摘要
联邦学习已成为数据孤岛背景下知识共享的成功方案。随着梯度逆向推理等新式攻击手段的问世,联邦学习的安全性再度面临新挑战。针对联邦学习可能存在参与者恶意窃取其它客户端梯度信息的风险,提出一种异步联邦学习框架下的隔代模型泄露攻击方式:利用中心服务器“接收则聚合”的特点,多名恶意客户端可按照特定更新顺序,通过隔代版本的全局模型差异逆向计算其他客户端的模型更新数据,从而窃取对方的模型。针对此问题,提出基于α-滑动平均的随机聚合算法。首先,中心服务器每次收到客户端的模型更新后,将其与从最近α次聚合中随机选出的全局模型进行聚合,打乱客户端的更新顺序;其次,随着全局迭代次数增加,中心服务器对最近α次聚合的全局模型进行滑动平均,计算出最终全局模型。实验结果表明,与异步联邦学习方法相比,FedAlpha方法有效降低隔代模型泄露攻击的可能性。
Federated learning is a successful solution for shared knowledge in the context of data islands. However, with the advent of new attacks such as gradient reverse reasoning, the security of federated learning is faced with a new challenges again. In the federated learning, an inter-generational model leakage problem under the asynchronous federated learning framework is proposed aimed at the problem that participants maliciously steal gradient information from other clients by any possibility. By utilizing the characteristics of central server receiving then aggregating, multiple malicious clients can reversely compute other clients’ model update data through inter-generational versions of the global model in a specific update order. In view of this problem, a random aggregation algorithm based on α moving average is proposed. Firstly, the model update being received each time, the central server is to aggregate it with the global model randomly selected from the latest α aggregations, and shuffle the clients’ update order through the randomness of the aggregation. Secondly, as the number of global iterations increases, the central server performs a moving average on the global model of the latest aggregation to calculate the final global model. The experiment simulations show that the FedAlpha method can effectively reduce the possibility of inter-generational model leakage in comparison with the asynchronous federated learning method.
作者
胡智尧
于淼
田开元
HU Zhiyao;YU Miao;TIAN Kaiyuan(Institute of War Studies,Academy of Military Sciences,Beijing 100091,China)
出处
《空军工程大学学报》
CSCD
北大核心
2024年第5期121-127,共7页
Journal of Air Force Engineering University
基金
国家自然科学基金(62202491,62402519)。
关键词
异步联邦学习安全
逆向推理攻击
随机聚合
滑动平均
隔代模型泄露攻击
asynchronous federated learning security
reverse reasoning attack
random aggregation
moving average
intergenerational gradient leakage
作者简介
胡智尧(1992-),男,贵州贵阳人,助理研究员,博士,研究方向为数据安全、科技安全战略。E-mail:huzhiyao92@yeah.net。
