PILE: Robust Privacy-Preserving Federated Learning Via Verifiable Perturbations

Xiangyun Tang, Meng Shen*, Qi Li, Liehuang Zhu*, Tengfei Xue, Qiang Qu

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

22 引用 (Scopus)

摘要

Federated learning (FL) protects training data in clients by collaboratively training local machine learning models of clients for a global model, instead of directly feeding the training data to the server. However, existing studies show that FL is vulnerable to various attacks, resulting in training data leakage or interfering with the model training. Specifically, an adversary can analyze local gradients and the global model to infer clients' data, and poison local gradients to generate an inaccurate global model. It is extremely challenging to guarantee strong privacy protection of training data while ensuring the robustness of model training. None of the existing studies can achieve the goal. In this paper, we propose a robust privacy-preserving federated learning framework (PILE), which protects the privacy of local gradients and global models, while ensuring their correctness by gradient verification where the server verifies the computation process of local gradients. In PILE, we develop a verifiable perturbation scheme that makes confidential local gradients verifiable for gradient verification. In particular, we build two building blocks of zero-knowledge proofs for the gradient verification without revealing both local gradients and global models. We perform rigorous theoretical analysis that proves the security of PILE and evaluate PILE on both passive and active membership inference attacks. The experiment results show that the attack accuracy under PILE is between [50.3%,50.9%], which is close to the random guesses. Particularly, compared to prior defenses that incur the accuracy losses ranging from 2% to 13%, the accuracy loss of PILE is negligible, i.e., only ±0.3% accuracy loss.

源语言英语
页(从-至)5005-5023
页数19
期刊IEEE Transactions on Dependable and Secure Computing
20
6
DOI
出版状态已出版 - 1 11月 2023

指纹

探究 'PILE: Robust Privacy-Preserving Federated Learning Via Verifiable Perturbations' 的科研主题。它们共同构成独一无二的指纹。

引用此