NeuronDP: Neuron-grained Differential Privacy of Deep Neural Networks in Edge-based Federated Learning

Introducing differential privacy (DP) in federated learning (FL) has become a very effective way to protect user privacy. The privacy constraint of differential privacy is implemented by adding noise to deep neural networks (DNN). Traditional approaches uniformly add noise to all parts of the neural network, overlooking the fact that different parts of the network have different importance to the loss function, leading to significant accuracy degradation. It is necessary to finely control the addition of noise through fine-grained methods. However, in the scenario of differential privacy federated learning, it is difficult to quantify the importance of each part of the neural network to the loss function, and it is difficult to make reasonable and effective privacy budget allocation. Moreover, federated learning often faces the problem of model heterogeneity, which poses challenges to fine-grained differential privacy federated learning. To address these challenges, we propose NeuronDP, a differential privacy federated learning framework that adds noise at the neuron level. NeuronDP defines a novel importance metric for the neuron and allocates the privacy budgets to each Neuron according to its importance. Finally, NeuronDP introduces a model distillation-based approach to enable it in FL across the heterogeneous models. We implement NeuronDP in PyTorch and extensively evaluate it against state-of-the-art techniques using popular FL benchmarks. The results showed that while keeping privacy protection and computation efficiency, NeuronDP improves the accuracy by an average of 81.8%, and improves the accuracy up to 411.8% when the privacy protection level is high.