基于异构数据的联邦学习自适应差分隐私方法研究  

作　　者：徐茹枝[1] 仝雨蒙 戴理朋 XU Ruzhi;TONG Yumeng;DAI Lipeng(School of Control and Computer Engineering,North China Electric Power University,Beijing 102206,China)

机构地区：[1]华北电力大学控制与计算机工程学院,北京102206

出　　处：《信息网络安全》2025年第1期63-77,共15页Netinfo Security

基　　金：国家重点研发计划[62372173]。

摘　　要：在联邦学习中,由于需要大量的参数交换,可能会引发来自不可信参与设备的安全威胁。为了保护训练数据和模型参数,必须采用有效的隐私保护措施。鉴于异构数据的不均衡特性,文章提出一种自适应性差分隐私方法来保护基于异构数据的联邦学习的安全性。首先为不同的客户端设置不同的初始隐私预算,对局部模型的梯度参数添加高斯噪声;其次在训练过程中根据每一轮迭代的损失函数值,动态调整各个客户端的隐私预算,加快收敛速度;接着设定一个可信的中央节点,对不同客户端的局部模型的每一层参数进行随机交换,然后将混淆过后的局部模型参数上传到中央服务器进行聚合;最后中央服务器聚合可信中央节点上传的混淆参数,根据预先设定的全局隐私预算阈值,对全局模型添加合适的噪声,进行隐私修正,实现服务器层面的隐私保护。实验结果表明,在相同的异构数据条件下,相对于普通的差分隐私方法,该方法具有更快的收敛速度以及更好的模型性能。In federated learning,the need for a large amount of parameter exchange may lead to security threats from untrusted participating devices.In order to protect training data and model parameters,effective privacy protection measures must be taken.Given the imbalanced nature of heterogeneous data,this paper proposed an adaptive differential privacy method to protect the security of federated learning based on heterogeneous data.Firstly,different initial privacy budgets were set for different clients,and Gaussian noise was added to the gradient parameters of the local model;Secondly,during the training process,the privacy budget of each client was dynamically adjusted based on the loss function value of each iteration to accelerate convergence speed;Then,set a trusted central node to randomly exchange the parameters of each layer of local models from different clients,and then uploaded the confused local model parameters to the central server for aggregation;Finally,the central server aggregated the obfuscation parameters uploaded by trusted central nodes,added appropriate noise to the global model based on a pre-set global privacy budget threshold,and performed privacy correction to achieve server level privacy protection.The experimental results show that under the same heterogeneous data conditions,compared to ordinary differential privacy methods,the adaptive differential privacy method proposed in this paper has faster convergence speed and better model performance.

关 键 词：联邦学习 异构数据 差分隐私 高斯噪声 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]