CN116777014A - Federal learning model training method, device and storage medium based on label protection - Google Patents
Federal learning model training method, device and storage medium based on label protection Download PDFInfo
- Publication number
- CN116777014A CN116777014A CN202310764038.5A CN202310764038A CN116777014A CN 116777014 A CN116777014 A CN 116777014A CN 202310764038 A CN202310764038 A CN 202310764038A CN 116777014 A CN116777014 A CN 116777014A
- Authority
- CN
- China
- Prior art keywords
- party
- classification
- feature extraction
- loss function
- extraction data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012549 training Methods 0.000 title claims abstract description 119
- 238000000034 method Methods 0.000 title claims abstract description 84
- 238000003860 storage Methods 0.000 title claims abstract description 14
- 238000000605 extraction Methods 0.000 claims abstract description 243
- 230000006870 function Effects 0.000 claims abstract description 189
- 238000012545 processing Methods 0.000 claims abstract description 107
- 238000013145 classification model Methods 0.000 claims abstract description 44
- 230000009467 reduction Effects 0.000 claims description 33
- 238000009826 distribution Methods 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 21
- 230000001965 increasing effect Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 7
- 230000004931 aggregating effect Effects 0.000 claims description 3
- 238000011946 reduction process Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 31
- 230000000295 complement effect Effects 0.000 abstract description 14
- 238000004891 communication Methods 0.000 description 6
- 230000003247 decreasing effect Effects 0.000 description 6
- 238000013058 risk prediction model Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000011176 pooling Methods 0.000 description 4
- 230000002776 aggregation Effects 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 3
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000006116 polymerization reaction Methods 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 238000012935 Averaging Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012847 principal component analysis method Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Landscapes
- Image Analysis (AREA)
Abstract
The invention discloses a federal learning model training method, equipment, a storage medium and a program product based on label protection, wherein the method comprises the following steps: the first participant device receives second party characteristic extraction data sent by the second participant device; classifying by adopting a classification model based on the second party characteristic extraction data to obtain a classification result corresponding to the training sample, and determining a classification loss function according to the classification result and a classification label corresponding to the training sample; performing dimension processing on the classified label and the second party feature extraction data, and determining a first decorrelation loss function based on the classified label and the second party feature extraction data after dimension processing; and determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function. The invention reduces the influence on the joint modeling effect while defending the model complement attack.
Description
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a federal learning model training method, a federal learning model training device, a federal learning model training storage medium and a federal learning model training program product based on label protection.
Background
Longitudinal federal learning is used for solving the problem of data island of business model built by multiparty union in the financial field. The application scene of longitudinal federal learning is the situation that users of all the participants overlap more and features overlap less, and different participants have information of different fields/different angles of the users. The model of the feature provider can learn the label discrimination information of the target scene after training is completed in the current longitudinal federal modeling scene, particularly the scene based on the deep neural network, and if a small number of homotask scene labels exist at the moment, a classification model can be obtained by utilizing the trained model, the self-contained features and a small number of labels in a fine adjustment mode. The classification model may have better effect than the classification model trained from the beginning, and may cause leakage of label information, so that hidden danger of privacy leakage is brought, and sustainability of a business model is affected. This attack is called model complement attack (model completion attack). At present, the effect of defending model complement attacks is achieved by calculating the correlation between the distance correlation decoupling intermediate result and the label, but the defending method has a larger influence on the effect of joint modeling.
Disclosure of Invention
The invention mainly aims to provide a federal learning model training method, equipment, a storage medium and a program product based on label protection, and aims to solve the technical problem that the traditional scheme for defending model complement attack has a large influence on the joint modeling effect.
To achieve the above object, the present invention provides a method for training a federal learning model based on label protection, the method being applied to a first participant device participating in longitudinal federal learning, the longitudinal federal model including a classification model deployed at the first participant device, and a second party feature extraction model deployed at a second participant device participating in longitudinal federal learning, the method comprising the steps of:
receiving second party feature extraction data sent by the second party equipment, wherein the second party feature extraction data is obtained by the second party equipment by inputting second party original feature data of a training sample into a second party feature extraction model for feature extraction;
classifying by adopting the classification model based on the second party characteristic extraction data to obtain a classification result corresponding to the training sample, and determining a classification loss function according to the classification result and a classification label corresponding to the training sample;
Performing dimension processing on the classification tag and the second party feature extraction data, and determining a first decorrelation loss function based on the dimension processed classification tag and the second party feature extraction data, wherein the dimension processing comprises performing dimension-increasing processing on the classification tag and/or performing dimension-decreasing processing on the second party feature extraction data;
and determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function.
Optionally, the step of classifying based on the second party feature extraction data by using the classification model to obtain a classification result corresponding to the training sample includes:
aggregating first party feature extraction data and the second party feature extraction data to obtain aggregate feature data, inputting the aggregate feature data into the classification model for classification, and obtaining a classification result corresponding to the training sample, wherein the first party feature extraction data is obtained by inputting first party original feature data of the training sample into the first party feature extraction model by the first party equipment for feature extraction;
Before the step of determining a total loss function from the classification loss function and the first decorrelation loss function, the method further comprises:
determining a second decorrelation loss function based on the aggregated feature data and the second party feature extraction data;
the step of determining a total loss function from the classification loss function and the first decorrelation loss function comprises:
determining a total loss function from the classification loss function, the first decorrelation loss function, and the second decorrelation loss function.
Optionally, when the dimension processing includes performing dimension reduction processing on the second party feature extraction data, the step of performing dimension reduction processing on the second party feature extraction data includes:
and carrying out coding processing on the second party feature extraction data based on a preset coder to obtain a first coding result, and taking the first coding result as second party feature extraction data after the dimension reduction processing.
Optionally, the preset encoder is an encoder in the first preset self-encoder, and before the step of encoding the second party feature extraction data based on the preset encoder to obtain a first encoding result, the method further includes:
Inputting the second party characteristic extraction data to the preset encoder for encoding processing to obtain a second encoding result;
inputting the second coding result to a decoder in the first preset self-encoder for decoding processing to obtain a reconstruction result;
and determining a self-coding loss function based on the reconstruction result and the second party characteristic extraction data, updating parameters in the preset encoder and the decoder based on the self-coding loss function, and executing the step of performing coding processing on the second party characteristic extraction data based on the preset encoder after updating the parameters to obtain a first coding result.
Optionally, the dimension of the classification tag is smaller than the dimension of the second party feature extraction data, and when the dimension processing includes performing dimension reduction processing on the second party feature extraction data, the step of performing dimension reduction processing on the second party feature extraction data includes:
and intercepting a part with the same dimension as the classification label from the second party characteristic extraction data as second party characteristic extraction data after dimension reduction processing.
Optionally, when the dimension processing includes performing dimension-increasing processing on the classification tag, the step of performing dimension-increasing processing on the classification tag includes:
And carrying out coding processing on the classification labels based on the coder in a second preset self-coder to obtain a third coding result, and taking the third coding result as the classification labels after the dimension increasing processing, wherein the second preset self-coder is a sparse self-coder.
Optionally, the dimensions of the dimension processed classification tag and the second party feature extraction data are the same, and the step of determining the first decorrelation loss function based on the dimension processed classification tag and the second party feature extraction data includes:
determining a distribution correlation between the classification tag after dimension processing and the second party feature extraction data;
a first decorrelation loss function is calculated with the aim of minimizing the distribution correlation.
In addition, in order to achieve the above object, the present invention further provides a federal learning model training apparatus based on label protection, the federal learning model training apparatus based on label protection including: the system comprises a memory, a processor and a label protection-based federal learning model training program stored on the memory and capable of running on the processor, wherein the label protection-based federal learning model training program realizes the steps of the label protection-based federal learning model training method when being executed by the processor.
In addition, in order to achieve the above object, the present invention further provides a computer readable storage medium, on which a federal learning model training program based on label protection is stored, the federal learning model training program based on label protection implementing the steps of the federal learning model training method based on label protection as described above when executed by a processor.
Furthermore, to achieve the above object, the present invention also proposes a computer program product comprising a computer program which, when executed by a processor, implements the steps of a federal learning model training method based on label protection as described above.
In the embodiment of the invention, the longitudinal federation model comprises a classification model deployed on first participant equipment and a second party feature extraction model deployed on second participant equipment participating in longitudinal federation learning, wherein the first participant equipment receives second party feature extraction data sent by the second participant equipment, and the second party feature extraction data is obtained by the second participant equipment inputting second party original feature data of a training sample into the second party feature extraction model for feature extraction; classifying by adopting a classification model based on the second party characteristic extraction data to obtain a classification result corresponding to the training sample, and determining a classification loss function according to the classification result and a classification label corresponding to the training sample; performing dimension processing on the classification tag and the second-party feature extraction data, and determining a first decorrelation loss function based on the classification tag after dimension processing and the second-party feature extraction data, wherein the dimension processing comprises dimension increasing processing on the classification tag and/or dimension decreasing processing on the second-party feature extraction data; and determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function.
In the embodiment of the invention, the first decorrelation loss function is added in the total loss function, and is determined and obtained based on the classification labels after dimension processing and the second party feature extraction data, so that the influence on the joint modeling effect is reduced while the defense model is complemented and attacked.
For the situation that the first decorrelation loss function is determined based on the classification label and the second-party feature extraction data after the dimension reduction processing, as the second-party feature extraction data after the dimension reduction processing only comprises part of information in the original second-party feature extraction data, a part of information in the original second-party feature extraction data can fully exert the value of correlation between the information and the classification label, so that the classification model can utilize the value provided by the part of information to carry out classification prediction, and further the influence on the combined modeling effect is reduced; meanwhile, as the partial information obtained after the dimension reduction processing is carried out in the original second-party feature extraction data, the first decorrelation loss function determined based on the partial information and the classification label is added in the classification loss in the process of training the longitudinal federal model, so that the correlation between the classification label and the partial information is removed or weakened, and the effect of defending the model complement attack can still be realized.
For the case of determining the first decorrelation loss function based on the second party feature extraction data and the updimensional processed class labels, the updimensional processed class labels include some additional information in addition to the information of the original class labels. Because the classification label after the dimension increasing treatment comprises the information of the original classification label, a first decorrelation loss function determined based on the second party feature extraction data and the classification label after the dimension increasing treatment is added in the classification loss in the process of training the longitudinal federal model, so that the correlation between the second party feature extraction data and the original classification label is weakened, and the effect of defending the model complement attack can be realized; meanwhile, the classification label after the dimension increasing processing also comprises some extra information, so that when the correlation between the second party feature extraction data and the original classification label is weakened, the extra information can share the weakened intensity, so that the correlation between the second party feature extraction data and the original classification label is not completely removed, and the influence on the joint modeling effect can be reduced.
For the case of determining the first decorrelation loss function based on the second-party feature extraction data after the dimension reduction processing and the classification label after the dimension increase processing, the influence on the joint modeling effect can be reduced while defending the model complement attack as well because the two cases are combined.
Drawings
FIG. 1 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a first embodiment of a federal learning model training method based on label protection according to the present invention;
FIG. 3 is a diagram of a possible longitudinal federal learning framework according to an embodiment of the present invention based on label protection federal learning model training methodology;
FIG. 4 is a diagram of a possible longitudinal federal learning framework according to an embodiment of the present invention based on label protection federal learning model training methodology;
fig. 5 is a schematic diagram of a possible longitudinal federal learning framework according to an embodiment of the federal learning model training method based on label protection.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic device structure of a hardware running environment according to an embodiment of the present invention.
It should be noted that, the federal learning model training device based on label protection in the embodiment of the present invention may be a smart phone, a personal computer, a server, etc., which is not limited herein.
As shown in fig. 1, the federal learning model training apparatus based on tag protection may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the device configuration shown in fig. 1 is not limiting of a tag-based federal learning model training device and may include more or fewer components than illustrated, or may combine certain components, or may have a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a federal learning model training program based on tag protection may be included in a memory 1005, which is a computer storage medium. The operating system is a program that manages and controls the hardware and software resources of the device, supporting the running of federal learning model training programs based on label protection, as well as other software or programs. In the device shown in fig. 1, the user interface 1003 is mainly used for data communication with the client; the network interface 1004 is mainly used for establishing communication connection with a server; and the processor 1001 may be configured to invoke the tag protection based federal learning model training program stored in the memory 1005 and perform the operations described below in various embodiments of the tag protection based federal learning model training method of the present invention.
Based on the above structure, various embodiments of a federal learning model training method based on label protection are presented.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the federal learning model training method based on label protection according to the present invention.
Embodiments of the present invention provide embodiments of a federal learning model training method based on label protection, it being noted that although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order different than that shown or described herein. In this embodiment, the federal learning model training method based on label protection is applied to a first participant device participating in longitudinal federal learning. The first participant device is deployed at a first participant participating in longitudinal federal learning, and the device for longitudinal federal learning deployed in the other participants participating in longitudinal federal learning is referred to as a second participant device. The first participant device and the second participant device may be smart phones, personal computers, servers, etc., and are not limited in this embodiment. In this embodiment, the federal learning model training method based on label protection includes:
Step S10, second party feature extraction data sent by the second party equipment is received, wherein the second party feature extraction data is obtained by the second party equipment inputting second party original feature data of a training sample into the second party feature extraction model for feature extraction.
The participants involved in longitudinal federal learning typically have one participant (which may be referred to as a "data applicator") that provides tag data and at least one participant (which may be referred to as a "data provider" or "feature provider") that provides only feature data (as distinguished from what is hereinafter referred to as "raw feature data"), and in some possible embodiments, the data applicator may also provide raw feature data. In the application scenario of longitudinal federal learning, feature dimensions of original feature data of a data application party and a data provider are different, for example, images shot from different angles and collected user data with different dimensions, and the purpose of longitudinal federal learning is to combine original feature data of the same sample in different feature dimensions in each participant to perform modeling, so that features of each dimension of the sample are fully utilized to improve prediction accuracy of the model.
For convenience of description, a device deployed on a data application side will be referred to as a data application side device, and a device deployed on a data provider side will be referred to as a data provider side device.
In a specific application scenario, a model task can be set as required, a longitudinal federation model is designed according to the model task, and the longitudinal federation model is deployed in equipment of each participant. In the longitudinal federation learning stage, training is required to be performed on the longitudinal federation model so as to update model parameters in the longitudinal federation model, so that a model task can be completed by the longitudinal federation model obtained through final training, and the trained longitudinal federation model can be called a target task model to show distinction. The model task refers to the use of the model after the modeling is completed, for example, risk prediction, advertisement recommendation, and the like, that is, when the model task is risk prediction, the trained target task model may be used for risk prediction, and when the model task is advertisement recommendation, the trained target task model may be used for advertisement recommendation, and in this embodiment, the model task is not limited.
In this embodiment, the data application party is referred to as a first party, the parties other than the first party are referred to as second parties, the equipment for longitudinal federal learning deployed in the first party is referred to as first party equipment, and the equipment for longitudinal federal learning deployed in the second party is referred to as second party equipment.
In this embodiment, the longitudinal federation model includes a classification model deployed at a first participant device and a second party feature extraction model deployed at a second participant device participating in longitudinal federation learning.
A training sample may correspond to at least one piece of sample data, one piece of sample data including raw characteristic data of the training sample in each of the participants, the characteristic dimensions of the raw characteristic data of the sample owned by each of the participants being different, and the sample may be considered to be described from different angles. For example, in one embodiment, one party is a bank and the other party is an electronic commerce mechanism, the bank owns financial activity business data of the user (sample), such as deposit amount, loan amount, etc., the electronic commerce owns purchase record data of the user, such as purchase commodity type, purchase commodity amount, etc., and the model task may be to predict the user's repayment risk using the financial activity business data of the user and the purchase record data. The first participant device and the second participant device use sample data of the common training sample for longitudinal federal learning, the first participant device has a classification tag of the common training sample, and the second participant device has raw feature data of the common training sample (referred to as second party raw feature data to show distinction). In this embodiment, how the first participant device and the second participant device determine the common training samples is not limited, and in the following embodiments, the common training samples are simply referred to as training samples, that is, the training samples in the following embodiments are referred to as common training samples.
In the longitudinal federation learning stage, one or more rounds of updating can be performed on the longitudinal federation model. A round of updating the longitudinal federal model is described below as an example.
The parameters in the classification model and the second party feature extraction model may be randomly initialized or empirically initialized prior to initiating longitudinal federal learning.
The second party device may obtain second party raw feature data for respective training samples owned by the second party, either locally or remotely. After the second party device acquires the second party original feature data of each training sample, the second party original feature data can be respectively input into a second party feature extraction model to perform feature extraction, so as to obtain feature extraction data (hereinafter referred to as "second party feature extraction data" to show distinction) corresponding to each training sample. It should be noted that, the model structure of the second-party feature extraction model is not limited in this embodiment. The second participant device transmits second party feature extraction data to the first participant device.
The first participant device receives second party feature extraction data transmitted by the second participant device. It should be noted that, if there are a plurality of second party devices, for each training sample, the first party device will receive a plurality of second party feature extraction data corresponding to the training sample.
And step S20, classifying by adopting the classification model based on the second party characteristic extraction data to obtain a classification result corresponding to the training sample, and determining a classification loss function according to the classification result and a classification label corresponding to the training sample.
The specific embodiment of classifying the second party feature extraction data to obtain the classification result by using the classification model is not limited herein. For example, in a possible implementation manner, if there are multiple second participant devices and there is no original feature data corresponding to the training sample in the first participant device, for a certain training sample, the first participant device may aggregate the second feature extraction data corresponding to the training sample sent by each second participant device to obtain aggregate feature data, and then input the aggregate feature data into the classification model to classify to obtain a classification result corresponding to the training sample. For another example, in a possible implementation manner, if one second participant device is provided and the first participant device does not have the original feature data corresponding to the training sample, for a certain training sample, the first participant device may input the second feature extraction data corresponding to the training sample sent by the second participant device to the classification model for classification, so as to obtain a classification result corresponding to the training sample. For another example, in a possible implementation manner, if there is original feature data corresponding to a training sample in the first party device (hereinafter referred to as first party original feature data for distinction), the longitudinal federal model further includes a first party feature extraction model deployed in the first party device, and for a certain training sample, the first party device may input the first party original feature data of the training sample into the first party feature extraction model to perform feature extraction, so as to obtain first party feature extraction data corresponding to the training sample, aggregate the first party feature extraction data corresponding to the training sample with the second party feature extraction data, so as to obtain aggregate feature data, and input the aggregate feature data into the classification model to perform classification, so as to obtain a classification result corresponding to the training sample.
The classification result is a predicted result and the classification label is a standard result, the predicted result and the standard result may be biased before each other, and the first participant device may determine a loss function (hereinafter referred to as a classification loss function to show a distinction) according to the classification result and the classification label of the training sample. The classification loss function characterizes errors before the result of classifying the training sample by the longitudinal federal model and the classification result marked by the training sample, and the accuracy of classifying the training sample by the longitudinal federal model can be optimized by optimizing the classification loss function. The classification loss function may be calculated using conventional loss function calculation methods, such as cross entropy loss functions.
And step S30, performing dimension processing on the classification tag and the second party feature extraction data, and determining a first decorrelation loss function based on the dimension processed classification tag and the second party feature extraction data, wherein the dimension processing comprises dimension increasing processing on the classification tag and/or dimension decreasing processing on the second party feature extraction data.
It can be understood that in this embodiment, the dimension processing is divided into three cases, one is to perform dimension increasing processing only on the classification label, the second party feature extraction data is not processed, the second party feature extraction data is only processed in dimension decreasing mode, the classification label is not processed, and the third is to perform dimension increasing processing on the classification label and dimension decreasing processing on the second party feature extraction data.
Based on the above three cases, determining the first decorrelation loss function based on the dimension-processed classification tag and the second party feature extraction data is also divided into three cases. The first is to calculate a first decorrelation loss function based on the second party feature extraction data and the upscaled classification labels. The second is to calculate a first decorrelation loss function based on the classification labels and the second party feature extraction data after the dimension reduction process. And thirdly, calculating a first decorrelation loss function based on the classification labels after the dimension-increasing processing and the second party characteristic extraction data after the dimension-decreasing processing.
In this embodiment, the specific implementation modes of the dimension increasing process and the dimension decreasing process are not limited, and a common dimension increasing process and dimension decreasing process mode may be adopted. For example, the dimension may be increased by interpolating the classification tag, and for example, the dimension may be reduced by downsampling the second-party feature extraction data.
The first decorrelation penalty function is a penalty function constructed with the objective of minimizing the correlation between the dimension-processed classification labels and the second party feature extraction data. In this embodiment, the specific calculation manner of the first decorrelation loss function is not limited. For example, in one possible implementation, a distance correlation algorithm may be employed to calculate the first decorrelation loss function. The distance correlation is mainly aimed at two input distributions, such as a and B, and the distance between every two distributions is calculated to obtain two matrixes A and B, the distance correlation can be obtained by calculating the dot product of A and B, L dcorr =dot (a, B)/(dot (a, a) ×dot (B, B)) 0.5, the loss being 0 when a and B are completely uncorrelated.
And step S40, determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function.
In this embodiment, the total loss function is determined based at least on the classification loss function and the first decorrelation loss function. In a possible embodiment, the total loss function may be obtained by adding or weighted summing the classification loss function with the first decorrelation loss function. The method for updating the longitudinal federation model based on the total loss function can adopt the conventional method for updating the longitudinal federation model in longitudinal federation learning. For example, the gradient value corresponding to the second party feature extraction data may be calculated based on the total loss function, the gradient value corresponding to the parameter in the classification model may be calculated, the parameter in the classification model may be updated by using the gradient value corresponding to the parameter in the classification model, the gradient value corresponding to the second party feature extraction data may be fed back to the second party device, the second party device may calculate the gradient value corresponding to the parameter in the second party feature extraction model according to the gradient value corresponding to the second party feature extraction data, and the parameter in the second party feature extraction model may be updated according to the gradient value corresponding to the parameter in the second party feature extraction model, thereby completing one round of updating of the longitudinal federal model.
In a specific application scene, the longitudinal federation model can be updated for multiple rounds, and when the stopping condition of iterative updating is detected, the finally updated longitudinal federation model is used as a target task model for training completion.
In this embodiment, whichever of the three cases of step S30 is used to determine the first decorrelation loss function, it is possible to reduce the influence on the joint modeling effect on the basis of the defense model completion attack.
For the situation that the first decorrelation loss function is determined based on the classification label and the second-party feature extraction data after the dimension reduction processing, as the second-party feature extraction data after the dimension reduction processing only comprises part of information in the original second-party feature extraction data, a part of information in the original second-party feature extraction data can fully exert the value of correlation between the information and the classification label, so that the classification model can utilize the value provided by the part of information to carry out classification prediction, and further the influence on the combined modeling effect is reduced; meanwhile, as the partial information obtained after the dimension reduction processing is carried out in the original second-party feature extraction data, the first decorrelation loss function calculated based on the partial information and the classification label is added in the classification loss in the process of training the longitudinal federal model, so that the correlation between the classification label and the partial information is removed or weakened, and the effect of defending the model complement attack can still be realized.
For the case of determining the first decorrelation loss function based on the second party feature extraction data and the updimensional processed class labels, the updimensional processed class labels include some additional information in addition to the information of the original class labels. Because the classification label after the dimension lifting treatment comprises the information of the original classification label, the first decorrelation loss function calculated based on the second party feature extraction data and the classification label after the dimension lifting treatment is added in the classification loss in the process of training the longitudinal federal model, so that the correlation between the second party feature extraction data and the original classification label is weakened, and the effect of defending the model complement attack can be realized; meanwhile, the classification label after the dimension increasing processing also comprises some extra information, so that when the correlation between the second party feature extraction data and the original classification label is weakened, the extra information can share the weakened intensity, so that the correlation between the second party feature extraction data and the original classification label is not completely removed, and the influence on the joint modeling effect can be reduced.
For the case of determining the first decorrelation loss function based on the second-party feature extraction data after the dimension reduction processing and the classification label after the dimension increase processing, the influence on the joint modeling effect can be reduced while defending the model complement attack as well because the two cases are combined.
In a possible implementation manner, the step of determining the first decorrelation loss function in step S30 based on the dimension-processed classification tag and the second party feature extraction data includes:
step S301, determining distribution correlation between the classification labels after dimension processing and the second party feature extraction data;
in this embodiment, parameters in the dimension processing method may be configured so that dimensions of the dimension-processed classification tag and the second-party feature extraction data are the same, for example, so that the dimension-processed classification tag and the second-party feature extraction data are both 10 dimensions. The distribution correlation between the classified tags with the same dimension size after dimension processing and the second party feature extraction data can be calculated. Distribution correlation describes the similarity between two distributions. Common methods for calculating the distribution correlation include KL divergence (Kullback-Leibler divergence loss), cross-entropy loss function (cross-entropy loss), cosine similarity (cosine similarity), and the like, and in this embodiment, which method is specifically adopted is not limited. Calculating the distribution correlation requires that the dimensions of the two distributions that are compared be the same. For both KL and CE, the more similar the distribution is, so that a negative sign needs to be added in use, namely, minus KL and minus CE are minimized so as to achieve the aim of decorrelation, namely L dcorr = -CE (a, b) or L dcorr = -KL (a, b). For cosine similarity, the distribution uncorrelated value is 0, which is directly minimized, L dcorr =cos_sim(a,b)。
In step S302, a first decorrelation loss function is calculated with the aim of minimizing the distribution correlation.
The method is characterized in that the first decorrelation loss function is calculated based on a distance correlation algorithm, the calculated correlation is not accurate enough compared with the calculation of the first decorrelation loss function based on the distance correlation algorithm, in the embodiment, the first decorrelation loss function is calculated by setting the dimension of the dimension-processed classification label and the dimension of the dimension-processed second feature extraction data to be the same, and the distribution correlation is adopted, so that the calculated first decorrelation loss function is more accurate due to the fact that the correlation calculated by the distribution correlation method is more accurate, and the defending effect on model complement attack can be improved.
In a possible embodiment, when the dimension processing includes performing dimension reduction processing on the second-party feature extraction data, the dimension reduction processing method used may be a method capable of extracting the most important information in the second-party feature extraction data, for example, a principal component analysis method, a singular value decomposition method, or the like, and the specific method is not limited in this embodiment. The method for extracting the most important information in the second-party feature extraction data is used for carrying out dimension reduction processing on the second-party feature extraction data, so that the most important information in the second-party feature extraction data is used for carrying out classification prediction as little as possible, the defending effect on model complement attack is further improved, and the rest and the minor information can be used for carrying out classification prediction as much as possible, so that the influence on the combined modeling effect is further reduced.
Based on the above first embodiment, a second embodiment of the federal learning model training method based on label protection according to the present invention is provided, and in this embodiment, the step S20 includes:
step S201, aggregating the first party feature extraction data and the second party feature extraction data to obtain aggregated feature data, inputting the aggregated feature data into the classification model to classify, and obtaining a classification result corresponding to the training sample, where the first party feature extraction data is obtained by inputting first party original feature data of the training sample into the first party feature extraction model by the first party device to perform feature extraction.
In this embodiment, for the case that the data application party (i.e., the first party) also has the original feature data, the defending effect may be further improved by further performing decorrelation on the aggregate feature data and the feature extraction data of the second party.
For the case that the data application party also has the original characteristic data, the longitudinal federation model also comprises a first party characteristic extraction model deployed on the first party equipment. The first participant device may obtain first party raw feature data for respective training samples owned by the first participant from either the local or remote location. After the first party device acquires the first party original feature data of each training sample, the first party original feature data can be respectively input into a first party feature extraction model to perform feature extraction, so as to obtain feature extraction data (hereinafter referred to as "first party feature extraction data" to show distinction) corresponding to each training sample. The model structure of the first-party feature extraction model is not limited in this embodiment.
After the first party device obtains the first party feature extraction data and the second party feature extraction data, the first party feature extraction data and the second party feature extraction data can be aggregated to obtain aggregated feature data. The manner of aggregation is not limited in this embodiment, and for example, a splicing, averaging, or max-pooling (max-pooling) manner may be adopted. The dimension of the first party feature extraction data is denoted as d A The dimension size of the second-party feature extraction data is denoted as d B The dimension size of the aggregated feature data is denoted as d agg . In the case of splicing mode, d agg =d A +d B When the average and maximum pooling (max-pooling) is adopted, d is required A =d B Dimension d of aggregated feature data obtained by aggregation agg =d A =d B 。
The first participant device may input the aggregated feature data to a classification model for classification, to obtain a classification result corresponding to the training sample.
Before the step S40, the method further includes:
step S50, determining a second decorrelation loss function based on the aggregated feature data and the second party feature extraction data.
After obtaining the aggregated feature data and the second party feature extraction data, the first party device may determine a second decorrelation loss function based on the aggregated feature data and the second party feature extraction data, the second decorrelation loss function being intended to minimize a correlation between the aggregated feature data and the second party feature extraction data. In the present embodiment, the manner of determining the second decorrelation loss function based on the aggregated feature data and the second-party feature extraction data is not limited. For example, a distance correlation between the aggregated feature data and the second feature extraction data may be calculated, and a second decorrelation loss function may be calculated from the distance correlation. For another example, when the dimensions of the aggregated feature data and the second feature extraction data are the same, a distribution correlation between the aggregated feature data and the second feature extraction data may be calculated, and the second decorrelation loss function may be calculated from the distribution correlation. For another example, when the dimensions of the aggregate feature data and the second feature extraction data are different, the aggregate feature data and the second feature extraction data may be subjected to dimension processing, so that the dimensions of the aggregate feature data and the second feature extraction data after dimension processing are the same, and a distribution correlation between the aggregate feature data and the second feature extraction data with the same dimensions is calculated, and a second decorrelation loss function is calculated according to the distribution correlation.
The step S40 includes:
step S401, determining a total loss function according to the classification loss function, the first decorrelation loss function and the second decorrelation loss function.
In this embodiment, the determining the total loss function may be adding the classification loss function, the first decorrelation loss function and the second decorrelation loss function, or a weighted sum resulting in the total loss function. If a weighted summation mode is adopted, weights can be set according to requirements. For example, the total loss function is L total =L cls +αL dcorr,y +βL dcorr,h Wherein L is cls Representing a classification loss function, L dcorr,y Representing a first decorrelation loss function, L dcorr,h Representing a second decorrelation loss function, and α and β represent weights corresponding to the first and second decorrelation loss functions.
In this embodiment, the aggregate feature data is used to input a classification model prediction to obtain a classification result, and by further adding a second decorrelation loss function to the total loss function, an effect of reducing the correlation between the aggregate feature data and the second party feature extraction data in the training process of the longitudinal federal model can be achieved, so that the correlation between the second party feature extraction data and the classification label is indirectly reduced, and thus the defending effect on the model complement attack can be further improved.
Based on the first and/or second embodiments, a third embodiment of the federal learning model training method based on label protection according to the present invention is provided, in this embodiment, the step of performing the dimension reduction processing on the second party feature extraction data in step S30 includes:
step S303, performing encoding processing on the second party feature extraction data based on a preset encoder to obtain a first encoding result, and taking the first encoding result as second party feature extraction data after the dimension reduction processing.
In the present embodiment, when the dimension processing includes the dimension reduction processing of the second-party feature extraction data, one encoder (hereinafter referred to as a preset encoder to show distinction) may be set in advance. The structure of the preset encoder is not limited in this embodiment, and the dimension of the encoding result obtained by encoding the input original data with the preset encoder is smaller than that of the original data, so as to achieve the effect of dimension reduction.
The second-party feature extraction data may be input to a preset encoder for encoding, and the obtained encoding result is referred to as a first encoding result to show distinction. And taking the first coding result as second party characteristic extraction data after the dimension reduction processing.
To further reduce the influence on the modeling effect, in a possible embodiment, before the step S303, the method further includes:
step S60, inputting the second party feature extraction data to the preset encoder for encoding processing, so as to obtain a second encoding result.
A self-encoder, hereinafter referred to as a first preset self-encoder, may be preset to show distinction. The first preset self-encoder includes an encoder and a decoder, and the encoder is used as a preset encoder (namely, used as an encoder for performing dimension reduction processing on the second party characteristic extraction data).
One or more rounds of updating the first preset self-encoder may be performed before each update of the longitudinal federal model. The following describes an example of performing a round of updating of the first preset self-encoder.
The first participant device may input the second-party feature extraction data to a preset encoder for encoding processing, to obtain an encoding result (hereinafter referred to as a second encoding result to show distinction).
Step S70, inputting the second encoding result to a decoder in the first preset self-encoder for decoding processing, so as to obtain a reconstruction result.
And inputting the second coding result to a decoder in the first preset self-encoder for decoding, wherein the obtained result is called a reconstruction result, namely, the purpose of inputting the second coding result to the decoder is to reconstruct the second party characteristic extraction data.
And step S80, determining a self-coding loss function based on the reconstruction result and the second party characteristic extraction data, updating parameters in the preset encoder and the decoder based on the self-coding loss function, and executing the step S303 based on the preset encoder after updating the parameters.
The first participant device determines a self-encoding loss function from the reconstruction result and the second party feature extraction data. The self-encoding loss function aims to minimize the error between the reconstruction result and the second party feature extraction data. The self-coding loss function may be calculated by a conventional self-coding loss function, and is not limited thereto, and may be calculated by a root mean square error. Updating parameters in the preset encoder and decoder based on the self-coding loss function, thereby completing a round of updating the first preset self-encoder. After the first preset self-encoder is updated for one or more rounds, the second party characteristic extraction data can be subjected to coding processing based on the preset encoder after updating parameters to obtain a first coding result, and the first coding result is further used as second party characteristic extraction data after dimension reduction processing.
The first preset self-encoder can be used for encoding and obtaining the most main component in the second side feature extraction data by training the first preset self-encoder, and the first decorrelation loss function is included in the training process of the longitudinal federal model, so that the correlation between the result obtained by performing dimension reduction processing on the second side feature extraction data by using the preset encoder and the classification label is reduced as much as possible, and the first preset self-encoder and the training process of the longitudinal federal model are synchronous, the encoding result of the preset encoder in the first preset self-encoder can be influenced by training of the longitudinal federal model, and the preset encoder can be used for encoding and obtaining the component with the highest correlation with the classification label in the second side feature extraction data. And as the preset encoder can encode and obtain the component with the highest correlation with the classification tag in the second party feature extraction data, the component with the highest correlation with the classification tag in the second party feature extraction data can be used for classification prediction as little as possible by combining the first decorrelation loss function, so that the defending effect of the model complement attack is improved to the greatest extent, and the rest of components with the secondary correlation with the classification tag can be used for classification prediction as much as possible, so that the influence on the combined modeling effect is reduced to the greatest extent.
In a possible implementation, the joint modeling of both party a and party B is taken as an example, but can be generalized to multiparty scenarios. As shown in fig. 3, party a has tag information Y A (not shown) and possibly the original characteristic data X A (not shown), party B has raw characteristic data X B . The A side deploys a classification model Classifier and a self-coding model, wherein the self-coding model comprises an Encoder Encoder and a Decoder Decoder, and the B side deploys a feature extraction model M B Party A has original characteristic data X A In the case of (a), party a may also deploy a feature extraction model M A (not shown in the drawings). The longitudinal federation updating process comprises the following steps:
1. b-side computing feature extraction data h B =M B (X B ) Party B will h B And sending the message to the A party. With raw characteristic data X in A-side A In the case of (a), the a-party can calculate the feature extraction data h A =M A (X A ) (not shown in the drawings).
2. No raw feature data X on a side A In the case of (a), party a will h B Inputting a classification model Classifier and based on the classification result and the classification label Y A The classification loss function classification loss is calculated (this is shown in the figure). With raw characteristic data X in A-side A In the case of (a), party a will h A And h B Polymerization to give h agg Inputting a classification model Classifier, and based on the classification result and the classification label Y A The loss-of-class function classification loss is calculated (this is not shown in the figure).
3. Party A will h B Inputting the encoded data into an Encoder Encoder to obtain an encoding result encodingIc B Then input into Decoder for reconstruction, based on reconstruction result and h B A reconstruction loss function reconstruction loss (also referred to as a self-encoding loss function) is calculated, and the Encoder and Decoder are updated according to the reconstruction loss function. After updating the self-encoder, h is again B Inputting the encoded data into an Encoder Encoder to obtain an encoding result encodingIc B Based on encoding B And Y A The decorrelation loss function decorrelation loss is calculated.
4. The a-side calculates the total loss function based on the decorrelation loss function decorrelation loss and the classification loss function classification loss, updates the classification model Classifier based on the total loss function (there is a deployment feature extraction model M in the a-side A In the case of (2), the feature extraction model M is also updated according to the total loss function A ) And calculates the total loss function for h B Gradient g of (2) B Will g B Sending to the B side; the B side is based on g B Updating M B 。
Based on the first and/or second embodiments, a fourth embodiment of the present invention of a federal learning model training method based on label protection is provided, and in this embodiment, the step of performing the dimension reduction processing on the second party feature extraction data in step S30 includes:
And step S304, intercepting a part with the same dimension as the classification label from the second party characteristic extraction data as second party characteristic extraction data after the dimension reduction processing.
When the dimension of the classification tag is smaller than the dimension of the second-party feature extraction data, and the dimension processing includes performing dimension reduction processing on the second-party feature extraction data, the dimension reduction processing may be performed by performing a manner of intercepting a portion of the second-party feature extraction data that is the same as the dimension of the classification tag. For example, the second party feature extraction data has 10 dimensions and the classification tag has 2 dimensions, then the first two dimensions in the second party feature extraction data may be truncated and the first two dimensions and the classification tag calculated as the first decorrelation loss function.
Based on the first, second, third and/or fourth embodiments, a fifth embodiment of the federal learning model training method based on label protection according to the present invention is provided, in this embodiment, the step of performing the dimension-increasing process on the classification label in step S30 includes:
step S305, performing encoding processing on the classification tag based on an encoder in a second preset self-encoder to obtain a third encoding result, and taking the third encoding result as the classification tag after the dimension-increasing processing, where the second preset self-encoder is a sparse self-encoder.
A sparse self-encoder (hereinafter referred to as a second preset self-encoder to show distinction) may be provided in advance, and the encoder in the sparse self-encoder is employed to perform encoding processing on the classification tag, and the obtained encoding result is referred to as a (third encoding result). The second preset self-encoder is a sparse self-encoder, so that the dimension of the third encoding result is larger than that of the classification label, and the dimension increasing effect is achieved.
The training method of the second preset self-encoder is not limited in this embodiment. For example, in one possible implementation, one or more rounds of updating the second preset self-encoder may be performed before each update of the longitudinal federal model. The following describes an example of a round of updating the second preset self-encoder. The first participant device may input the classification tag to an encoder in the second preset self-encoder to perform encoding processing, so as to obtain an encoding result (hereinafter referred to as a fourth encoding result to show distinction). The first participant device may input the fourth encoding result to the decoder in the second preset self-encoder for decoding, and the obtained result is called a reconstruction result (hereinafter referred to as a label reconstruction result to show distinction), that is, the fourth encoding result is input to the decoder for reconstructing the classification label. The first participant device may calculate a self-coding loss function based on the tag reconstruction result and the classification tag, update parameters in a second preset self-encoder based on the self-coding loss function, and perform coding processing on the classification tag based on the encoder in the second preset self-encoder after updating the parameters to obtain a third coding result, and further use the third coding result as the classification tag after the dimension-up processing.
In a possible implementation, the joint modeling of both party a and party B is taken as an example, but can be generalized to multiparty scenarios. As shown in fig. 4, party a has tag information Y A (not shown) and possibly the original characteristic data X A (not shown), party B has raw characteristic data X B . The A side deploys a classification model Classifier, a self-coding model h and a self-Encoder y, wherein the self-coding model h comprises an Encoder Encoder h And a Decoder h The self-Encoder y comprises an Encoder Encoder y And a Decoder y The B side is provided with a feature extraction model M B Party A has original characteristic data X A In the case of (a), party a may also deploy a feature extraction model M A (not shown in the drawings). The longitudinal federation updating process comprises the following steps:
1. b-side computing feature extraction data h B =M B (X B ) Party B will h B And sending the message to the A party. With raw characteristic data X in A-side A In the case of (a), the a-party can calculate the feature extraction data h A =M A (X A ) (not shown in the drawings).
2. No raw feature data X on a side A In the case of (a), party a will h B Inputting a classification model Classifier and based on the classification result and the classification label Y A The classification loss function classification loss is calculated (this is shown in the figure). With raw characteristic data X in A-side A In the case of (a), party a willh A And h B Polymerization to give h agg Inputting a classification model Classifier, and based on the classification result and the classification label Y A The loss-of-class function classification loss is calculated (this is not shown in the figure).
3. Party A will h B Input Encoder h Coding to obtain coding result encoding B Then input into Decoder h Performing reconstruction, based on the reconstruction result and h B A reconstruction loss function reconstruction loss1 (also referred to as a self-encoding loss function) is calculated, and the Encoder is updated according to the reconstruction loss function h And a Decoder h 。
Party A will Y A Input Encoder y Coding to obtain coding result encoding y Then input into Decoder y Performing reconstruction based on the reconstruction result and Y A A reconstruction loss function reconstruction loss (also referred to as a self-encoding loss function) is calculated, and the Encoder is updated according to the reconstruction loss function y And a Decoder y 。
After updating the self-encoder h and the self-encoder y, h is again calculated B Input Encoder h Coding to obtain coding result encoding B Y is taken as A Input Encoder y Coding to obtain coding result encoding y Based on encoding B And encoding y The decorrelation loss function decorrelation loss is calculated.
4. The a-side calculates the total loss function based on the decorrelation loss function decorrelation loss and the classification loss function classification loss, updates the classification model Classifier based on the total loss function (there is a deployment feature extraction model M in the a-side A In the case of (2), the feature extraction model M is also updated according to the total loss function A ) And calculates the total loss function for h B Gradient g of (2) B Will g B Sending to the B side; the B side is based on g B Updating M B 。
In a possible implementation, the joint modeling of both party a and party B is taken as an example, but can be generalized to multiparty scenarios.As shown in fig. 5, party a has tag information Y A (not shown) with the original characteristic data X A Party B has raw characteristic data X B . A side deployment feature extraction model M A Classification model Classifier, self-coding model h including Encoder Encoder, and self-Encoder y h And a Decoder h The self-Encoder y comprises an Encoder Encoder y And a Decoder y The B side is provided with a feature extraction model M B . The longitudinal federation updating process comprises the following steps:
1. b-side computing feature extraction data h B =M B (X B ) Party B will h B And sending the message to the A party. The A side calculates feature extraction data h A =M A (X A )。
2. Party A will h A And h B Aggregation to obtain aggregated feature data h agg (h is not shown in the figure) agg ) Inputting a classification model Classifier, and based on the classification result and the classification label Y A The loss-of-class function classification loss is calculated.
3. Party A will h B Input Encoder h Coding to obtain coding result encoding B Then input into Decoder h Performing reconstruction, based on the reconstruction result and h B A reconstruction loss function reconstruction loss1 (also referred to as a self-encoding loss function) is calculated, and the Encoder is updated according to the reconstruction loss function h And a Decoder h 。
Party A will Y A Input Encoder y Coding to obtain coding result encoding y Then input into Decoder y Performing reconstruction based on the reconstruction result and Y A A reconstruction loss function reconstruction loss (also referred to as a self-encoding loss function) is calculated, and the Encoder is updated according to the reconstruction loss function y And a Decoder y 。
After updating the self-encoder h and the self-encoder y, h is again calculated B Input Encoder h Coding to obtain coding result encoding B Y is taken as A Input encoder Encoder y Coding to obtain coding result encoding y Based on encoding B And encoding y The decorrelation loss function decorrelation loss1 is calculated.
4. The A side is according to h agg And h B The decorrelation loss function decorrelation loss2 is calculated.
5. The a-side calculates a total loss function based on the decorrelation loss function decorrelation loss1, the decorrelation loss function decorrelation loss, and the classification loss function classification loss, updates the classification model Classifier based on the total loss function (there is a deployment feature extraction model M in the a-side A In the case of (2), the feature extraction model M is also updated according to the total loss function A ) And calculates the total loss function for h B Gradient g of (2) B Will g B Sending to the B side; the B side is based on g B Updating M B 。
Further, in an embodiment, the first party may be a bank, and the first party may have a repayment risk tag of the user (sample), and may also have service data generated when the user transacts a service in the bank, which may specifically include a deposit and withdrawal record, a loan record, a repayment record, and the like. The second party may be an e-commerce organization, and the second party may have purchase record data generated when the user purchases the commodity on the e-commerce platform, and may specifically include a commodity purchase amount, a payment manner, a number of returns, and the like. The first party and the second party may set model tasks for predicting the user's repayment risk based on the user's purchase record data (or also based on the user's business data), the longitudinal federal model may include a classification model and a second party feature extraction model, the classification model is deployed in the first party device, the second party feature extraction model is deployed in the second party device, and the longitudinal federal learning is performed by using the user's purchase record data (or also based on the user's business data) and the repayment risk tag by the classification model and the second party feature extraction model, so as to obtain a repayment risk prediction model for predicting the user's repayment risk. A round of updating the longitudinal federal model may include:
The first party equipment receives second party feature extraction data sent by the second party equipment, wherein the second party feature extraction data is obtained by the second party equipment by inputting purchase record data of a user into a second party feature extraction model for feature extraction;
the first party equipment adopts the classification model to carry out classification based on the second party characteristic extraction data to obtain a classification result corresponding to the user, the classification result is used for representing whether the user has a repayment expected risk or not, and a classification loss function is determined according to the classification result and a repayment risk label corresponding to the user;
performing dimension processing on the repayment risk tag and the second party feature extraction data, and determining a first decorrelation loss function based on the repayment risk tag and the second party feature extraction data after dimension processing, wherein the dimension processing comprises performing dimension-increasing processing on the repayment risk tag and/or performing dimension-decreasing processing on the second party feature extraction data;
and determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function.
In this embodiment, by adding the first decorrelation loss function to the classification loss function, the defending effect of the repayment risk prediction model obtained through final training on the model completion attack can be achieved in the process of training the longitudinal federal model, that is, the complete repayment risk prediction model obtained through the second side feature extraction model obtained through training by the electronic commerce mechanism can be prevented from being obtained, and then the repayment risk of each user is predicted. In addition, the influence on the prediction effect of the repayment risk prediction model can be reduced, namely, the repayment risk prediction model can still have better prediction accuracy.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the storage medium is stored with a federal learning model training program based on label protection, and the federal learning model training program based on label protection realizes the steps of the federal learning model training method based on label protection as follows when being executed by a processor.
The invention also proposes a computer program product comprising a computer program which, when executed by a processor, implements the steps of a federal learning model training method based on label protection as described above.
Embodiments of the federal learning model training apparatus, computer readable storage medium, and computer program product according to the present invention based on label protection may refer to embodiments of the federal learning model training method according to the present invention based on label protection, and will not be described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (10)
1. A method for training a federal learning model based on label protection, wherein the method is applied to a first participant device participating in longitudinal federal learning, the longitudinal federal model comprising a classification model deployed at the first participant device and a second party feature extraction model deployed at a second participant device participating in longitudinal federal learning, the method comprising the steps of:
receiving second party feature extraction data sent by the second party equipment, wherein the second party feature extraction data is obtained by the second party equipment by inputting second party original feature data of a training sample into a second party feature extraction model for feature extraction;
classifying by adopting the classification model based on the second party characteristic extraction data to obtain a classification result corresponding to the training sample, and determining a classification loss function according to the classification result and a classification label corresponding to the training sample;
Performing dimension processing on the classification tag and the second party feature extraction data, and determining a first decorrelation loss function based on the dimension processed classification tag and the second party feature extraction data, wherein the dimension processing comprises performing dimension-increasing processing on the classification tag and/or performing dimension-decreasing processing on the second party feature extraction data;
and determining a total loss function according to the classification loss function and the first decorrelation loss function, and updating the longitudinal federal model based on the total loss function.
2. The method for training a federal learning model based on label protection according to claim 1, wherein the step of classifying by using the classification model based on the second party feature extraction data to obtain a classification result corresponding to the training sample comprises:
aggregating first party feature extraction data and the second party feature extraction data to obtain aggregate feature data, inputting the aggregate feature data into the classification model for classification, and obtaining a classification result corresponding to the training sample, wherein the first party feature extraction data is obtained by inputting first party original feature data of the training sample into the first party feature extraction model by the first party equipment for feature extraction;
Before the step of determining a total loss function from the classification loss function and the first decorrelation loss function, the method further comprises:
determining a second decorrelation loss function based on the aggregated feature data and the second party feature extraction data;
the step of determining a total loss function from the classification loss function and the first decorrelation loss function comprises:
determining a total loss function from the classification loss function, the first decorrelation loss function, and the second decorrelation loss function.
3. The method of claim 1, wherein when the dimension processing includes dimension reduction processing of the second party feature extraction data, the step of dimension reduction processing of the second party feature extraction data includes:
and carrying out coding processing on the second party feature extraction data based on a preset coder to obtain a first coding result, and taking the first coding result as second party feature extraction data after the dimension reduction processing.
4. The method for training a federal learning model based on label protection according to claim 3, wherein the preset encoder is an encoder in a first preset self-encoder, and before the step of encoding the second party feature extraction data based on the preset encoder to obtain a first encoding result, the method further comprises:
Inputting the second party characteristic extraction data to the preset encoder for encoding processing to obtain a second encoding result;
inputting the second coding result to a decoder in the first preset self-encoder for decoding processing to obtain a reconstruction result;
and determining a self-coding loss function based on the reconstruction result and the second party characteristic extraction data, updating parameters in the preset encoder and the decoder based on the self-coding loss function, and executing the step of performing coding processing on the second party characteristic extraction data based on the preset encoder after updating the parameters to obtain a first coding result.
5. The method of claim 1, wherein the dimension of the classification label is smaller than the dimension of the second party feature extraction data, and the step of performing the dimension reduction process on the second party feature extraction data when the dimension process includes performing the dimension reduction process on the second party feature extraction data comprises:
and intercepting a part with the same dimension as the classification label from the second party characteristic extraction data as second party characteristic extraction data after dimension reduction processing.
6. The method of claim 1, wherein when dimension processing includes dimension-up processing the classification labels, the step of dimension-up processing the classification labels includes:
and carrying out coding processing on the classification labels based on the coder in a second preset self-coder to obtain a third coding result, and taking the third coding result as the classification labels after the dimension increasing processing, wherein the second preset self-coder is a sparse self-coder.
7. The method of claim 1 to 6, wherein dimensions of the dimension processed classification labels and the second party feature extraction data are the same, and the step of determining the first decorrelation loss function based on the dimension processed classification labels and the second party feature extraction data comprises:
determining a distribution correlation between the classification tag after dimension processing and the second party feature extraction data;
a first decorrelation loss function is calculated with the aim of minimizing the distribution correlation.
8. The utility model provides a federal learning model training equipment based on label protection which characterized in that, federal learning model training equipment based on label protection includes: memory, a processor and a label protection based federal learning model training program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the label protection based federal learning model training method according to any of claims 1-7.
9. A computer readable storage medium, wherein a label protection based federal learning model training program is stored on the computer readable storage medium, which when executed by a processor, implements the steps of the label protection based federal learning model training method according to any of claims 1-7.
10. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the label protection based federal learning model training method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310764038.5A CN116777014A (en) | 2023-06-26 | 2023-06-26 | Federal learning model training method, device and storage medium based on label protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310764038.5A CN116777014A (en) | 2023-06-26 | 2023-06-26 | Federal learning model training method, device and storage medium based on label protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116777014A true CN116777014A (en) | 2023-09-19 |
Family
ID=87994319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310764038.5A Pending CN116777014A (en) | 2023-06-26 | 2023-06-26 | Federal learning model training method, device and storage medium based on label protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116777014A (en) |
-
2023
- 2023-06-26 CN CN202310764038.5A patent/CN116777014A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11520899B2 (en) | System and method for machine learning architecture with adversarial attack defense | |
| CN111400754B (en) | Construction method and device of user classification system for protecting user privacy | |
| US20190035015A1 (en) | Method and apparatus for obtaining a stable credit score | |
| CN112418292B (en) | Image quality evaluation method, device, computer equipment and storage medium | |
| CN102246165A (en) | Method and apparatus for representing and identifying feature descriptors utilizing a compressed histogram of gradients | |
| CN114511576B (en) | Image segmentation method and system of scale self-adaptive feature enhanced deep neural network | |
| CN110148053B (en) | User credit line evaluation method and device, electronic equipment and readable medium | |
| CN112231592A (en) | Network community discovery method, device, equipment and storage medium based on graph | |
| CN112100642B (en) | Model training method and device for protecting privacy in distributed system | |
| CN112785157A (en) | Risk identification system updating method and device and risk identification method and device | |
| CN111241850B (en) | Method and device for providing business model | |
| CN115587535A (en) | Model construction optimization method, device, storage medium, and program product | |
| CN115496970A (en) | Training method of image task model, image recognition method and related device | |
| CN111582284B (en) | Privacy protection method and device for image recognition and electronic equipment | |
| CN113486302A (en) | Data processing method and device | |
| CN115345727B (en) | Method and device for identifying fraudulent loan application | |
| CN116757834A (en) | Security assessment method, device, equipment and storage medium for enterprise credit risk | |
| CN116777014A (en) | Federal learning model training method, device and storage medium based on label protection | |
| CN116129534A (en) | Image living body detection method and device, storage medium and electronic equipment | |
| CN114418767A (en) | Transaction intention identification method and device | |
| CN113947195A (en) | Model determination method and device, electronic equipment and memory | |
| CN113947802B (en) | Method, device and equipment for identifying face with shielding and readable storage medium | |
| CN117314756B (en) | Verification and protection method and device based on remote sensing image, computer equipment and storage medium | |
| CN117152567B (en) | Training method, classifying method and device of feature extraction network and electronic equipment | |
| CN112613376B (en) | Re-identification method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |