基于β-VAE的联邦学习异常更新检测算法  被引量：2

作　　者：张仁斌[1,2] 崔宇航 张子石 Zhang Renbin;Cui Yuhang;Zhang Zishi(School of Computer Science&Information Engineering,Hefei University of Technology,Hefei 230601,China;Anhui Province Key Laboratory of Industry Safety&Emergency Technology,Hefei University of Technology,Hefei 230601,China)

机构地区：[1]合肥工业大学计算机与信息学院,合肥230601 [2]合肥工业大学工业安全与应急技术安徽省重点实验室,合肥230601

出　　处：《计算机应用研究》2024年第8期2496-2501,共6页Application Research of Computers

基　　金：国家重点研发计划专项资助项目(2016YFC0801804,2016YFC0801405);中央高校基本科研业务费专项资金资助项目(PA2019GDPK0074)。

摘　　要：利用自编码器模型检测恶意模型更新的联邦学习框架是一种优秀的投毒攻击防御框架,但现有的基于自编码器的模型存在训练困难、异常检测能力不足等问题。针对以上问题,提出了一种基于β-VAE的联邦学习异常更新检测算法:服务器端通过抑制训练样本的随机属性,生成更稳定的训练数据集,并使用该数据集对β-VAE异常检测模型进行即时训练。利用该模型计算客户端上传的任务模型更新的异常分数,然后根据动态阈值来检测并移除异常更新。通过三个联邦学习任务对算法进行了验证,即在MNIST数据集上使用逻辑回归(logistic regression,LR)模型进行分类、在FEMNIST数据集上使用卷积神经网络(convolutional neural network,CNN)进行分类以及在Shakespeare数据集上使用循环神经网络(recurrent neural network,RNN)进行字符预测。实验结果表明,在多种攻击场景下,该算法下的任务模型相较于其他防御算法都取得了更高的准确率。这表明在非独立同分布场景下,该算法对联邦学习投毒攻击具有良好的鲁棒性。The federated learning framework that uses autoencoder model to detect malicious model updates is an excellent defense framework for poisoning attacks.However,the existing autoencoder-based models face several challenges such as training difficulties and limited anomaly detection capability.In view of the above problems,this paper proposed an algorithm for detecting malicious model updates of federated learning based onβ-VAE:the central server stabilized the training dataset by suppressing random attributes of the training samples,and used the dataset to trainβ-VAE anomaly detection model in real time.The model computed the anomaly score of task model updates uploaded by the clients,and then to detect and exclude malicious model updates based on the dynamic threshold of anomaly score.This paper evaluated the performance of the proposed algorithm on three federated learning tasks.Specifically,these tasks include classification on the MNIST dataset using the logistic regression(LR)model,classification on the FEMNIST dataset using the convolutional neural network(CNN)model,and character prediction on the Shakespeare dataset using the recurrent neural network(RNN)model.The experimental results show that,the task model under this algorithm achieves higher accuracy compared to other defense algorithms.This indicates that in Non-IID scenarios,the algorithm exhibits strong robustness against poisoning attacks in federated learning.

关 键 词：联邦学习 异常检测 投毒攻击 防御机制 深度学习 

分 类 号：TP18[自动化与计算机技术—控制理论与控制工程] TP309[自动化与计算机技术—控制科学与工程]