关键词: 联邦学习, 差分隐私, 隐私偏好, 隐私分级, 个性化隐私保护

Abstract: As a paradigm of distributed machine learning, federated learning can effectively protect users' personal data from attackers. However, by analyzing the parameters in the model training, such as the weight of deep neural network training, it is still possible to disclose the user's privacy information. In order to solve this problem, differential privacy is applied to federated learning to enhance the privacy of Federated learning. However, existing federated learning methods based on differential privacy revolve around the same privacy protection budget and ignore the different privacy requirements of clients. We propose a two-stage federated learning algorithm based on personalized differential privacy. In the first stage, the algorithm classifies the user's privacy according to the user's privacy preference, adds noise to meet the user's privacy preference, achieves the purpose of personalized privacy protection, and uploads the privacy level corresponding to the privacy preference to the central aggregation server. In the second stage, in order to fully protect the global data, the local and central protection strategy is adopted. According to the privacy level uploaded by the user, the noise conforming to the global differential privacy threshold is added to quantify the global privacy protection level. The experimental results show that compared with LDP -Fed method（Federated learning with local differential privacy）, this method not only improves the classification accuracy in multiple scenes by 0.8%, but also meets the needs of personalized privacy protection.

Key words: federated learning, differential privacy, privacy preference, privacy rating, personalized privacy protection