基于差分隐私的自适应联邦学习隐私保护方案  

作　　者：赵婵婵[1] 马坤明 石宝 杨星辰 李燕 ZHAO Chan-chan;MA Kun-ming;SHI Bao;YANG Xing-chen;LI Yan(College of Information Science and Engineering,Inner Mongolia University of Technology,Hohhot 010080,China)

机构地区：[1]内蒙古工业大学信息工程学院,呼和浩特010080

出　　处：《科学技术与工程》2025年第7期2849-2855,共7页Science Technology and Engineering

基　　金：内蒙古自治区高等学校科学研究项目(NJZY22382);内蒙古自治区直属高校基本科研业务费项目(JY20240010,JY20230082);内蒙古自治区自然科学基金(2023LHMS06016);内蒙古工业大学学科学研究项目(BS201936)。

摘　　要：随着对联邦学习的深入研究,发现联邦学习中的隐私保护策略并不能完全保护用户的隐私安全,并且在联邦学习训练过程中存在模型收敛困难的问题。针对以上问题,提出了一种自适应差分隐私机制(adaptive differential privacy, DP-AdaMod)。首先,利用自适应学习率算法调整模型训练过程,避免模型出现波动和过拟合现象,从而提高模型训练的效率和性能。其次,引入差分隐私技术,通过对模型梯度添加噪声来确保联邦学习的隐私安全。同时,使用Moment Accountant机制进行隐私损失的精确计算,有助于平衡隐私保护性能和精度,从而进一步增强了系统的安全性。最后,通过仿真实验验证所提方案的有效性。结果表明该方案在准确率、隐私预算消耗等方面展现出较优性能。With the deepening research on federated learning,it has been observed that the privacy protection strategies employed within federated learning fall short of fully guaranteeing the security and confidentiality of user data.Moreover,the training process in federated learning encounters challenges regarding model convergence.In response to these aforementioned issues,an innovative solution termed adaptive differential privacy(DP-AdaMod)was proposed.Primarily,the model training process was fine-tuned by incorporating an adaptive learning rate algorithm to mitigate model fluctuations and the adverse effects of overfitting.Consequently,this enhancement led to improved training efficiency and optimal performance.Secondly,the application of differential privacy techniques ensured the privacy security in federated learning through the deliberate introduction of noise into the model gradients.Additionally,accurate quantification of privacy loss was achieved by implementing the moment accountant mechanism,facilitating a balanced trade-off between privacy preservation and analytical accuracy.This meticulous approach served to fortify system security.Lastly,the efficacy of the proposed solution was ascertained through comprehensive simulation experiments.The results substantiate the superior performance of the proposed method,evident by its exceptional accuracy,efficient utilization of privacy budget,and other notable facets.

关 键 词：联邦学习 差分隐私 隐私保护 自适应 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]