摘要
联邦学习作为一种分布式学习框架,可以在保证各客户端本地数据安全的前提下共同训练一个全局模型。但在联邦学习过程中,存在恶意的参与方会提交错误的更新来阻止模型收敛,或者通过投毒攻击使模型的拟合偏离正常方向。传统的主观逻辑防御机制考虑的是互动频率、互动时间及互相之间的影响,而忽略了多源数据对信誉评价结果的影响。针对此问题,提出一种基于多权重主观逻辑的联邦学习攻击防御机制。该机制通过Shapley值计算客户端的贡献度,并从可信度、贡献度和新鲜度3方面对联邦学习中客户端的信誉进行评价。同时,通过引入区块链技术存储参数进一步提高模型的安全性。实验结果表明,在多源数据下,该机制能够准确识别投毒攻击并进行防御,同时保留较好的模型性能。
Federated learning,as a distributed learning framework,can jointly participate in training a global model while ensuring the local data security of each client.However,in the federation learning process,there exist malicious participants who submit wrong updates to prevent the convergence of the model or make the model fit deviate from the normal direction by poisoning attacks.The traditional subjective logic defense mechanism considers the frequency of interaction,the time of interaction and the influence on each other,ignoring the influence of multiple sources of data on the reputation evaluation results.To address this problem,this paper proposes a federal learning attack defense mechanism based on multi-weighted subjective logic.The mechanism calculates the client′s contribution by Shapley value and evaluates the client′s reputation in federation learning in three aspects:trustworthiness,contribution and freshness.Meanwhile,the security of the model is further improved by introducing blockchain technology to store the parameters.The experimental results show that the algorithm in this paper can accurately identify and defend against poisoning attacks under multi-source data,while retaining high model performance.
作者
裴浪涛
陈学斌
翟冉
PEI Langtao;CHEN Xuebin;ZHAI Ran(College of Science,North China University of Science and Technology;Hebei Key Laboratory of Data Science and Application;Tangshan Key Laboratory of Data Science,Tangshan 063210,China)
出处
《软件导刊》
2024年第5期123-129,共7页
Software Guide
基金
国家自然科学基金项目(U20A20179)。
