CN112016697A - Method, device and equipment for federated learning and storage medium - Google Patents

Method, device and equipment for federated learning and storage medium Download PDF

Info

Publication number
CN112016697A
CN112016697A CN202010880973.4A CN202010880973A CN112016697A CN 112016697 A CN112016697 A CN 112016697A CN 202010880973 A CN202010880973 A CN 202010880973A CN 112016697 A CN112016697 A CN 112016697A
Authority
CN
China
Prior art keywords
sample
training
sample data
encoder
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010880973.4A
Other languages
Chinese (zh)
Inventor
张天豫
范力欣
吴锦和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202010880973.4A priority Critical patent/CN112016697A/en
Publication of CN112016697A publication Critical patent/CN112016697A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Abstract

The invention provides a method, a device, equipment and a storage medium for federated learning. The labels among the sample classes which are orthogonal with each other are used for inducing the corresponding codes output by the preset encoder, so that the distance among the codes corresponding to the sample classes output by the preset encoder is maximized, the trained encoder can accurately detect the anti-attack samples, and the problem that the federal learning model is attacked by the anti-attack samples and cannot work normally in the prior art can be solved.

Description

Method, device and equipment for federated learning and storage medium
Technical Field
The invention relates to the field of financial technology (Fintech), in particular to a method, a device, equipment and a storage medium for Federation learning.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies. In the field of financial science and technology, many financial strategies are adjusted according to the result of federal learning on a large amount of financial transaction data, however, the corresponding adjustment of the financial strategies affects the profit and loss of financial institutions to some extent, so that the safety of the financial institutions in the process of federal learning training is very important.
Currently, in the federal learning training process, each participant usually trains a local federal learning model by using a respective training sample to obtain a trained federal learning model. For example, in the federal learning training, a plurality of participants use financial transaction data of the same data type to train an initial federal learning model to obtain a federal learning model (such as a classification model, a language model, etc.) of the same model structure. However, if at least one of the plurality of participants uses the attack-resisting sample to attack the federal learning model of at least one of the other participants, the federal learning model of at least one of the other participants cannot work normally, and thus the attacked participants are seriously damaged.
In summary, there is a need for a federated learning method for improving the ability of a federated learning model to detect an attack-resisting sample, so as to solve the problem that the federated learning model cannot work normally due to the attack of the attack-resisting sample in the prior art.
Disclosure of Invention
The invention provides a federated learning method, a federated learning device, federated learning equipment and a storage medium, which are used for improving the ability of a federated learning model to detect an attack resisting sample and solving the problem that the federated learning model is attacked by the attack resisting sample and cannot work normally in the prior art.
In a first aspect, the present invention provides a method for federated learning, comprising:
a participant acquires a first training sample data set; labels among different sample classes in the first training sample data set are mutually orthogonal;
the participant inputs the training samples in the first training sample data set to a preset encoder for result induction training to obtain a trained encoder;
and the participant inputs new sample data into the trained encoder for identification, and determines the new sample data as an attack resisting sample or a normal sample.
In the above technical solution, the trained encoder is obtained by inputting the training samples in the first training sample data set to the preset encoder for result induction training, that is, the labels between the sample classes in the same training sample data set that are orthogonal to each other are used to induce the corresponding codes output by the preset encoder, so that the distance between the sample classes can be maximized, and the sample class characteristics corresponding to the sample classes output by the preset encoder are close to the labels corresponding to the sample classes, that is, the distance between the codes corresponding to the sample classes output by the preset encoder can be maximized, and the trained encoder can be helpful to identify the sample classes more accurately, and when inputting new sample data to the trained encoder for identification, the new sample data can be accurately and efficiently determined as an anti-attack sample or a normal sample, therefore, the trained encoder can detect the anti-attack samples more efficiently and accurately, the capability of the encoder in the federated learning model for detecting the anti-attack samples can be improved, the anti-attack samples can be prevented from attacking the federated learning model to cause the federated learning model to work normally, and the problem that the anti-attack samples are used for attacking the federated learning model to cause the federated learning model to work normally in the prior art can be solved.
Optionally, the method for performing result-oriented training by inputting the training samples in the first training sample data set to a preset encoder by the participant to obtain a trained encoder includes:
the participant inputs the training samples in the first training sample data set to the preset encoder to obtain codes corresponding to all sample types;
the participant sends the difference values of the codes and the labels corresponding to the sample categories to a coordinator, so that the coordinator performs weighted average processing on the difference values of the same sample category in the sample categories of the participants to obtain a first difference value of each sample category;
the participants acquire first difference values of the sample categories sent by the coordinator;
and the participants use the first difference values of all the sample categories to carry out federal learning training until the preset encoder converges, so that the trained encoder is obtained.
In the above technical solution, the training samples in the first training sample data set are input to a preset encoder to obtain the codes corresponding to each sample category, that is, the sample category features corresponding to each sample category can be extracted, then the sample category features corresponding to each sample category and the labels corresponding to each sample category are subjected to subtraction processing, support can be provided for the sample category features corresponding to each sample category output by the encoder and the labels corresponding to each sample category to be close to each other, then the codes corresponding to each sample category and the difference values of the labels are sent to the coordinator, so that the coordinator performs weighted average processing on the difference values of the same sample category in a plurality of sample categories sent by a plurality of participants to obtain the first difference values of each sample category, and the first difference values of each sample category are shared to the plurality of participants, thereby alleviating the situation that the federal learning model brought by the training sample data sets distributed independently and the same as a plurality of participants is concerned, which can be alleviated The effect of the decline in type training results. And then, the multiple participants respectively use the first difference values of the sample classes to carry out federated learning training until the preset encoder converges, so that a trained encoder is obtained, and support can be provided for more accurately identifying the sample classes or more efficiently and accurately detecting the attack resisting samples.
Optionally, the performing, by the participant, federal learning training using the first difference values of the respective sample classes until the preset encoder converges, to obtain the trained encoder, including:
the participant sequentially uses the preset encoder and the preset decoder to process the first difference value of each sample type to obtain the decoded data of each sample type;
the participant performs loss calculation on the decoded data of each sample class and the training samples of each sample class to determine the decoded data of each sample class and the loss value of the training samples of each sample class;
and the participator updates the model parameters in the preset encoder and the preset decoder according to the decoded data of each sample class, the loss value of the training sample of each sample class and the first difference value of each sample class until the preset encoder and the preset decoder converge, so as to obtain the trained encoder and the trained decoder.
In the above technical solution, loss calculation is performed on the decoded data of each sample class and the training samples of each sample class, loss values of the decoded data of each sample class and the training samples of each sample class are determined, and according to the decoded data of each sample class, the loss values of the training samples of each sample class and the first difference value of each sample class, model parameters in a preset encoder and a preset decoder are updated until the preset encoder and the preset decoder converge, so that the trained encoder and the trained decoder are obtained, and support can be provided for more accurately identifying each sample class or more efficiently and accurately detecting anti-attack samples.
Optionally, the method for determining whether the new sample data is an attack-resistant sample or a normal sample includes:
and the participant inputs the new sample data into the trained encoder to obtain the code of the new sample data, compares the code of the new sample data with the labels of all sample classes, and determines that the new sample data is an anti-attack sample or a normal sample.
In the technical scheme, the new sample data is input into the trained encoder, the sample category characteristics corresponding to the new sample data are extracted, and the sample category characteristics corresponding to the new sample data are compared with the labels of all sample categories, so that the new sample data can be judged to be the anti-attack sample or the normal sample more quickly and accurately according to the comparison result.
Optionally, the comparing the encoding of the new sample data with the labels of the sample classes, and determining that the new sample data is an attack-resistant sample or a normal sample includes:
the participant performs difference calculation on the code of the new sample data and the label of each sample class to determine a plurality of difference values between the code of the new sample data and the label of each sample class;
if the plurality of difference values are all larger than or equal to a preset threshold value, determining the new sample data as the anti-attack sample;
and if at least one difference value of the plurality of difference values is smaller than the preset threshold value, determining the new sample data as the normal sample.
In the above technical solution, a plurality of difference values between the code of the new sample data and the label of each sample category are determined by performing difference calculation on the code of the new sample data and the label of each sample category, and the plurality of difference values are compared with a preset threshold, if the plurality of difference values are all greater than or equal to the preset threshold, the new sample data is determined as an attack-resistant sample, and if at least one difference value of the plurality of difference values is smaller than the preset threshold, the new sample data is determined as a normal sample, so that the sample attribute (attack-resistant sample or normal sample) of the new sample data can be identified more quickly and accurately.
Optionally, before the participant sends the difference between the codes and the labels corresponding to the respective sample categories to the coordinator, the method further includes:
the participants establish a communication channel with the coordinator;
the participant sends the difference value of the code and the label corresponding to each sample category to a coordinator, and the method comprises the following steps:
and the participant sends the difference value of the codes and the labels corresponding to the sample categories to the coordinator through the communication channel.
According to the technical scheme, the communication channel is established between the participant and the coordinator, so that data transmission can be performed between the participant and the coordinator more quickly and efficiently.
Optionally, the sample class of training sample markers in the first training sample data set is the same as the sample class of training sample markers in the second training sample data set; the label of the sample class mark in the first training sample data set and the label of the sample class mark in the second training sample data set are both binary codes; labels among sample classes in the second training sample data set are mutually orthogonal; the second training sample data set is a training sample data set of other participants.
In a second aspect, the present invention provides a bang learning device, comprising:
the acquisition unit is used for acquiring a first training sample data set; labels among different sample classes in the first training sample data set are mutually orthogonal;
the processing unit is used for inputting the training samples in the first training sample data set into a preset encoder to perform result induction training to obtain a trained encoder; inputting new sample data into the trained encoder for identification, and determining the new sample data as an anti-attack sample or a normal sample.
Optionally, the processing unit is specifically configured to:
inputting the training samples in the first training sample data set to the preset encoder to obtain codes corresponding to all sample classes;
sending the difference values of the codes and the labels corresponding to the sample categories to a coordinator, so that the coordinator performs weighted average processing on the difference values of the same sample category in the sample categories of the participants to obtain first difference values of the sample categories;
obtaining a first difference value of each sample type sent by the coordinator;
and performing federated learning training by using the first difference values of the sample classes until the preset encoder converges to obtain the trained encoder.
Optionally, the processing unit is specifically configured to:
processing the first difference values of the sample classes by using the preset encoder and the preset decoder in sequence to obtain decoded data of the sample classes;
performing loss calculation on the decoded data of each sample class and the training samples of each sample class to determine loss values of the decoded data of each sample class and the training samples of each sample class;
updating the model parameters in the preset encoder and the preset decoder according to the decoded data of each sample class, the loss value of the training sample of each sample class and the first difference value of each sample class until the preset encoder and the preset decoder converge, so as to obtain the trained encoder and the trained decoder.
Optionally, the processing unit is specifically configured to:
and inputting the new sample data into the trained encoder to obtain the code of the new sample data, comparing the code of the new sample data with the label of each sample type, and determining that the new sample data is an anti-attack sample or a normal sample.
Optionally, the processing unit is specifically configured to:
performing difference calculation on the code of the new sample data and the label of each sample class, and determining a plurality of difference values between the code of the new sample data and the label of each sample class;
if the plurality of difference values are all larger than or equal to a preset threshold value, determining the new sample data as the anti-attack sample;
and if at least one difference value of the plurality of difference values is smaller than the preset threshold value, determining the new sample data as the normal sample.
Optionally, the processing unit is further configured to:
before the difference value of the codes and the labels corresponding to the sample categories is sent to a coordinator, a communication channel with the coordinator is established;
the processing unit is specifically configured to:
and sending the difference value of the code and the label corresponding to each sample type to the coordinator through the communication channel.
Optionally, the sample class of training sample markers in the first training sample data set is the same as the sample class of training sample markers in the second training sample data set; the label of the sample class mark in the first training sample data set and the label of the sample class mark in the second training sample data set are both binary codes; labels among sample classes in the second training sample data set are mutually orthogonal; the second training sample data set is a training sample data set of other participants.
In a third aspect, the invention provides a computing device comprising:
a memory for storing a computer program;
and the processor is used for calling the computer program stored in the memory and executing the federal learning method according to the obtained program.
In a fourth aspect, the present invention provides a computer-readable storage medium having stored thereon a computer-executable program for causing a computer to execute a federated learning method.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a federated learning method provided in the embodiment of the present invention;
fig. 3 is a schematic diagram of an encoder and a decoder according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a bang learning device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a system architecture provided in an embodiment of the present invention. As shown in fig. 1, the system architecture may be a server 100 including a processor 110, a communication interface 120, and a memory 130.
The communication interface 120 is used for communicating with a terminal device, and transceiving information transmitted by the terminal device to implement communication.
The processor 110 is a control center of the server 100, connects various parts of the entire server 100 using various interfaces and lines, performs various functions of the server 100 and processes data by running or executing software programs and/or modules stored in the memory 130 and calling data stored in the memory 130. Alternatively, processor 110 may include one or more processing units.
The memory 130 may be used to store software programs and modules, and the processor 110 executes various functional applications and data processing by operating the software programs and modules stored in the memory 130. The memory 130 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to a business process, and the like. Further, the memory 130 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 exemplarily shows a flow of a federated learning method provided in an embodiment of the present invention, where the flow may be executed by a federated learning apparatus.
As shown in fig. 2, the process specifically includes:
in step 201, a participant acquires a first training sample data set.
In an embodiment of the invention, the first set of training sample data of a participant or the second set of training sample data of other participants may comprise training sample data of different classes. Wherein the sample class of the training sample markers in the first training sample data set is the same as the sample class of the training sample markers in the second training sample data set of other participants; the label of the sample class mark in the first training sample data set and the label of the sample class mark in the second training sample data set are both binary codes; labels among different sample classes in the first training sample data set are mutually orthogonal; the labels between sample classes in the second training sample data set are mutually orthogonal.
It should be noted that any participant in the plurality of participants may mark each sample category with a label using mutually orthogonal binary codes (1, …, -1).
Step 202, the participant inputs the training samples in the first training sample data set to a preset encoder for result induction training, and a trained encoder is obtained.
In the embodiment of the present invention, as shown in fig. 3, a participant inputs training samples in a first training sample data set to the encoder in fig. 3 for data encoding, so as to obtain codes corresponding to each sample type, that is, a sample type feature corresponding to each sample type in the first training sample data set can be extracted by the encoder. And then the difference values of the codes and the labels corresponding to the sample categories are sent to a coordinator, so that the coordinator can perform weighted average processing on the difference values of the same sample category in the sample categories of the participants, and a first difference value of each sample category is obtained. And then the participant acquires the first difference value of each sample type sent by the coordinator, and processes the first difference value of each sample type by using a preset encoder and a preset decoder in sequence to obtain the decoded data of each sample type. And then, performing loss calculation on the decoded data of each sample class and the training samples of each sample class to determine the loss value of the decoded data of each sample class and the training samples of each sample class. And finally, updating model parameters in a preset encoder and a preset decoder according to the decoded data of each sample class, the loss value of the training sample of each sample class and the first difference value of each sample class until the preset encoder and the preset decoder converge, so as to obtain the trained encoder and the trained decoder. Wherein the decoded data of each sample class should be close to the training samples of each sample class.
Specifically, the participant induces (e.g., performs subtraction processing, etc.) the codes corresponding to the sample classes output by the local encoder from the first training sample data set, so that the codes corresponding to the sample classes output by the local encoder are as close as possible to the labels corresponding to the sample classes. For example, in a certain classification task, the code output by the local encoder of a training sample belonging to a class M is a 64-dimensional vector M, and the vector M can be made as close to M as possible by inducing the vector M. Before the difference values of the codes and the labels corresponding to the sample categories are sent to the coordinator, the participants establish a communication channel with the coordinator, and then send the difference values of the codes and the labels corresponding to the sample categories to the coordinator through the communication channel.
After receiving the difference values of the codes and the labels corresponding to the sample categories sent by the multiple participants, the coordinator performs weighted average processing on the difference values of the same sample category in the multiple sample categories of the multiple participants, so that the first difference values of the sample categories can be obtained. For example, there are three participants A, B, C, each participant has the same three sample categories a, B, and C, after receiving the differences between the codes and the labels corresponding to the three sample categories sent by the three participants, the coordinator performs weighted average processing on the differences between the codes and the labels corresponding to the sample category a in the participant a, the participant B, and the participant C, to obtain a first difference of the category a, and so on, may obtain a first difference of the sample category B and a first difference of the sample category C. And then, the first difference value of the sample class a, the first difference value of the sample class B and the first difference value of the sample class C are respectively sent to the participant A, the participant B and the participant C, so that the sharing of the first difference value of the sample class a, the first difference value of the sample class B and the first difference value of the sample class C by the participant A, the participant B and the participant C is realized, that is, the sharing of the codes output by each participant in a local encoder is realized. The first difference is a value obtained by performing weighted average on the differences of the codes and the labels corresponding to the same sample class of a plurality of participants.
In addition, after the participant acquires the first difference value of each sample class sent by the coordinator, the participant sequentially uses a preset encoder and a preset decoder to process the first difference value of each sample class, so as to obtain decoded data of each sample class. And performing loss calculation on the decoded data of each sample class and the training samples of each sample class, determining the loss value of the decoded data of each sample class and the training samples of each sample class, recording the loss value as x, and recording the loss value as y by adding the first difference value of each sample class, so that the total loss value of the encoder and the decoder is x + y, and updating the model parameters in the preset encoder and the preset decoder by using the total loss value until the preset encoder and the preset decoder are reached, thereby obtaining the trained encoder and decoder.
Step 203, the participant inputs new sample data into the trained encoder for identification, and determines that the new sample data is an attack-resisting sample or a normal sample.
In the embodiment of the invention, after the trained encoder is obtained, new sample data is input into the trained encoder to obtain the code of the new sample data, difference calculation is carried out on the code of the new sample data and the label of each sample class, and a plurality of difference values between the code of the new sample data and the label of each sample class are determined. And if the plurality of difference values are all larger than or equal to a preset threshold value, determining the new sample data as the anti-attack sample. And if at least one difference value of the plurality of difference values is smaller than a preset threshold value, determining that the new sample data is a normal sample. The preset threshold value may be set according to results obtained from experience or multiple experiments.
Specifically, after a trained encoder is obtained, for any participant, new sample data is input into the encoder to obtain a code of the new sample data, and the code of the new sample data and the label of each sample category are subjected to vector angle calculation or Euclidean distance (or Manhattan distance and the like) calculation, so that a plurality of angle difference values or a plurality of distance difference values can be calculated, and if the calculated angle difference values or the calculated distance difference values are all larger than or equal to a preset threshold value, the new sample data is determined to be an anti-attack sample; and if at least one difference value in the calculated multiple included angle difference values or multiple distance difference values is smaller than a preset threshold value, determining that the new sample data is a normal sample.
The above embodiment shows that, a trained encoder is obtained by inputting training samples in a first training sample data set to a preset encoder for result induction training, that is, labels between sample classes in the same training sample data set which are orthogonal to each other are used for inducing corresponding codes output by the preset encoder, so that the distance between the sample classes can be maximized, and the sample class characteristics corresponding to the sample classes output by the preset encoder are close to the labels corresponding to the sample classes, that is, the distance between the codes corresponding to the sample classes output by the preset encoder is maximized, so that the trained encoder can more accurately identify the sample classes, and when new sample data is input to the trained encoder for identification, the new sample data can be accurately and efficiently determined as an anti-attack sample or a normal sample, the trained encoder can detect the anti-attack samples more efficiently and accurately, and can improve the capability of the encoder in the federated learning model for detecting the anti-attack samples, so that the anti-attack samples can be prevented from attacking the federated learning model to cause the federated learning model to work normally, and the problem that the anti-attack samples are used for attacking the federated learning model to cause the federated learning model to work normally in the prior art can be solved.
Based on the same technical concept, fig. 4 exemplarily shows a federated learning apparatus provided in an embodiment of the present invention, which may execute a flow of the federated learning method.
As shown in fig. 4, the apparatus includes:
an obtaining unit 401, configured to obtain a first training sample data set; labels among different sample classes in the first training sample data set are mutually orthogonal;
a processing unit 402, configured to input training samples in the first training sample data set to a preset encoder for result-induced training, so as to obtain a trained encoder; inputting new sample data into the trained encoder for identification, and determining the new sample data as an anti-attack sample or a normal sample.
Optionally, the processing unit 402 is specifically configured to:
inputting the training samples in the first training sample data set to the preset encoder to obtain codes corresponding to all sample classes;
sending the difference values of the codes and the labels corresponding to the sample categories to a coordinator, so that the coordinator performs weighted average processing on the difference values of the same sample category in the sample categories of the participants to obtain first difference values of the sample categories;
obtaining a first difference value of each sample type sent by the coordinator;
and performing federated learning training by using the first difference values of the sample classes until the preset encoder converges to obtain the trained encoder.
Optionally, the processing unit 402 is specifically configured to:
processing the first difference values of the sample classes by using the preset encoder and the preset decoder in sequence to obtain decoded data of the sample classes;
performing loss calculation on the decoded data of each sample class and the training samples of each sample class to determine loss values of the decoded data of each sample class and the training samples of each sample class;
updating the model parameters in the preset encoder and the preset decoder according to the decoded data of each sample class, the loss value of the training sample of each sample class and the first difference value of each sample class until the preset encoder and the preset decoder converge, so as to obtain the trained encoder and the trained decoder.
Optionally, the processing unit 402 is specifically configured to:
and inputting the new sample data into the trained encoder to obtain the code of the new sample data, comparing the code of the new sample data with the label of each sample type, and determining that the new sample data is an anti-attack sample or a normal sample.
Optionally, the processing unit 402 is specifically configured to:
performing difference calculation on the code of the new sample data and the label of each sample class, and determining a plurality of difference values between the code of the new sample data and the label of each sample class;
if the plurality of difference values are all larger than or equal to a preset threshold value, determining the new sample data as the anti-attack sample;
and if at least one difference value of the plurality of difference values is smaller than the preset threshold value, determining the new sample data as the normal sample.
Optionally, the processing unit 402 is further configured to:
before the difference value of the codes and the labels corresponding to the sample categories is sent to a coordinator, a communication channel with the coordinator is established;
the processing unit 402 is specifically configured to:
and sending the difference value of the code and the label corresponding to each sample type to the coordinator through the communication channel.
Optionally, the sample class of training sample markers in the first training sample data set is the same as the sample class of training sample markers in the second training sample data set; the label of the sample class mark in the first training sample data set and the label of the sample class mark in the second training sample data set are both binary codes; labels among sample classes in the second training sample data set are mutually orthogonal; the second training sample data set is a training sample data set of other participants.
Based on the same technical concept, an embodiment of the present invention provides a computing device, including:
a memory for storing a computer program;
and the processor is used for calling the computer program stored in the memory and executing the federal learning method according to the obtained program.
Based on the same technical concept, an embodiment of the present invention provides a computer-readable storage medium storing a computer-executable program for causing a computer to execute a federal learning method.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present application and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A method for federated learning, comprising:
a participant acquires a first training sample data set; labels among different sample classes in the first training sample data set are mutually orthogonal;
the participant inputs the training samples in the first training sample data set to a preset encoder for result induction training to obtain a trained encoder;
and the participant inputs new sample data into the trained encoder for identification, and determines the new sample data as an attack resisting sample or a normal sample.
2. The method of claim 1, wherein the participant inputs training samples in the first set of training sample data to a preset encoder for result-induced training, resulting in a trained encoder, comprising:
the participant inputs the training samples in the first training sample data set to the preset encoder to obtain codes corresponding to all sample types;
the participant sends the difference values of the codes and the labels corresponding to the sample categories to a coordinator, so that the coordinator performs weighted average processing on the difference values of the same sample category in the sample categories of the participants to obtain a first difference value of each sample category;
the participants acquire first difference values of the sample categories sent by the coordinator;
and the participants use the first difference values of all the sample categories to carry out federal learning training until the preset encoder converges, so that the trained encoder is obtained.
3. The method of claim 2, wherein the participant performs federated learning training using the first difference values for the respective sample classes until the pre-set encoder converges, resulting in the trained encoder, comprising:
the participant sequentially uses the preset encoder and the preset decoder to process the first difference value of each sample type to obtain the decoded data of each sample type;
the participant performs loss calculation on the decoded data of each sample class and the training samples of each sample class to determine the decoded data of each sample class and the loss value of the training samples of each sample class;
and the participator updates the model parameters in the preset encoder and the preset decoder according to the decoded data of each sample class, the loss value of the training sample of each sample class and the first difference value of each sample class until the preset encoder and the preset decoder converge, so as to obtain the trained encoder and the trained decoder.
4. The method of claim 1, wherein the participant inputs new sample data into the trained encoder for identification, and wherein determining the new sample data as either attack-resistant samples or normal samples comprises:
and the participant inputs the new sample data into the trained encoder to obtain the code of the new sample data, compares the code of the new sample data with the labels of all sample classes, and determines that the new sample data is the anti-attack sample or the normal sample.
5. The method of claim 4, wherein said comparing the encoding of the new sample data with the labels of the respective sample classes, determining that the new sample data is an attack-resistant sample or a normal sample, comprises:
the participant performs difference calculation on the code of the new sample data and the label of each sample class to determine a plurality of difference values between the code of the new sample data and the label of each sample class;
if the plurality of difference values are all larger than or equal to a preset threshold value, determining the new sample data as the anti-attack sample;
and if at least one difference value of the plurality of difference values is smaller than the preset threshold value, determining the new sample data as the normal sample.
6. The method of claim 2, wherein before the participant sends the difference between the code and the label corresponding to each sample category to the coordinator, further comprising:
the participants establish a communication channel with the coordinator;
the participant sends the difference value of the code and the label corresponding to each sample category to a coordinator, and the method comprises the following steps:
and the participant sends the difference value of the codes and the labels corresponding to the sample categories to the coordinator through the communication channel.
7. The method of any of claims 1 to 6, wherein the sample classes of training sample labels in the first training sample data set are the same as the sample classes of training sample labels in the second training sample data set; the label of the sample class mark in the first training sample data set and the label of the sample class mark in the second training sample data set are both binary codes; labels among sample classes in the second training sample data set are mutually orthogonal; the second training sample data set is a training sample data set of other participants.
8. The utility model provides a bang learning device which characterized in that includes:
the acquisition unit is used for acquiring a first training sample data set; labels among different sample classes in the first training sample data set are mutually orthogonal;
the processing unit is used for inputting the training samples in the first training sample data set into a preset encoder to perform result induction training to obtain a trained encoder; inputting new sample data into the trained encoder for identification, and determining the new sample data as an anti-attack sample or a normal sample.
9. A computing device, comprising:
a memory for storing a computer program;
a processor for calling a computer program stored in said memory, for executing the method of any one of claims 1 to 7 in accordance with the obtained program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer-executable program for causing a computer to execute the method of any one of claims 1 to 7.
CN202010880973.4A 2020-08-27 2020-08-27 Method, device and equipment for federated learning and storage medium Pending CN112016697A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010880973.4A CN112016697A (en) 2020-08-27 2020-08-27 Method, device and equipment for federated learning and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010880973.4A CN112016697A (en) 2020-08-27 2020-08-27 Method, device and equipment for federated learning and storage medium

Publications (1)

Publication Number Publication Date
CN112016697A true CN112016697A (en) 2020-12-01

Family

ID=73503813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010880973.4A Pending CN112016697A (en) 2020-08-27 2020-08-27 Method, device and equipment for federated learning and storage medium

Country Status (1)

Country Link
CN (1) CN112016697A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112529101A (en) * 2020-12-24 2021-03-19 深圳前海微众银行股份有限公司 Method and device for training classification model, electronic equipment and storage medium
CN112598139A (en) * 2020-12-22 2021-04-02 百度在线网络技术(北京)有限公司 Category coding method, category coding device, category coding apparatus, storage medium, and program product
CN113240021A (en) * 2021-05-19 2021-08-10 推想医疗科技股份有限公司 Method, device and equipment for screening target sample and storage medium
CN113726823A (en) * 2021-11-03 2021-11-30 清华大学 Defense method, defense device, electronic equipment and storage medium
CN115134114A (en) * 2022-05-23 2022-09-30 清华大学 Longitudinal federated learning attack defense method based on discrete confusion self-encoder
CN112529101B (en) * 2020-12-24 2024-05-14 深圳前海微众银行股份有限公司 Classification model training method and device, electronic equipment and storage medium

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112598139A (en) * 2020-12-22 2021-04-02 百度在线网络技术(北京)有限公司 Category coding method, category coding device, category coding apparatus, storage medium, and program product
CN112598139B (en) * 2020-12-22 2023-08-18 百度在线网络技术(北京)有限公司 Category encoding method, category encoding device, category encoding apparatus, category encoding device, category encoding storage medium, and category encoding program product
CN112529101A (en) * 2020-12-24 2021-03-19 深圳前海微众银行股份有限公司 Method and device for training classification model, electronic equipment and storage medium
CN112529101B (en) * 2020-12-24 2024-05-14 深圳前海微众银行股份有限公司 Classification model training method and device, electronic equipment and storage medium
CN113240021A (en) * 2021-05-19 2021-08-10 推想医疗科技股份有限公司 Method, device and equipment for screening target sample and storage medium
CN113240021B (en) * 2021-05-19 2021-12-10 推想医疗科技股份有限公司 Method, device and equipment for screening target sample and storage medium
CN113726823A (en) * 2021-11-03 2021-11-30 清华大学 Defense method, defense device, electronic equipment and storage medium
CN113726823B (en) * 2021-11-03 2022-02-22 清华大学 Defense method, defense device, electronic equipment and storage medium
WO2023077857A1 (en) * 2021-11-03 2023-05-11 清华大学 Defense method and apparatus, electronic device, and storage medium
CN115134114A (en) * 2022-05-23 2022-09-30 清华大学 Longitudinal federated learning attack defense method based on discrete confusion self-encoder
CN115134114B (en) * 2022-05-23 2023-05-02 清华大学 Longitudinal federal learning attack defense method based on discrete confusion self-encoder

Similar Documents

Publication Publication Date Title
CN112016697A (en) Method, device and equipment for federated learning and storage medium
CN110741388B (en) Confrontation sample detection method and device, computing equipment and computer storage medium
WO2020253466A1 (en) Method and device for generating test case of user interface
CN111275491A (en) Data processing method and device
CN111243601A (en) Voiceprint clustering method and device, electronic equipment and computer-readable storage medium
CN113298152B (en) Model training method, device, terminal equipment and computer readable storage medium
CN114611128B (en) Longitudinal federal learning method, device, system, equipment and storage medium
WO2022048170A1 (en) Method and apparatus for conducting human-machine conversation, computer device, and storage medium
CN111260220A (en) Group control equipment identification method and device, electronic equipment and storage medium
CN114915478A (en) Multi-Agent-based network attack scene identification method for intelligent park industrial control system based on distributed correlation analysis
CN110807291B (en) On-site situation future guiding technology based on mimicry countermeasure learning mechanism
CN115936961A (en) Steganalysis method, device and medium based on few-sample contrast learning network
CN115796156A (en) Text error correction method, device, equipment and medium
CN112738724B (en) Method, device, equipment and medium for accurately identifying regional target crowd
CN112528068A (en) Voiceprint feature storage method, voiceprint feature matching method and device and electronic equipment
CN114020640A (en) Automatic testing method and device
CN109325432B (en) Three-dimensional object identification method and equipment and computer readable storage medium
CN112668639A (en) Model training method and device, server and storage medium
CN116010804B (en) Internet of things equipment small sample identification method based on deep learning and knowledge migration
CN111346372A (en) Game login loading method and device based on data backup and server
CN111783655A (en) Image processing method and device, electronic equipment and storage medium
CN107066824B (en) Active fault detection method based on wet end of paper machine
CN113139187B (en) Method and device for generating and detecting pre-training language model
CN109995756B (en) Online single-classification active machine learning method for information system intrusion detection
CN112379922B (en) Program comparison method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination