Texto completo
|
PDF (Portable Document Format)
- Acceso permitido solamente al administrador del Archivo Digital UPM
- Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (1MB) |
ORCID: https://orcid.org/0000-0002-7635-4564, López Santidrián, M. Lourdes
ORCID: https://orcid.org/0000-0002-6049-1257 and Chen, Yuwen
ORCID: https://orcid.org/0000-0001-6414-9697
(2023).
AAIA: an efficient aggregation scheme against inverting attack for federated learning.
"International Journal of Information Security", v. 22
;
pp. 919-930.
ISSN 1615-5262.
https://doi.org/10.1007/s10207-023-00670-6.
| Título: | AAIA: an efficient aggregation scheme against inverting attack for federated learning |
|---|---|
| Autor/es: |
|
| Tipo de Documento: | Artículo |
| Título de Revista/Publicación: | International Journal of Information Security |
| Fecha: | Agosto 2023 |
| ISSN: | 1615-5262 |
| Volumen: | 22 |
| Materias: | |
| Palabras Clave Informales: | Federated learning, deep learning, data privacy, data security |
| Escuela: | E.T.S.I. y Sistemas de Telecomunicación (UPM) |
| Departamento: | Ingeniería Telemática y Electrónica |
| Licencias Creative Commons: | Ninguna |
|
PDF (Portable Document Format)
- Acceso permitido solamente al administrador del Archivo Digital UPM
- Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (1MB) |
Federated learning is emerged as an attractive paradigm regarding the data privacy problem, clients train the deep neural network on their local datasets, there is no need to upload their local data to a center server, and gradients are shared instead. However, recent studies show that adversaries can reconstruct the training images at high resolution from the gradients, such a break of data privacy is possible even in trained deep networks. To protect data privacy, a secure aggregation scheme against inverting attack is proposed for federated learning. The gradients are encrypted before sharing, and an adversary is unable to launch various attacks based on gradients. To improve the efficiency of data aggregation schemes, a new way of building shared keys is proposed, and a client build shared keys with 2a other clients, but not all the clients in the system. Besides, the gradient inversion attacks are also tested, and a gradient inversion attack is proposed, which enable the adversary to reconstruct the training data based on gradient. The simulation results show the proposed scheme can protect an honest but curious parameter server from reconstructing the training data.
| ID de Registro: | 86094 |
|---|---|
| Identificador DC: | https://oa.upm.es/86094/ |
| Identificador OAI: | oai:oa.upm.es:86094 |
| URL Portal Científico: | https://portalcientifico.upm.es/es/ipublic/item/10023071 |
| Identificador DOI: | 10.1007/s10207-023-00670-6 |
| URL Oficial: | https://link.springer.com/article/10.1007/s10207-0... |
| Depositado por: | Portal Científico UPM |
| Depositado el: | 15 Ene 2025 17:50 |
| Ultima Modificación: | 15 Ene 2025 18:17 |
Publicar en el Archivo Digital desde el Portal Científico