摘要
联邦学习是一种多方协作机器学习的模式,可以让参与者在本地训练模型中上传参数更新来组建联合模型,过程中并不需要参与者直接共享数据,从而很大程度上规避了隐私问题。但是,模型更新仍然会泄露参与者训练数据的相关信息,攻击者可以采用推理攻击判断具体的数据点或数据属性是否被用于训练,或采用逆向学习的方法还原原始数据。文中介绍了联邦学习及其存在的隐私问题,详细讨论了现有的隐私保护方法在联邦学习中的应用,主要包括加密方法与差分隐私方法,并对未来工作进行了展望。
Federated learning is a mode of multi-party collaborative machine learning.It allows participants to train models locally and upload parameter updates to build a joint model.In the process,participants do not need to share their own data directly,avoiding privacy issues.However,the model updates will still reveal information of the participants training data.Attackers can use inference attacks to determine whether specific data points or data attributes are used for training,or use reverse learning to restore the original data.The federated learning and its privacy issues are introduced,the applications of existing privacy preservation methods in federated learning are discussed,including encryption and differential privacy methods.The future work is prospected.
作者
杨庚
王周生
YANG Geng;WANG Zhousheng(School of Computer Science,School of Cyberspace Security,Nanjing University of Posts of Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory of Big Data Security&Intelligent Processing,Nanjing 210023,China)
出处
《南京邮电大学学报(自然科学版)》
北大核心
2020年第5期204-214,共11页
Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金
国家自然科学基金(61972209)资助项目。
关键词
联邦学习
安全多方计算
同态加密
差分隐私
federal learning
secure multi-party computation
homomorphic encryption
differential privacy
作者简介
杨庚,男,博士,教授,博士生导师,主要研究方向为云计算与安全、数据隐私保护与安全,Email:yangg@njupt.edu.cn。
