计算机工程2025,Vol.51Issue(6):223-235,13.DOI:10.19678/j.issn.1000-3428.0069133
一种隐私保护的抗投毒攻击联邦学习方案
A Privacy-Preserving Federated Learning Scheme Against Poisoning Attack
摘要
Abstract
Federated learning enables participants to collaboratively model without revealing their raw data,thereby effectively addressing the privacy issue of distributed data.However,as research advances,federated learning continues to face security concerns such as privacy inference attacks and malicious client poisoning attacks.Existing improvements to federated learning mainly focus on either privacy protection or against poisoning attacks without simultaneously addressing both types of attacks.To address both inference and poisoning attacks in federated learning,a privacy-preserving against poisoning federated learning scheme called APFL is proposed.This scheme involves the design of a model detection algorithm that utilizes Differential Privacy(DP)techniques to assign corresponding aggregation weights to each client based on the cosine similarity between the models.Homomorphic encryption techniques are employed for the weighted aggregation of the local models.Experimental evaluations of the MNIST and CIFAR10 datasets demonstrate that APFL effectively filters malicious models and defends against poisoning attacks while ensuring data privacy.When the poisoning ratio is no more than 50%,APFL achieves a model performance consistent with the Federated Averaging(FedAvg)scheme in a non-poisoned environment.Compared with the Krum and FLTrust schemes,APFL exhibits average reductions of 19%and 9%in model test error rate,respectively.关键词
联邦学习/差分隐私/同态加密/隐私保护/投毒攻击Key words
federated learning/Differential Privacy(DP)/homomorphic encryption/privacy-preserving/poisoning attack分类
信息技术与安全科学引用本文复制引用
姚玉鹏,魏立斐,张蕾..一种隐私保护的抗投毒攻击联邦学习方案[J].计算机工程,2025,51(6):223-235,13.基金项目
国家自然科学基金面上项目(61972241) (61972241)
上海市自然科学基金面上项目(22ZR1427100) (22ZR1427100)
上海市软科学研究项目(23692106700). (23692106700)
