基于区块链与全同态加密的安全联邦学习肺炎识别方法
A Secure Federated Learning Method for Pneumonia Detection Based on Blockchain and Fully Homomorphic Encryption
摘要: 针对肺炎医疗数据联邦学习中存在单点故障风险、隐私泄露隐患及恶意投毒攻击等问题,文章提出了名为BA-HEFL的安全联邦学习方法。该方法是一种基于全同态加密和联邦学习的去中心化肺炎识别方法,采用CKKS全同态加密对所有本地模型梯度进行加密,有效抵御梯度泄露攻击;引入区块链对全局模型的聚合流程进行审计,保障了模型的防篡改、抗单点故障等功能。实验结果表明,该方法取得了0.837的分割精度(Dice系数)与高达0.881的召回率,同时能够有效防御高达50%参与者发起的模拟投毒攻击,并切实保障了模型更新的机密性。
Abstract: To address issues such as single-point failure risks, privacy leakage vulnerabilities, and malicious poisoning attacks in federated learning for pneumonia medical data, a secure federated learning method named BA-HEFL was proposed. This method is a decentralized pneumonia recognition approach based on fully homomorphic encryption (FHE) and federated learning. It adopted the CKKS fully homomorphic encryption scheme to encrypt all local model gradients, which effectively defended against gradient leakage attacks. It also integrated blockchain technology to audit the aggregation process of the global model, thereby ensuring the model’s tamper resistance and resilience to single-point failures. Experimental results showed that the proposed method achieved a segmentation accuracy (Dice coefficient) of 0.837 and a high recall rate of 0.881. Meanwhile, it could effectively defend against simulated poisoning attacks launched by up to 50% of participants and guarantee the confidentiality of model updates.
文章引用:吴毓婧, 杨丁宇, 林濠浚, 庞异凡, 周凌枫. 基于区块链与全同态加密的安全联邦学习肺炎识别方法[J]. 计算机科学与应用, 2026, 16(5): 231-242. https://doi.org/10.12677/csa.2026.165179

参考文献

[1] He, K., Zhang, X., Ren, S. and Sun, J. (2016) Deep Residual Learning for Image Recognition. 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Vegas, 27-30 June 2016, 770-778. [Google Scholar] [CrossRef
[2] Ho, Q.R., Cipar, J., Cui, H.G., Lee, S., Kim, J.K., Gibbons, P.B., et al. (2013) More Effective Distributed ML via a Stale Synchronous Parallel Parameter Server. Proceedings of the 27th International Conference on Neural Information Processing Systems, Nevada, 5-10 December 2013, 1223-1231.
[3] Li, T., Sahu, A.K., Talwalkar, A. and Smith, V. (2020) Federated Learning: Challenges, Methods, and Future Directions. IEEE Signal Processing Magazine, 37, 50-60. [Google Scholar] [CrossRef
[4] Wei, W., Liu, L,. Loper, M., et al. (2020) A Framework for Evaluating Gradient Leakage Attacks in Federated Learning. arXiv: 2004.10397.
[5] Phong, L.T., Aono, Y., Hayashi, T., Wang, L. and Moriai, S. (2018) Privacy-Preserving Deep Learning via Additively Homomorphic Encryption. IEEE Transactions on Information Forensics and Security, 13, 1333-1345. [Google Scholar] [CrossRef
[6] Zhu, L., Liu, Z and Han, S. (2019) Deep Leakage from Gradients. arXiv: 1906.08935.
[7] Wei, K., Li, J., Ding, M., Ma, C., Yang, H.H., Farokhi, F., et al. (2020) Federated Learning with Differential Privacy: Algorithms and Performance Analysis. IEEE Transactions on Information Forensics and Security, 15, 3454-3469. [Google Scholar] [CrossRef
[8] Fang, M., Cao, X., Jia, J. and Gong, N.Z. (2020) Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. 29th USENIX Security Symposium (USENIX Security 20) 2020, 12-14 August 2020, 1623-1640.
[9] Tolpegin, V., Truex, S., Gursoy, M.E. and Liu, L. (2020) Data Poisoning Attacks against Federated Learning Systems. In: Chen, L., Li, N., Liang, K. and Schneider, S., Eds., Computer SecurityESORICS 2020, Springer, 480-501. [Google Scholar] [CrossRef
[10] Cao, D., Chang, S., Lin, Z., Liu, G. and Sun, D. (2019) Understanding Distributed Poisoning Attack in Federated Learning. 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), Tianjin, 4-6 December 2019, 233-239. [Google Scholar] [CrossRef
[11] Blanchard, P., El Mhamdi, E.M., Guerraoui, R., et al. (2017) Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent. Proceedings of the 31st International Conference on Neural Information Processing Systems, Long Beach, 4-9 December 2017, 118-128.
[12] 朱建明, 张沁楠, 高胜, 等. 基于区块链的隐私保护可信联邦学习模型[J]. 计算机学报, 2021, 44(12): 2464-2484.
[13] Nguyen, D.C., Ding, M., Pham, Q., Pathirana, P.N., Le, L.B., Seneviratne, A., et al. (2021) Federated Learning Meets Blockchain in Edge Computing: Opportunities and Challenges. IEEE Internet of Things Journal, 8, 12806-12825. [Google Scholar] [CrossRef
[14] Li, Y., Chen, C., Liu, N., Huang, H., Zheng, Z. and Yan, Q. (2021) A Blockchain-Based Decentralized Federated Learning Framework with Committee Consensus. IEEE Network, 35, 234-241. [Google Scholar] [CrossRef
[15] 陈学斌, 任志强, 张宏扬. 联邦学习中的安全威胁与防御措施综述[J]. 计算机应用, 2024, 44(6): 1663-1672.
[16] Fredrikson, M., Jha, S. and Ristenpart, T. (2015) Model Inversion Attacks That Exploit Confidence Information and Basic Countermeasures. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, 12-16 October 2015, 1322-1333. [Google Scholar] [CrossRef
[17] Lu, Y., Huang, X., Dai, Y., Maharjan, S. and Zhang, Y. (2020) Blockchain and Federated Learning for Privacy-Preserved Data Sharing in Industrial IoT. IEEE Transactions on Industrial Informatics, 16, 4177-4186. [Google Scholar] [CrossRef
[18] Cheon, J.H., Kim, A., Kim, M. and Song, Y. (2017) Homomorphic Encryption for Arithmetic of Approximate Numbers. In: Takagi, T. and Peyrin, T., Eds., Advances in CryptologyASIACRYPT 2017, Springer, 409-437. [Google Scholar] [CrossRef
[19] Howard, A.G., Zhu, M.L., Chen, B., Kalenichenko, D., Wang, W.J., Weyan, T., et al. (2017) MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications. arXiv: 1704.04861.
[20] Yang, L.X., Zhang, R.-Y., Li, L.D. and Xie, X.H. (2021) SimAM: A Simple, Parameter-Free Attention Module for Convolutional Neural Networks. Proceedings of the 38th International Conference on Machine Learning, 18-24 July 2021, 11863-11874.
[21] Maftouni, M. (2021) COVID-19 CT Scan Lesion Segmentation Dataset. Kaggle.
https://www.kaggle.com/datasets/maedemaftouni/covid19-ct-scan-lesion-segmentation-dataset