《计算机应用》唯一官方网站 ›› 2023, Vol. 43 ›› Issue (2): 437-449.DOI: 10.11772/j.issn.1001-9081.2021122072
收稿日期:
2021-12-09
修回日期:
2022-01-21
接受日期:
2022-01-28
发布日期:
2023-02-08
出版日期:
2023-02-10
通讯作者:
霍峥
作者简介:
王腾(1980—),男,贵州遵义人,高级工程师,博士,主要研究方向:机器学习、数字化治理基金资助:
Teng WANG1, Zheng HUO2(), Yaxin HUANG2, Yilin FAN2
Received:
2021-12-09
Revised:
2022-01-21
Accepted:
2022-01-28
Online:
2023-02-08
Published:
2023-02-10
Contact:
Zheng HUO
About author:
WANG Teng, born in 1980, Ph. D., senior engineer. His research interests include machine learning, digital governance.Supported by:
摘要:
近年来,联邦学习成为解决机器学习中数据孤岛与隐私泄露问题的新思路。联邦学习架构不需要多方共享数据资源,只要参与方在本地数据上训练局部模型,并周期性地将参数上传至服务器来更新全局模型,就可以获得在大规模全局数据上建立的机器学习模型。联邦学习架构具有数据隐私保护的特质,是未来大规模数据机器学习的新方案。然而,该架构的参数交互方式可能导致数据隐私泄露。目前,研究如何加强联邦学习架构中的隐私保护机制已经成为新的热点。从联邦学习中存在的隐私泄露问题出发,探讨了联邦学习中的攻击模型与敏感信息泄露途径,并重点综述了联邦学习中的几类隐私保护技术:以差分隐私为基础的隐私保护技术、以同态加密为基础的隐私保护技术、以安全多方计算(SMC)为基础的隐私保护技术。最后,探讨了联邦学习中隐私保护中的若干关键问题,并展望了未来研究方向。
中图分类号:
王腾, 霍峥, 黄亚鑫, 范艺琳. 联邦学习中的隐私保护技术研究综述[J]. 计算机应用, 2023, 43(2): 437-449.
Teng WANG, Zheng HUO, Yaxin HUANG, Yilin FAN. Review on privacy-preserving technologies in federated learning[J]. Journal of Computer Applications, 2023, 43(2): 437-449.
方法 来源 | 环境 | 攻击模型 | 安全 防御 | 隐私 保护 | 评价 标准 | ||
---|---|---|---|---|---|---|---|
机器学习 | 联邦学习 | 安全攻击 | 隐私攻击 | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
本文工作 | √ | √ | √ | √ |
表1 联邦学习中隐私保护技术的相关综述
Tab.1 Reviews related to privacy-preserving technologies in federated learning
方法 来源 | 环境 | 攻击模型 | 安全 防御 | 隐私 保护 | 评价 标准 | ||
---|---|---|---|---|---|---|---|
机器学习 | 联邦学习 | 安全攻击 | 隐私攻击 | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
文献[ | √ | √ | √ | ||||
本文工作 | √ | √ | √ | √ |
攻击名称 | 描述 | 攻击类型 | 攻击阶段 | 文献 |
---|---|---|---|---|
数据泄露 攻击 | 数据泄露攻击是指恶意服务器采取训练简单或易攻击模型的手段,通过参与方上传的参数获取参与方的敏感数据或数据特征 | HbC攻击 | 预测 阶段 | Liu[ |
属性推理 攻击 | 攻击者结合辅助数据训练用来攻击模型的分类器,以判断观察到的更新是否为基于“包含目标属性”数据集的训练结果[ | HbC攻击 | Melis[ | |
模型反演 攻击 | 攻击者试图重构训练数据中特定个体的敏感信息。攻击者反复发送数据并查看预测结果,推测机器学习模型的参数或功能,从而复制出一个功能相似甚至完全相同的机器学习模型 | HbC攻击 | 训练 阶段 | Tramèr[ |
成员推断 攻击 | 对指定的模型和数据样本,攻击者可推断某个样本是否为训练样本。若训练样本均为敏感数据,成员隶属推断攻击将直接给个体带来隐私威胁 | HbC攻击 | Shokri[ |
表2 隐私攻击模型分类
Tab. 2 Classification of privacy attack models
攻击名称 | 描述 | 攻击类型 | 攻击阶段 | 文献 |
---|---|---|---|---|
数据泄露 攻击 | 数据泄露攻击是指恶意服务器采取训练简单或易攻击模型的手段,通过参与方上传的参数获取参与方的敏感数据或数据特征 | HbC攻击 | 预测 阶段 | Liu[ |
属性推理 攻击 | 攻击者结合辅助数据训练用来攻击模型的分类器,以判断观察到的更新是否为基于“包含目标属性”数据集的训练结果[ | HbC攻击 | Melis[ | |
模型反演 攻击 | 攻击者试图重构训练数据中特定个体的敏感信息。攻击者反复发送数据并查看预测结果,推测机器学习模型的参数或功能,从而复制出一个功能相似甚至完全相同的机器学习模型 | HbC攻击 | 训练 阶段 | Tramèr[ |
成员推断 攻击 | 对指定的模型和数据样本,攻击者可推断某个样本是否为训练样本。若训练样本均为敏感数据,成员隶属推断攻击将直接给个体带来隐私威胁 | HbC攻击 | Shokri[ |
方法类型 | 参考文献 | 保护模型 | 防御阶段 |
---|---|---|---|
基于差分隐私的隐私保护技术 | Skeches[ | 神经网络 | 训练阶段 |
Beyesian DP[ | 任意 | 训练阶段 | |
Hamm and Cao[ | 回归 | 预测阶段 | |
DPGAN[ | 生成模型 | 训练/生成阶段 | |
基于同态加密的隐私保护技术 | Phong[ | 神经网络 | 训练阶段 |
Orlandi[ | 预测阶段 | ||
基于安全多方计算的隐私保护技术 | Renuga[ | 神经网络 | 训练阶段 |
Pivot[ | 树模型 |
表3 联邦学习中的隐私保护方法的比较
Tab. 3 Comparison of privacy-preserving methods in federated learning
方法类型 | 参考文献 | 保护模型 | 防御阶段 |
---|---|---|---|
基于差分隐私的隐私保护技术 | Skeches[ | 神经网络 | 训练阶段 |
Beyesian DP[ | 任意 | 训练阶段 | |
Hamm and Cao[ | 回归 | 预测阶段 | |
DPGAN[ | 生成模型 | 训练/生成阶段 | |
基于同态加密的隐私保护技术 | Phong[ | 神经网络 | 训练阶段 |
Orlandi[ | 预测阶段 | ||
基于安全多方计算的隐私保护技术 | Renuga[ | 神经网络 | 训练阶段 |
Pivot[ | 树模型 |
1 | ZHOU L N, PAN S M, WANG J W, et al. Machine learning on big data: opportunities and challenges[J]. Neurocomputing, 2017, 237: 350-361. 10.1016/j.neucom.2017.01.026 |
2 | 中华人民共和国网络安全法[EB/OL]. (2016-11-07) [2021-11-15].. 10.4236/blr.2016.73024 |
Network security law of the People’s Republic of China[EB/OL]. (2016-11-07) [2021-11-15].. 10.4236/blr.2016.73024 | |
3 | 中华人民共和国数据安全法[EB/OL]. (2021-06-10) [2021-11-15].. 10.1093/oso/9780199663163.003.0028 |
Data security law of the People’s Republic of China[EB/OL]. (2021-06-11) [2021-11-15].. 10.1093/oso/9780199663163.003.0028 | |
4 | 中华人民共和国个人信息保护法[EB/OL]. (2021-08-20) [2021-11-15].. 10.1093/oso/9780199663163.003.0028 |
Law of the People’s Republic of China on the protection of personal information[EB/OL]. (2021-08-20) [2021-11-15].. 10.1093/oso/9780199663163.003.0028 | |
5 | YANG Q, LIU Y, CHEN T J, et al. Federated machine learning: concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): No.12. 10.1145/3298981 |
6 | KONEČNÝ J, McMAHAN H B, YU F X, et, al. Federated learning: strategies for improving communication efficiency[EB/OL]. (2017-10-30) [2021-11-15].. |
7 | LIU B Y, WANG L J, LIU M, et al. Federated imitation learning: a privacy considered imitation learning framework for cloud robotic systems with heterogeneous sensor data[EB/OL]. (2019-09-15) [2021-11-15].. 10.1109/lra.2020.2976321 |
8 | SHAO R L, HE H Y, LIU H, et al. Stochastic channel-based federated learning for medical data privacy preserving[EB/OL]. (2019-11-15) [2021-11-15].. 10.2196/preprints.17111 |
9 | HAHN S J, LEE J. Privacy-preserving federated Bayesian learning of a generative model for imbalanced lassification of clinical data[EB/OL]. (2020-08-29) [2021-11-15]. . 10.13140/RG.2.2.18970.80328 |
10 | CHOUDHURY O, GKOULALAS-DIVANIS A, SALONIDIS T, et al. Differential privacy-enabled federated learning for sensitive health data[EB/OL]. (2020-02-27) [2021-11-15].. |
11 | ZHENG W T, POPA R A, GONZALEZ J E, et al. Helen: maliciously secure coopetitive learning for linear models[C]// Proceedings of the 2019 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2019: 724-738. 10.1109/sp.2019.00045 |
12 | LI Q B, WEN Z Y, WU Z M, et al. A survey on federated learning systems: vision, hype and reality for data privacy and protection[J]. (2019-07-23) [2022-01-19].. 10.1109/tkde.2021.3124599 |
13 | LI Z P, SHARMA V, MOHANTY S P. Preserving data privacy via federated learning: challenges and solutions[J]. IEEE Consumer Electronics Magazine, 2020, 9(3):8-16. 10.1109/mce.2019.2959108 |
14 | SHAO R L, LIU H, LIU D B. Privacy preserving stochastic channel-based federated learning with neural network pruning[EB/OL]. (2019-10-04) [2021-11-15].. 10.2196/preprints.17111 |
15 | SATTLER F, MÜLLER K R, SAMEK W. Clustered federated learning: model-agnostic distributed multi-task optimization under privacy constraints[J]. IEEE Transactions on Neural Networks and Learning Systems, 2021, 32(8): 3710-3722. 10.1109/tnnls.2020.3015958 |
16 | ZHAO L C, NI L H, HU S S, et al. InPrivate digging: enabling tree-based distributed data mining with differential privacy[C]// Proceedings of the 2018 IEEE Conference on Computer Communications. Piscataway: IEEE, 2018: 2087-2095. 10.1109/infocom.2018.8486352 |
17 | CHENG K W, FAN T, JIN Y L, et al. SecureBoost: a lossless federated learning framework[J]. IEEE Intelligent Systems, 2021, 36(6): 87-98. 10.1109/mis.2021.3082561 |
18 | McMAHAN H B, MOORE E, RAMAGE D, et al. Federated learning of deep networks using model averaging[EB/OL]. (2017-02-28) [2021-11-15]. . |
19 | HAO M, LI H W, XU G W, et al. Towards efficient and privacy-preserving federated deep learning[C]// Proceedings of the 2019 IEEE International Conference on Communications. Piscataway: IEEE, 2019: 1-6. 10.1109/icc.2019.8761267 |
20 | 刘俊旭,孟小峰. 机器学习的隐私保护研究综述[J]. 计算机研究与发展, 2020, 57(2):346-362. 10.7544/issn1000-1239.2020.20190455 |
LIU J X, MENG X F. Survey on privacy-preserving machine learning[J]. Journal of Computer Research and Development, 2020, 57(2):346-362. 10.7544/issn1000-1239.2020.20190455 | |
21 | DWORK C. Differential privacy[C]// Proceedings of the 2006 International Colloquium on Automata, Languages, and Programming, LNCS 4052. Berlin: Springer, 2006: 1-12. |
22 | SWEENEY L. k-anonymity: a model for protecting privacy[J]. International Journal on Uncertainty, Fuzziness and Knowledge-Based Systems, 2002, 10(5): 557-570. 10.1142/s0218488502001648 |
23 | BOGETOFT P, CHRISTENSEN L D, DAMGÅRD I, et al. Secure multiparty computation goes live[C]// Proceedings of the 2009 International Conference on Financial Cryptography and Data Security, LNCS 5628. Berlin: Springer, 2009: 325-343. |
24 | 周纯毅,陈大卫,王尚,等. 分布式深度学习隐私与安全攻击研究进展与挑战[J]. 计算机研究与发展, 2021, 58(5): 927-943. 10.7544/issn1000-1239.2021.20200966 |
ZHOU C Y, CHEN D W, WANG S, et al. Research and challenge of distributed deep learning privacy and security attack[J]. Journal of Computer Research and Development, 2021, 58(5):927-943. 10.7544/issn1000-1239.2021.20200966 | |
25 | 陈兵,成翔,张佳乐,等. 联邦学习安全与隐私保护综述[J]. 南京航空航天大学学报, 2020, 52(5): 675-684. 10.16356/j.1005 |
CHEN B, CHENG X, ZHANG J L, et al. Survey of security and privacy in federated learning[J]. Journal of Nanjing University of Aeronautics and Astronautics, 2020, 52(5): 675-684. 10.16356/j.1005 | |
26 | 周俊,方国英,吴楠. 联邦学习安全与隐私保护研究综述[J]. 西华大学学报(自然科学版), 2020, 39(4): 9-17. 10.12198/j.issn.1673?159X.3607 |
ZHOU J, FANG G Y, WU N. Survey on security and privacy-preserving in federated learning[J]. Journal of Xihua University (Natural Science Edition), 2020, 39(4): 9-17. 10.12198/j.issn.1673?159X.3607 | |
27 | 王健宗,孔令炜,黄章成,等. 联邦学习隐私保护研究进展[J]. 大数据, 2021, 7(3): 130-149. 10.11959/j.issn.2096-0271.2021030 |
WANG J Z, KONG L W, HUANG Z C, et al. Research advances on privacy protection of federated learning[J]. Big Data Research, 2021, 7(3): 130-149. 10.11959/j.issn.2096-0271.2021030 | |
28 | 纪守领,杜天宇,李进锋,等. 机器学习模型安全与隐私研究综述[J].软件学报, 2021, 32(1):41-67. 10.13328/j.cnki.jos.006131 |
JI S L, DU T Y, LI J F, et al. Security and privacy of machine learning models: a survey[J]. Journal of Software, 2021, 32(1):41-67. 10.13328/j.cnki.jos.006131 | |
29 | YIN X F, ZHU Y M, HU J K. A comprehensive survey of privacy-preserving federated learning: a taxonomy, review, and future directions[J]. ACM Computing Surveys, 2022, 54(6): No.131. 10.1145/3460427 |
30 | BRIGGERS C, FAN Z, ANDRAS P. A review of privacy-preserving federated learning for the Internet-of-Things[M]// REHMAN M H U, GABER M M. Federated Learning Systems: Towards Next-Generation AI. Cham: Springer, 2021: 21-50. 10.1007/978-3-030-70604-3_2 |
31 | WARREN S D, BRANDEIS L D. The right to privacy[J]. Harvard Law Review, 1890, 4(5): 193-220. 10.2307/1321160 |
32 | General Data Protection Regulation. Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)[J]. Official Journal of the European Union, 2016, 59: 1-88. |
33 | ZHANG X L, FU A M, WANG H Q, et al. A privacy-preserving and verifiable federated learning scheme[C]// Proceedings of the 2020 IEEE International Conference on Communications. Piscataway: IEEE, 2020: 1-6. 10.1109/icc40277.2020.9148628 |
34 | KAIROUZ P, McMAHAN H B, AVENT B, et al. Advances and open problems in federated learning[J]. Foundations and Trends in Machine Learning, 2021, 14(1/2): 1-210. 10.1561/2200000083 |
35 | LI T, SANJABI M, BEIRAMI A, et al. Fair resource allocation in federated learning[EB/OL]. (2020-02-14) [2022-01-19].. |
36 | LI Q B, WEN Z Y, WU Z M, et al. A survey on federated learning systems: vision, hype and reality for data privacy and protection[EB/OL]. (2021-12-05) [2022-01-19].. 10.1109/tkde.2021.3124599 |
37 | McMAHAN H B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C]// Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. New York: JMLR.org, 2017: 1273-1282. |
38 | KONEČNÝ J, McMAHAN H B, RAMAGE D, et al. Federated optimization: distributed machine learning for on-device intelligence[EB/OL]. (2016-10-08) [2022-01-19].. |
39 | LI T, SAHU A K, ZAHEER M, et al. Federated optimization in heterogeneous networks[C/OL]// Proceedings of the 3rd Machine Learning and Systems Conference. [2022-01-19].. 10.1109/ieeeconf44664.2019.9049023 |
40 | WANG J Y, LIU Q H, LIANG H, et al. Tackling the objective inconsistency problem in heterogeneous federated optimization[C/OL]// Proceedings of the 34th Conference on Neural Information Processing System. [2022-01-09]. . |
41 | LIU Y, LIU Y T, LIU Z J, et al. Federated forest[J]. IEEE Transactions on Big Data, 2022, 8(3): 843-854. 10.1109/tbdata.2020.2992755 |
42 | NIKOLAENKO V, WEINSBERG U, IOANNIDIS S, et al. Privacy-preserving ridge regression on hundreds of millions of records[C]// Proceedings of the 2013 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2013: 334-348. 10.1109/sp.2013.30 |
43 | LI Q B, WEN Z Y, HE B S. Practical federated gradient boosting decision trees[C]// Proceedings of the 34th AAAI Conference on Artificial Intelligence. Palo Alto, CA: AAAI Press, 2020: 4642-4649. 10.1609/aaai.v34i04.5895 |
44 | PAPERNOT N, McDANIEL P, SINHA A, et al. SoK: towards the science of security and privacy in machine learning[EB/OL]. (2016-11-11) [2022-01-19].. 10.1109/eurosp.2018.00035 |
45 | MA C, LI J, DING M, et al. On safeguarding privacy and security in the framework of federated learning[J]. IEEE Network, 2020, 34(4): 242-248. 10.1109/mnet.001.1900506 |
46 | SHOKRI R, STRONATI M, SONG C Z, et al. Membership inference attacks against machine learning models[C]// Proceedings of the 2017 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2017: 3-18. 10.1109/sp.2017.41 |
47 | TRAMÈR F, ZHANG F, JUELS A, et al. Stealing machine learning models via prediction APIs[C]// Proceedings of the 25th USENIX Security Symposium. Berkeley: USENIX Association, 2016: 601-618. |
48 | CARLINI N, LIU C, Ú ERLINGSSON, et al. The secret sharer: evaluating and testing unintended memorization in neural networks[C]// Proceedings of the 28th USENIX Security Symposium. Berkeley: USENIX Association, 2019: 267-284. |
49 | GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]// Proceedings of the 27th International Conference on Neural Information Processing Systems - Volume 2. Cambridge: MIT Press, 2014: 2672-2680. |
50 | WANG Z B, SONG M K, ZHANG Z F, et al. Beyond inferring class representatives: user-level privacy leakage from federated learning[C]// Proceedings of the 2019 IEEE Conference on Computer Communications. Piscataway: IEEE, 2019: 2512-2520. 10.1109/infocom.2019.8737416 |
51 | LIU Z X, LI T, SMITH V, et al. Enhancing the privacy of federated learning with sketching[EB/OL]. (2019-11-05) [2022-01-19].. |
52 | MELIS L, SONG C Z, DE CRISTOFARO E, et al. Exploiting unintended feature leakage in collaborative learning[C]// Proceedings of the 2019 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2019: 691-706. 10.1109/sp.2019.00029 |
53 | HITAJ B, ATENIESE G, PEREZ-CRUZ F. Deep models under the GAN: information leakage from collaborative deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 603-618. 10.1145/3133956.3134012 |
54 | HAYES J, MELIS L, DANEZIS G, et al. LOGAN: membership inference attacks against generative models[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(1): 133-152. 10.2478/popets-2019-0008 |
55 | NASR M, SHOKRI R, HOUMANSADR A. Comprehensive privacy analysis of deep learning: passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of the 2019 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2019: 739-753. 10.1109/sp.2019.00065 |
56 | WANG N, XIAO X K, YANG Y, et al. Collecting and analyzing multidimensional data with local differential privacy[C]// Proceedings of the IEEE 35th International Conference on Data Engineering. Piscataway: IEEE, 2019: 638-649. 10.1109/icde.2019.00063 |
57 | BITTAU A, ERLINGSSON Ú, MANIATIS P, et al. Prochlo: strong privacy for analytics in the crowd[C]// Proceedings of the 26th Symposium on Operating Systems Principles. New York: ACM, 2017: 441-459. 10.1145/3132747.3132769 |
58 | McSHERRY F, TALWAR K. Mechanism design via differential privacy[C]// Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science. Piscataway: IEEE, 2007: 94-103. 10.1109/focs.2007.66 |
59 | DWORK C, ROTH A. The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2014, 9(3/4): 211-407. 10.1561/0400000042 |
60 | WEI K, LI J, DING M, et al. Federated learning with differential privacy: algorithms and performance analysis[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 3454-3469. 10.1109/tifs.2020.2988575 |
61 | GEYER R C, KLEIN T, NABI M. Differentially private federated learning: a client level perspective[EB/OL]. (2018-03-01) [2022-01-19].. |
62 | LIU X Y, LI H W, XU G W, et al. Adaptive privacy-preserving federated learning[J]. Peer-to-Peer Networking and Applications, 2020, 13(6): 2356-2366. 10.1007/s12083-019-00869-2 |
63 | HU R, GUO Y X, LI H N, et al. Personalized federated learning with differential privacy[J]. IEEE Internet of Things Journal, 2020, 7(10): 9530-9539. 10.1109/jiot.2020.2991416 |
64 | MELIS L, DANEZIS G, DE CRISTOFARO E. Efficient private statistics with succinct sketches[C]// Proceedings of the 2016 Annual Network and Distributed System Security Symposium. Reston, VA: Internet Society, 2016: 1-15. 10.14722/ndss.2016.23175 |
65 | TRUEX S, BARACALDO N, ANWAR A, et al. A hybrid approach to privacy-preserving federated learning[C]// Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security. New York: ACM, 2019: 1-11. 10.1145/3338501.3357370 |
66 | GHAZI B, PAGH R, VELINGKER A. Scalable and differentially private distributed aggregation in the shuffled model[EB/OL]. (2019-12-02) [2022-01-19].. 10.1007/978-3-030-45724-2_27 |
67 | BALLE B, BELL J, GASCÓN A, et al. The privacy blanket of the shuffle model[C]// Proceedings of the 2019 Annual International Cryptology Conference, LNCS 11693. Cham: Springer, 2019: 638-667. |
68 | HAMM J, CAO P, BELKIN M. Learning privately from multiparty data[C]// Proceedings of the 33rd International Conference on Machine Learning. New York: JMLR.org, 2016: 555-563. |
69 | JAYARAMAN B, WANG L X, EVANS D, et al. Distributed learning without distress: privacy-preserving empirical risk minimization[C]// Proceedings of the 32nd International Conference on Neural Information Processing Systems. Red Hook, NY: Curran Associates Inc., 2018: 6346-6357. |
70 | TRIASTCYN A, FALTINGS B. Federated learning with Bayesian differential privacy[C]// Proceedings of the 2019 IEEE International Conference on Big Data. Piscataway: IEEE, 2019: 2587-2596. 10.1109/bigdata47090.2019.9005465 |
71 | GENTRY C. Fully homomorphic encryption using ideal lattices[C]// Proceedings of the 41st Annual ACM Symposium on Theory of Computing. New York: ACM, 2009: 169-178. 10.1145/1536414.1536440 |
72 | ACAR A, AKSU H, ULUAGAC A S, et al. A survey on homomorphic encryption schemes: theory and implementation[J]. ACM Computing Surveys, 2019, 51(4): No.79. 10.1145/3214303 |
73 | PAILLIER P. Public-key cryptosystems based on composite degree residuosity classes[C]// Proceedings of the 1999 International Conference on the Theory and Applications of Cryptographic Techniques, LNCS 1592. Berlin: Springer, 1999: 223-238. |
74 | RIVEST R L, ADLEMAN L, DERTOUZOS M L. On data banks and privacy homomorphisms[M]// DEMILLO R A, DOBKIN D P, JONES A K, et al. Foundations of Secure Computation. New York: Academic Press, 1978: 169-179. |
75 | PHONG T L, AONO Y, HAYASHI T, et al. Privacy-preserving deep learning via additively homomorphic encryption[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(5): 1333-1345. 10.1109/tifs.2017.2787987 |
76 | BARNI M, ORLANDI C, PIVA A. A privacy-preserving protocol for neural-network-based computation[C]// Proceedings of the 8th Workshop on Multimedia and Security. New York: ACM, 2006: 146-151. 10.1145/1161366.1161393 |
77 | RAHULAMATHAVAN Y, PHAN R C W, VELURU S, et al. Privacy-preserving multi-class support vector machine for outsourcing the data classification in cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2014, 11(5): 467-479. 10.1109/tdsc.2013.51 |
78 | XIE P T, BILENKO M, FINLEY T, et al. Crypto-nets: neural networks over encrypted data[EB/OL]. (2014-12-24) [2022-01-19].. |
79 | SHAMIR A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612-613. 10.1145/359168.359176 |
80 | YAO A C. Protocols for secure computations[C]// Proceedings of the 23rd Annual Symposium on Foundations of Computer Science. Piscataway: IEEE, 1982: 160-164. 10.1109/sfcs.1982.38 |
81 | BLAKLEY G R. Safeguarding cryptographic keys[C]// Proceedings of the 1979 International Workshop on Managing Requirements Knowledge. Piscataway: IEEE, 1979: 313-318. 10.1109/mark.1979.8817296 |
82 | KANAGAVELU R, LI Z X, SAMSUDIN J, et al. Two-phase multi-party computation enabled privacy-preserving federated learning[C]// Proceedings of the 20th IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing. Piscataway: IEEE, 2020: 410-419. 10.1109/ccgrid49817.2020.00-52 |
83 | BONAWITZ K, IVANOV V, KREUTER B, et al. Practical secure aggregation for privacy-preserving machine learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017: 1175-1191. 10.1145/3133956.3133982 |
84 | WU Y C, CAI S F, XIAO X K, et al. Privacy preserving vertical federated learning for tree-based models[J]. Proceedings of the VLDB Endowment, 2020, 13(12): 2090-2103. 10.14778/3407790.3407811 |
85 | AWAN S, LI F J, LUO B, et al. Poster: a reliable and accountable privacy-preserving federated learning framework using the blockchain[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019: 2561-2563. 10.1145/3319535.3363256 |
86 | WENG J S, WENG J, ZHANG J L, et al. DeepChain: auditable and privacy-preserving deep learning with blockchain-based incentive[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 18(5): 2438-2455. |
87 | ORLANDI C, PIVA A, BARNI M. Oblivious neural network computing via homomorphic encryption[J]. EURASIP Journal on Information Security, 2007, 2007: No.037343. 10.1186/1687-417x-2007-037343 |
88 | PAPERNOT N, SONG S, MIRONOV I, et al. Scalable private learning with PATE[EB/OL]. (2018-02-24) [2022-01-19].. |
89 | XIE L Y, LIN K X, WANG S, et al. Differentially private generative adversarial network[EB/OL]. (2018-02-19) [2022-01-19].. |
90 | ACS G, MELIS L, CASTELLUCCIA C, et al. Differentially private mixture of generative neural networks[J]. IEEE Transactions on Knowledge and Data Engineering, 2019, 31(6): 1109-1121. 10.1109/tkde.2018.2855136 |
91 | MOU W, FU C, LEI Y, et al. A verifiable federated learning scheme based on secure multi-party computation [C]// Proceedings of the 16th International Conference on Wireless Algorithms, Systems, and Applications, LNCS 12938. Cham: Springer, 2021: 198-209. |
92 | XU R H, BARACALDO N, ZHOU Y, et al. HybridAlpha: an efficient approach for privacy-preserving federated learning[C]// Proceedings of the 12th ACM Workshop on Artificial Intelligence and Security. New York: ACM, 2019: 13-23. 10.1145/3338501.3357371 |
93 | SHOKRI R, SHMATIKOV V. Privacy-preserving deep learning[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015: 1310-1321. 10.1145/2810103.2813687 |
94 | LI X, HUANG K X, YANG W H, et al. On the convergence of FedAvg on non-iid data[EB/OL]. (2020-06-25) [2022-01-19].. |
95 | AÏVODJI U M, GAMBS S, MARTIN A. IOTFLA: a secured and privacy-preserving smart home architecture implementing federated learning[C]// Proceedings of the 2019 IEEE Symposium on Security and Privacy Workshops. Piscataway: IEEE, 2019: 175-180. 10.1109/spw.2019.00041 |
96 | Ethics guidelines for trustworthy AI[EB/OL]. (2019-04-08) [2022-01-03].. 10.1017/9781108936040.022 |
[1] | 尹春勇, 李荧. 基于BCU-Tree与字典的高效用挖掘快速脱敏算法[J]. 《计算机应用》唯一官方网站, 2023, 43(2): 413-422. |
[2] | 郑赛, 李天瑞, 黄维. 面向通信成本优化的联邦学习算法[J]. 《计算机应用》唯一官方网站, 2023, 43(1): 1-7. |
[3] | 刘炎培, 陈宁宁, 朱运静, 王丽萍. 面向5G/Beyond 5G的移动边缘缓存优化技术综述[J]. 《计算机应用》唯一官方网站, 2022, 42(8): 2487-2500. |
[4] | 章振宇, 谭国平, 周思源. 基于1‑bit压缩感知的高效无线联邦学习算法[J]. 《计算机应用》唯一官方网站, 2022, 42(6): 1675-1682. |
[5] | 王利娥, 李小聪, 刘红翼. 融合知识图谱和差分隐私的新闻推荐方法[J]. 《计算机应用》唯一官方网站, 2022, 42(5): 1339-1346. |
[6] | 刘晶, 董志红, 张喆语, 孙志刚, 季海鹏. 基于联邦增量学习的工业物联网数据共享方法[J]. 《计算机应用》唯一官方网站, 2022, 42(4): 1235-1243. |
[7] | 罗长银, 王君宇, 陈学斌, 马春地, 张淑芬. 改进的联邦加权平均算法[J]. 《计算机应用》唯一官方网站, 2022, 42(4): 1131-1136. |
[8] | 吴静雯, 殷新春, 宁建廷. 车载自组网中可撤销的聚合签名认证方案[J]. 《计算机应用》唯一官方网站, 2022, 42(3): 911-920. |
[9] | 邱鑫源, 叶泽聪, 崔翛龙, 高志强. 联邦学习通信开销研究综述[J]. 《计算机应用》唯一官方网站, 2022, 42(2): 333-342. |
[10] | 赵乐, 张恩, 秦磊勇, 李功丽. 基于区块链的多方隐私保护k-means聚类方案[J]. 《计算机应用》唯一官方网站, 2022, 42(12): 3801-3812. |
[11] | 钟洋, 毕仁万, 颜西山, 应作斌, 熊金波. 支持隐私保护训练的高效同态神经网络[J]. 《计算机应用》唯一官方网站, 2022, 42(12): 3792-3800. |
[12] | 张国鹏, 陈学斌, 王豪石, 翟冉, 马征. 面向本地差分隐私的K-Prototypes聚类方法[J]. 《计算机应用》唯一官方网站, 2022, 42(12): 3813-3821. |
[13] | 梁天恺, 曾碧, 陈光. 联邦学习综述:概念、技术、应用与挑战[J]. 《计算机应用》唯一官方网站, 2022, 42(12): 3651-3662. |
[14] | 孙睿, 李超, 王伟, 童恩栋, 王健, 刘吉强. 基于区块链的联邦学习研究进展[J]. 《计算机应用》唯一官方网站, 2022, 42(11): 3413-3420. |
[15] | 韩佳良, 韩宇栋, 刘譞哲, 赵耀帅, 冯迪. 基于云‒端融合的个性化推荐服务系统[J]. 《计算机应用》唯一官方网站, 2022, 42(11): 3506-3512. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||