Secure federated learning is a privacy-preserving framework to improve machine learning models by training over large volumes of data collected by mobile users. This is achieved through an iterative process where, at each iteration, users update a global model using their local datasets. Each user then masks its local model via random keys, and the masked models are aggregated at a central server to compute the global model for the next iteration. As the local models are protected by random masks, the server cannot observe their true values. This presents a major challenge for the resilience of the model against adversarial (Byzantine) users, who can manipulate the global model by modifying their local models or datasets. Towards addressing this challenge, this paper presents the first single-server Byzantine-resilient secure aggregation framework (BREA) for secure federated learning. BREA is based on an integrated stochastic quantization, verifiable outlier detection, and secure model aggregation approach to guarantee Byzantine-resilience, privacy, and convergence simultaneously. We provide theoretical convergence and privacy guarantees and characterize the fundamental trade-offs in terms of the network size, user dropouts, and privacy protection. Our experiments demonstrate convergence in the presence of Byzantine users, and comparable accuracy to conventional federated learning benchmarks.
翻译:安全联邦学习是通过对移动用户收集的大量数据进行培训来改进机器学习模型的隐私保护框架,通过对移动用户收集的大量数据进行培训来改进机器学习模型。这是通过迭代过程实现的。 在每个迭代中,用户用当地数据集更新全球模型。 每个用户然后用随机键遮盖其本地模型,并将掩罩模型集中在一个中央服务器上,以计算下一个迭代的全球模型。由于当地模型受到随机掩码的保护,服务器无法遵守其真实价值。这对模型对敌对(Byzantine)用户的复原力构成重大挑战,这些用户可以通过修改其本地模型或数据集来操纵全球模型。为了应对这一挑战,本文介绍了第一个单一服务器Byzantine-Relient安全聚合框架(BREA),用于安全再迭代学习。 BRAE基于一个综合的随机测量、可核查外部检测和安全的模型汇总方法,以保障Byzantine- relience、隐私和趋同性方法。我们提供理论融合和隐私的理论保证,并在用户的网络规模、基准和基准中描述基本贸易趋同率、用户的学习标准。
相关内容
微信扫码咨询专知VIP会员