陈自东，曹晟. 一种基于联邦学习参与方的投毒攻击防御方法. 计算机应用研究. 2024(04): 1171-1176 . 百度学术
2.	杨文彬. 基于联邦学习的移动边缘节点计算的数据智能分类问题研究. 自动化与仪器仪表. 2024(06): 19-23 . 百度学术
3.	符太东，李育强. 基于联邦学习算法的复杂网络大数据隐私保护. 计算机仿真. 2024(06): 498-502 . 百度学术
4.	孙静，彭勇刚，倪旖旎，韦巍，蔡田田，习伟. 基于改进联邦学习算法的电力负荷预测方法. 高电压技术. 2024(07): 3039-3049 . 百度学术
5.	乐俊青，谭州勇，张迪，刘高，向涛，廖晓峰 . 面向车联网数据持续共享的安全高效联邦学习. 计算机研究与发展. 2024(09): 2199-2212 . 本站查看
6.	孙钰，刘霏霏，李大伟，刘建伟. 联邦学习拜占庭攻击与防御研究综述. 网络空间安全科学学报. 2023(01): 17-37 . 百度学术
7.	康孟珍，王秀娟，李冬，王旭伟，王浩宇，樊梦涵，许钰林，王飞跃. 基于联邦学习的分布式农业组织. 智能科学与技术学报. 2022(02): 288-297 . 百度学术
8.	王文鑫，柳彩云，岳梓岩. 基于联邦学习的工业互联网结构优化. 工业信息安全. 2022(01): 103-107 . 百度学术