《计算机应用》唯一官方网站 ›› 2024, Vol. 44 ›› Issue (6): 1663-1672.DOI: 10.11772/j.issn.1001-9081.2023060832

• CCF第38届中国计算机应用大会 (CCF NCCA 2023) • 上一篇    下一篇

联邦学习中的安全威胁与防御措施综述

陈学斌1,2,3, 任志强1,2,3(), 张宏扬1,2,3   

  1. 1.华北理工大学 理学院, 河北 唐山 063210
    2.河北省数据科学与应用重点实验室(华北理工大学), 河北 唐山 063210
    3.唐山市数据科学重点实验室(华北理工大学), 河北 唐山 063210
  • 收稿日期:2023-07-04 修回日期:2023-07-15 接受日期:2023-07-25 发布日期:2023-08-03 出版日期:2024-06-10
  • 通讯作者: 任志强
  • 作者简介:陈学斌(1970 —),男,河北唐山人,教授,博士,CCF杰出会员,主要研究方向:大数据安全、物联网安全、网络安全
    张宏扬(1999—),男,江苏淮安人,硕士研究生,主要研究方向:数据安全、隐私保护。
  • 基金资助:
    国家自然科学基金资助项目(U20A20179)

Review on security threats and defense measures in federated learning

Xuebin CHEN1,2,3, Zhiqiang REN1,2,3(), Hongyang ZHANG1,2,3   

  1. 1.College of Sciences,North China University of Science and Technology,Tangshan Hebei 063210,China
    2.Hebei Provincial Key Laboratory of Data Science and Application (North China University of Science and Technology),Tangshan Hebei 063210,China
    3.Tangshan Data Science Key Laboratory (North China University of Science and Technology),Tangshan Hebei 063210,China
  • Received:2023-07-04 Revised:2023-07-15 Accepted:2023-07-25 Online:2023-08-03 Published:2024-06-10
  • Contact: Zhiqiang REN
  • About author:CHEN Xuebin, born in 1970, Ph. D., professor. His research interests include big data security, IoT security, network security.
    ZHANG Hongyang, born in 1999, M. S. candidate. His research interests include data security, privacy protection.
  • Supported by:
    National Natural Science Foundation of China(U20A20179)

摘要:

联邦学习是一种用于解决机器学习中数据共享问题和隐私保护问题的分布式学习方法,旨在多方共同训练一个机器学习模型并保护数据的隐私;但是,联邦学习本身存在安全威胁,这使得联邦学习在实际应用中面临巨大的挑战,因此,分析联邦学习面临的攻击和相应的防御措施对联邦学习的发展和应用至关重要。首先,介绍联邦学习的定义、流程和分类,联邦学习中的攻击者模型;其次,从联邦学习系统的鲁棒性和隐私性两方面介绍可能遭受的攻击,并介绍不同攻击相应的防御措施,同时也指出防御方案的不足;最后,展望安全的联邦学习系统。

关键词: 联邦学习, 隐私保护, 攻击与防御, 机器学习, 鲁棒性与隐私性

Abstract:

Federated learning is a distributed learning approach for solving the data sharing problem and privacy protection problem in machine learning, in which multiple parties jointly train a machine learning model and protect the privacy of data. However, there are security threats inherent in federated learning, which makes federated learning face great challenges in practical applications. Therefore, analyzing the attacks faced by federation learning and the corresponding defensive measures are crucial for the development and application of federation learning. First, the definition, process and classification of federated learning were introduced, and the attacker model in federated learning was introduced. Then, the possible attacks in terms of both robustness and privacy of federated learning systems were introduced, and the corresponding defense measures were introduced as well. Furthermore, the shortcomings of the defense schemes were also pointed out. Finally, a secure federated learning system was envisioned.

Key words: federated learning, privacy protection, attack and defense, machine learning, robustness and privacy

中图分类号: