基于更新质量检测和恶意客户端识别的联邦学习模型  

作　　者：雷诚 张琳[1,2] LEI Cheng;ZHANG Lin(College of Computer,Nanjing University of Posts and Telecommunications,Nanjing 210003,China;Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing 210003,China)

机构地区：[1]南京邮电大学计算机学院,南京210003 [2]江苏省无线传感网高技术研究重点实验室,南京210003

出　　处：《计算机科学》2024年第11期368-378,共11页Computer Science

基　　金：国家自然科学基金(61872196,61872194);江苏省科技支撑计划(BE2017166);南京邮电大学自然科学基金(NY222142)。

摘　　要：作为分布式机器学习,联邦学习缓解了数据孤岛问题,其在不共享本地数据的情况下,仅在服务器和客户端之间传输模型参数,提高了训练数据的隐私性,但也因此使得联邦学习容易遭受恶意客户端的攻击。现有工作主要集中在拦截恶意客户端上传的更新。对此,研究了一种基于更新质量检测和恶意客户端识别的联邦学习模型umFL,以提升全局模型的训练表现和联邦学习的鲁棒性。具体而言,通过获取每一轮客户端训练的损失值来计算客户端更新质量,进行更新质量检测,选择每一轮参与训练的客户端子集,计算更新的本地模型与上一轮全局模型的相似度,从而判定客户端是否做出积极更新,并过滤掉负面更新。同时,引入beta分布函数更新客户端信誉值,将信誉值过低的客户端标记为恶意客户端,拒绝其参与随后的训练。利用卷积神经网络,分别测试了所提算法在MNIST和CIFAR10数据集上的有效性。实验结果表明,在20%~40%恶意客户端的攻击下,所提模型依旧是安全的,尤其是在40%恶意客户端环境下,其相比传统联邦学习在MNIST和CIFAR10上分别提升了40%和20%的模型测试精度,同时分别提升了25.6%和22.8%的模型收敛速度。As a distributed machine learning,federated learning alleviates the problem of data islands,which only transmits model parameters between the server and the client without sharing local data and improves the privacy of training data,at the same time it also makes federated learning vulnerable to malicious client attacks.The existing research mainly focuses on intercepting updates uploaded by malicious clients.A federated learning model based on update quality detection and malicious client identification method,named umFL,is studied to improve the training performance of global models and the robustness of federated learning.Specifically,the client importance is calculated by obtaining the loss value of each round of client training.The subset of clients participating in each round of training is selected by update quality detection.The similarity between the updated local model and the previous round of global model is calculated to determine whether the client makes positive updates and the negative updates are filtered.Meanwhile,the beta distribution function is introduced to update the client reputation value.The clients with low reputation value are marked as malicious clients and excluded from participating in subsequent training.The effectiveness of the proposed algorithm on MNIST and CIFAR10 datasets is tested by using convolutional neural networks respectively.Experimental results show that under the attack of 20%~40%of malicious clients,the proposed model is still safe.Especially under the 40%malicious clients,the umFL model improves the model testing accuracy by 40%and 20%on MNIST and CIFAR10 respectively compared with traditional federated learning,and the model convergence speed is also improved by 25.6%and 22.8%respectively.

关 键 词：联邦学习 客户端更新质量 客户端信誉值 恶意客户端识别 客户端选择 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]