<p>Although federated learning prevents direct exposure of user data during training, numerous studies have demonstrated its vulnerability to security threats. Federated learning faces even greater risks due to its wide distribution, large number of users, and uncontrollable local data. Attackers can launch inference attacks to deduce users’ information from local model gradients. Furthermore, some malicious participants may launch poisoning attacks by tampering with local data or model updates. How to identify poisoning attacks while preserving user privacy in federated learning remains a major challenge, especially when the proportion of Byzantine clients is greater than or equal to 50%, which makes defense strategies harder to design. To address these challenges, we propose a robust federated learning aggregation scheme TCFL based on two-trapdoor homomorphic encryption. TCFL can preserve update privacy and prevent key leakage, and it can identify encrypted malicious gradients using a maximum clique filtering mechanism based on Euclidean distance. We provide convergence and security analyses of the scheme, and conduct extensive experiments on three benchmark image-classification datasets under multiple data and model poisoning attacks with attacker ratios ranging from 0% to 90%. The results show that, under these evaluated settings, TCFL maintains higher test accuracy and robustness than existing aggregation rules while retaining acceptable computational overhead.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

TCFL: Trapdoor homomorphic encryption based federated learning aggregator with filter

  • Xiaodong Shen,
  • Yu Jia,
  • Chang Xu,
  • Liehuang Zhu

摘要

Although federated learning prevents direct exposure of user data during training, numerous studies have demonstrated its vulnerability to security threats. Federated learning faces even greater risks due to its wide distribution, large number of users, and uncontrollable local data. Attackers can launch inference attacks to deduce users’ information from local model gradients. Furthermore, some malicious participants may launch poisoning attacks by tampering with local data or model updates. How to identify poisoning attacks while preserving user privacy in federated learning remains a major challenge, especially when the proportion of Byzantine clients is greater than or equal to 50%, which makes defense strategies harder to design. To address these challenges, we propose a robust federated learning aggregation scheme TCFL based on two-trapdoor homomorphic encryption. TCFL can preserve update privacy and prevent key leakage, and it can identify encrypted malicious gradients using a maximum clique filtering mechanism based on Euclidean distance. We provide convergence and security analyses of the scheme, and conduct extensive experiments on three benchmark image-classification datasets under multiple data and model poisoning attacks with attacker ratios ranging from 0% to 90%. The results show that, under these evaluated settings, TCFL maintains higher test accuracy and robustness than existing aggregation rules while retaining acceptable computational overhead.