联邦学习的安全性问题分析
Analysis on the Security of Federated Learning
DOI: 10.12677/SEA.2022.116151, PDF,    科研立项经费支持
作者: 张建红, 李 晶, 崔广金:哈尔滨师范大学计算机科学与信息工程学院,黑龙江 哈尔滨
关键词: 联邦学习数据安全防御机制Federated Learning Data Security Defense Mechanism
摘要: 随着大数据和人工智能的快速发展,人们对数据安全的需求也日益提高。为了解决目前面临的隐私保护和数据孤岛问题,联邦学习受到了各界学者的广泛关注与研究。虽然联邦学习是一种很有潜力的机器学习技术,使位于不同地理位置的多个用户可以在不共享数据的情况下协作训练机器学习模型,但是也存在一些安全性问题。因此本文对联邦学习的安全性问题进行了总结和分析,这对联邦学习的发展及应用具有重要的意义。本文首先对联邦学习的基本概念和分类进行了详细地阐述;接着,深入分析了联邦学习面临的安全性问题,包括投毒攻击、后门攻击和基于生成对抗网络(GAN)的攻击;然后,归纳总结了不同攻击的防御方法。最后,对联邦学习的应用前景以及未来的研究方向进行了总结与展望。
Abstract: With the rapid development of big data and artificial intelligence, people’s demand for data security is also increasing. In order to solve the problems of privacy protection and data islands, federated learning has been widely concerned and studied by scholars from all walks of life. Although federated learning is a promising machine learning technology that enables multiple users in different geographical locations to collaborate on training machine learning models without sharing data, there are also some security issues. Therefore, this paper summarizes and analyzes the security issues of federated learning, which is of great significance to the development and application of federated learning. Firstly, this paper expounds the basic concepts and classification of federated learning in detail. Then, the security problems faced by federated learning are analyzed in depth, including poisoning attack, backdoor attack and Generative Adversarial Network (GAN)-based attack. Then, the defense methods of different attacks are summarized. Finally, the application prospect of federated learning and the future research direction are summarized and prospected.
文章引用:张建红, 李晶, 崔广金. 联邦学习的安全性问题分析[J]. 软件工程与应用, 2022, 11(6): 1465-1472. https://doi.org/10.12677/SEA.2022.116151

参考文献

[1] 王帅, 李丹. 分布式机器学习系统网络性能优化研究进展[J]. 计算机学报, 2022, 45(7): 1384-1411.
[2] McMahan, B., Moore, E., Ramage, D., Hampson, S. and y Arcas, B.A. (2017) Communication-Efficient Learning of Deep Networks from Decentralized Data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, Fort Lauderdale, 20-22 April 2017, 1273-1282.
[3] 李少波, 杨磊, 李传江, 张安思, 罗瑞士. 联邦学习概述: 技术、应用及未来[J]. 计算机集成制造系统, 2022, 28(7): 2119-2138. [Google Scholar] [CrossRef
[4] 周传鑫, 孙奕, 汪德刚, 葛桦玮. 联邦学习研究综述[J]. 网络与信息安全学报, 2021, 7(5): 77-92.
[5] 汤凌韬, 陈左宁, 张鲁飞, 吴东. 联邦学习中的隐私问题研究进展[J/OL]. 软件学报. 1-33, 2022-11-15.[CrossRef
[6] Zhang, J., Chen, B., Cheng, X., Binh, H.T.T. and Yu, S. (2020) PoisonGAN: Generative Poisoning Attacks against Federated Learning in Edge Computing Systems. IEEE Internet of Things Journal, 8, 3310-3322. [Google Scholar] [CrossRef
[7] Rodríguez-Barroso, N., Martínez-Cámara, E., Luzón, M., et al. (2007) Dynamic Federated Learning Model for Identifying Adversarial Clients. ArXiv Preprint ArXiv: 2007.15030.
[8] Cao, D., Chang, S., Lin, Z., Liu, G. and Sun, D. (2019) Understanding Distributed Poisoning Attack in Federated Learning. 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), Tianjin, 4-6 December 2019, 233-239. [Google Scholar] [CrossRef
[9] Levine, A. and Feizi, S. (2020) Deep Partition Aggregation: Provable Defense against General Poisoning Attacks. ArXiv Preprint ArXiv: 2006.14768.
[10] Bhagoji, A.N., Chakraborty, S., Mittal, P. and Calo, S. (2019) Analyzing Federated Learning through an Adversarial Lens. Proceedings of the 36th International Conference on Machine Learning, Long Beach, 9-15 June 2019, 634-643.
[11] Desai, H.B., Ozdayi, M.S. and Kantarcioglu, M. (2021) BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture. Proceedings of the 11th ACM Conference on Data and Application Security and Privacy, Virtual Event USA, 26-28 April 2021, 101-112. [Google Scholar] [CrossRef
[12] Liu, K., Dolan-Gavitt, B. and Garg, S. (2018) Fine-Pruning: Defending against Backdooring Attacks on Deep Neural Networks. In: Bailey, M., Holz, T., Stamatogiannakis, M. and Ioannidis, S., Eds., Research in Attacks, Intrusions, and Defenses. Lecture Notes in Computer Science, Vol. 11050, Springer, Cham, 273-294. [Google Scholar] [CrossRef
[13] Hayes, J. and Ohrimenko, O. (2018) Contamination Attacks and Mitigation in Multi-Party Machine Learning. 32nd Conference on Neural Information Processing Systems (NeurIPS 2018), Montréal, 3-8 December 2018.
[14] Li, D. and Wang, J. (2019) Fedmd: Heterogenous Federated Learning via Model Distillation. ArXiv Preprint ArXiv: 1910.03581.
[15] Isaksson, M. and Norrman, K. (2020) Secure Federated Learning in 5G Mobile Networks. GLOBECOM 2020-2020 IEEE Global Communications Conference, Taipei, 7-11 December 2020, 1-6. [Google Scholar] [CrossRef

为你推荐