一种基于自适应加权的鲁棒联邦学习算法  被引量：2

作　　者：张连福 谭作文[1] ZHANG Lianfu;TAN Zuowen(Department of Computer Science and Technology,School of Information Management,Jiangxi University of Finance andEconomics,Nanchang 330013,China;College of Mathematics and Computer Science,Yichun University,Yichun,Jiangxi 336000,China)

机构地区：[1]江西财经大学信息管理学院计算机科学与技术系,南昌330013 [2]宜春学院数学与计算机科学学院,江西宜春336000

出　　处：《计算机科学》2023年第S01期799-807,共9页Computer Science

基　　金：国家自然科学基金(61862028);江西省教育厅青年科技项目(GJJ210529)。

摘　　要：联邦学习(Federated Learning,FL)允许多个数据所有者联合训练机器学习模型,而无需他们共享私有训练数据。然而,研究表明,FL容易同时遭受拜占庭攻击和隐私泄露威胁,现有的研究都没有很好地解决这一问题。在联邦学习场景中,保护FL免受拜占庭攻击,同时考虑性能、效率、隐私、攻击者数量、简单可行等问题,是一个极具挑战性的问题。为解决这一问题,基于l 2范数和两次归一化方法提出了一种隐私保护鲁棒联邦学习算法DP-FedAWA。提出的算法不需要训练过程之外的任何假设,并且可以自适应地处理少量和大量的攻击者。无防御设置下选用DP-FedAvg作为比较基线,防御设置下选用Krum和Median作为比较基线。MedMNIST2D数据集上的广泛实验证实了,DP-FedAWA算法是安全的,对恶意客户端具有很好的鲁棒性,在Accuracy,Precision,Recall和F1-Score等性能指标上全面优于现有的Krum和Median算法。Federated learning allows multiple data owners to jointly train machine learning models without sharing private training data.However,studies have shown that FL is vulnerable to Byzantine attacks and privacy breaches,this problem has not been well addressed by existing studies.In the federated learning scenario,protecting FL from Byzantine attacks while considering performance,efficiency,privacy,number of attackers,simplicity and feasibility is a challenging problem.To solve this problem,a privacy preserving robust federal learning algorithm DP-FedAWA is proposed based on l 2-norm distance and quadratic normalization.The proposed algorithm does not require any assumptions outside the training process and can deal with a few or a lot of attackers adaptively.In no defense setting,DP-FedAvg is used as the comparison baseline,while Krum and Median are used as the comparison baseline in the defense setting.Extensive experiments on MedMNIST2D data set confirm that the proposed DP-FedAWA algorithm is safe and robust to malicious clients,and comprehensively outperforms the existing Krum and Median in Accuracy,Precision,Recall and F1-Score.

关 键 词：自适应加权 l 2范数距离 两次归一化 拜占庭攻击 鲁棒联邦学习 差分隐私 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]