自动化学报2024,Vol.50Issue(7):1373-1388,16.DOI:10.16383/j.aas.c211233
基于最大-最小策略的纵向联邦学习隐私保护方法
Privacy Preservation Method for Vertical Federated Learning Based on Max-min Strategy
摘要
Abstract
Vertical federated learning(VFL)is an emerging distributed machine learning that applies to the data distributed in various institutions to realize the joint construction of privacy preservation machine learning models.It has been widely applied to various fields such as industrial internet,financial lending,and medical diagnosis.Therefore,the privacy security research of vertical federated learning highlights its significance.Aiming at the risk of privacy leakage caused by the embedding exchanged by participants in the vertical federated learning protocol,we propose a general property inference attack initiated by the server.The adversary uses the auxiliary data and the embedding exchanged by the vertical federated learning protocol to train the attack model and steal the target privacy property of the participant.The experimental results show that the embedding representation generated by the vertical federated learning during the training and inference process can reveal the information of the personal private property.To deal with the above proposed privacy leakage risk,proposed a privacy preservation method for vertical federated learning based on max-min strategy(PPVFL),which introduces a gradient regular component to ensure the performance of the main task of the training process and adopts a construction component to hide parti-cipant's privacy property.Finally,in steel defect diagnosis industrial scenarios,compared to VFL without any de-fense method,privacy-preserving method reduces attack inference accuracy from 95%to below 55%,which is close to the level of random guessing,while the main task only dropped by 2%of the prediction accuracy.关键词
纵向联邦学习/属性推断攻击/隐私保护/最大-最小策略/工业互联网Key words
Vertical federated learning(VFL)/property inference attack/privacy preservation/max-min strategy/industrial internet引用本文复制引用
李荣昌,刘涛,郑海斌,陈晋音,刘振广,纪守领..基于最大-最小策略的纵向联邦学习隐私保护方法[J].自动化学报,2024,50(7):1373-1388,16.基金项目
浙江省自然科学基金青年原创计划(LDQ23F020001),国家自然科学基金(62072406),国家重点研发计划基金(2018AAA0100801),浙江省自然科学基金(LGF21F020006,LGF20F020016)资助Supported by Zhejiang Natural Science Foundation Youth Ori-ginal Project(LDQ23F020001),National Natural Science Found-ation of China(62072406),National Key Research anf Develop-ment Projects of China(2018AAA0100801),and Natural Science Foundation of Zhejiang Province(LGF21F020006,LGF20F020016) (LDQ23F020001)
