Federated learning aims to protect data privacy by collaboratively learning a model without sharing private data among users. However, an adversary may still be able to infer the private training data by attacking the released model. Differential privacy provides a statistical protection against such attacks at the price of significantly degrading the accuracy or utility of the trained models. In this paper, we investigate a utility enhancement scheme based on Laplacian smoothing for differentially private federated learning (DP-Fed-LS), where the parameter aggregation with injected Gaussian noise is improved in statistical precision without losing privacy budget. Our key observation is that the aggregated gradients in federated learning often enjoy a type of smoothness, i.e. sparsity in the graph Fourier basis with polynomial decays of Fourier coefficients as frequency grows, which can be exploited by the Laplacian smoothing efficiently. Under a prescribed differential privacy budget, convergence error bounds with tight rates are provided for DP-Fed-LS with uniform subsampling of heterogeneous Non-IID data, revealing possible utility improvement of Laplacian smoothing in effective dimensionality and variance reduction, among others. Experiments over MNIST, SVHN, and Shakespeare datasets show that the proposed method can improve model accuracy with DP-guarantee and membership privacy under both uniform and Poisson subsampling mechanisms.
翻译:联邦学习的目的是通过协作学习一种模式,保护数据隐私,而用户之间不共享私人数据;然而,对手仍可以通过攻击释放的模式推断私人培训数据;不同隐私以大幅降低经过培训的模式的准确性或实用性为代价,提供统计保护,防止这种攻击;在本文中,我们调查一项基于拉巴西平滑的公用事业强化计划,用于差异性私人联邦学习(DP-Fed-LS),根据规定的差别隐私预算,为DP-Fed-LS提供注射高斯噪音的参数汇总,在统计精确度方面提高,同时又不丧失隐私预算;我们的主要观察是,联邦学习中的总梯度往往享有一种平滑,即在图四流基基中,随着频率的增长,多位系数衰减为四位系数。 在规定的差异性隐私预算下,为DP-Fed-LS(DP-Fed-Fed-LS)提供了加固率的趋同,同时统一地标注非IID的数据,揭示了有效度度度度度的平滑度梯度的实用性改进办法,同时展示SMANSLIF的亚级和变换式系统。
相关内容
微信扫码咨询专知VIP会员