南京邮电大学学报(自然科学版)2024,Vol.44Issue(6):53-64,12.DOI:10.14132/j.cnki.1673-5439.2024.06.006
联邦学习中防御投毒攻击的客户端筛选策略
A client selection strategy for defending against poisoning attacks in federated learning
摘要
Abstract
Federated learning is a method to address data silos.However,as adversarial models evolve,adversaries may inject harmful parameters during the training process,leading to a decrease in the models'training effectiveness.To enhance the security of the training process of federated learning,a client selection strategy for defending against poisoning attacks in federated learning is designed.In this strategy,a scoring function based on the differential privacy exponential mechanism is used to dynamically update weight parameters.First,consistent weight parameters are assigned to each client.Second,the effectiveness of each round of training is quantified and the quantified results are input into a constructed update function.Third,the server selects suitable clients for participating the current round of training based on these updated weight parameters,and aggregates the training models uploaded by these clients.The entire process is repeated over multiple rounds,until an effective and reliable training model is abtained.Finally,the feasibility of the proposed strategy is experimentally validated for adversarial poisoning attacks.关键词
联邦学习/投毒攻击/差分隐私/指数机制Key words
federated learning/poisoning attacks/differential privacy/exponential mechanisms分类
信息技术与安全科学引用本文复制引用
徐鹤,张迪,李鹏,季一木..联邦学习中防御投毒攻击的客户端筛选策略[J].南京邮电大学学报(自然科学版),2024,44(6):53-64,12.基金项目
国家自然科学基金(62102196)、江苏省重点研发计划(BE2019740)、江苏省教育厅高等学校自然科学研究项目(20KJA520001)和江苏省六大人才高峰高层次人才项目(RJFW-111)资助项目 (62102196)