針對梯度逆轉攻擊建構安全卷積類神經網路

Abstract

聯邦學習作為一種新穎的機器學習方式，涉及由中央伺服器構建機器學習模型，遠程客戶端使用其私有數據來訓練該模型。普遍認為，聯邦學習具有保護客戶數據隱私的能力。然而，許多研究已成功利用梯度來還原客戶的個人隱私數據。因此，客戶已經開始採用各種方法來保護其隱私和數據。但是，受這些保護措施的影響，再加上惡意伺服器的數量不多，導致許多普通伺服器在聯邦學習框架內性能下降。為了解決上述挑戰，我們提出了一種創新的解決方案。我們的方法是將安全模塊加入到現有模型中，有效地防止客戶隱私通過梯度逆轉攻擊受到破壞，同時保持一定水平的性能。該方法使一般伺服器能夠向客戶展示其值得信賴的特性，消除了客戶採用各種手段來保護數據的需求，同時保持模型的性能。

Federated learning, as a novel machine learning paradigm, involves the construction of a machine learning model by a central server, with remote clients utilizing their private data for training the model. It is widely believed that federated learning holds the potential to protect the data privacy of clients. However, numerous studies have successfully exploited gradients to recover clients' personal privacy data. Consequently, clients have resorted to employing diverse methods in an attempt to safeguard their privacy and data. Nevertheless, the impact of such protective measures, coupled with the limited prevalence of malicious servers, has led to a decline in performance for many regular servers within the federated learning framework. To address the aforementioned challenges, we propose an innovative solution. Our approach involves the integration of a secure module into the existing model, effectively preventing the compromise of clients' privacy through gradient inversion attacks while maintaining a certain level of performance. This method enables regular servers to demonstrate their trustworthiness to clients, eliminating the need for clients to employ various means to protect their data and maintaining the model's performance.