AAIA: an efficient aggregation scheme against inverting attack for federated learning

Yang, Zhen, Yang, Shisong, Huang, Yunbo, Martínez Ortega, José Fernán ORCID: https://orcid.org/0000-0002-7635-4564, López Santidrián, M. Lourdes ORCID: https://orcid.org/0000-0002-6049-1257 and Chen, Yuwen ORCID: https://orcid.org/0000-0001-6414-9697 (2023). AAIA: an efficient aggregation scheme against inverting attack for federated learning. "International Journal of Information Security", v. 22 ; pp. 919-930. ISSN 1615-5262. https://doi.org/10.1007/s10207-023-00670-6.

Descripción

Título: AAIA: an efficient aggregation scheme against inverting attack for federated learning
Autor/es:
Tipo de Documento: Artículo
Título de Revista/Publicación: International Journal of Information Security
Fecha: Agosto 2023
ISSN: 1615-5262
Volumen: 22
Materias:
Palabras Clave Informales: Federated learning, deep learning, data privacy, data security
Escuela: E.T.S.I. y Sistemas de Telecomunicación (UPM)
Departamento: Ingeniería Telemática y Electrónica
Licencias Creative Commons: Ninguna

Texto completo

[thumbnail of 10023071.pdf] PDF (Portable Document Format) - Acceso permitido solamente al administrador del Archivo Digital UPM - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (1MB)

Resumen

Federated learning is emerged as an attractive paradigm regarding the data privacy problem, clients train the deep neural network on their local datasets, there is no need to upload their local data to a center server, and gradients are shared instead. However, recent studies show that adversaries can reconstruct the training images at high resolution from the gradients, such a break of data privacy is possible even in trained deep networks. To protect data privacy, a secure aggregation scheme against inverting attack is proposed for federated learning. The gradients are encrypted before sharing, and an adversary is unable to launch various attacks based on gradients. To improve the efficiency of data aggregation schemes, a new way of building shared keys is proposed, and a client build shared keys with 2a other clients, but not all the clients in the system. Besides, the gradient inversion attacks are also tested, and a gradient inversion attack is proposed, which enable the adversary to reconstruct the training data based on gradient. The simulation results show the proposed scheme can protect an honest but curious parameter server from reconstructing the training data.

Más información

ID de Registro: 86094
Identificador DC: https://oa.upm.es/86094/
Identificador OAI: oai:oa.upm.es:86094
URL Portal Científico: https://portalcientifico.upm.es/es/ipublic/item/10023071
Identificador DOI: 10.1007/s10207-023-00670-6
URL Oficial: https://link.springer.com/article/10.1007/s10207-0...
Depositado por: Portal Científico UPM
Depositado el: 15 Ene 2025 17:50
Ultima Modificación: 15 Ene 2025 18:17