CN116882524A - Federal learning method and system for meeting personalized privacy protection requirements of participants - Google Patents

Abstract

A federated learning method and system that meets the personalized privacy protection needs of participants, involving the field of network and information security technology. Solve the problem of privacy leakage of participants due to untrustworthy servers in federated learning scenarios. The method includes: the participant selects a privacy budget, the privacy budget is encrypted and sent to the server; the server receives the privacy budget for summation, the server collaborates with the participant to decrypt the privacy budget sum, and sends the sum to the participant; the participant transfers the privacy budget to the participant. The aggregate weight is obtained by dividing the sum of the budget and the privacy budget; the server sends the global model parameters to the participants, and trains according to the parameters to obtain the local model; the participant multiplies the local gradient and the aggregate weight, and then performs gradient clipping; the clipped parameters are Perturbation is sent to the server; the server receives the gradient parameters and aggregates them to generate a global model. Applied to the field of privacy data protection.

Description

A federated learning method that meets the personalized privacy protection needs of participants and system

Technical field

The invention relates to the technical field of network and information security, and in particular to a federated learning method that meets the personalized privacy protection needs of participants.

Background technique

With the rapid development of big data and artificial intelligence, artificial intelligence has entered every aspect of our lives, such as finance, medical care, autonomous driving, etc. The most important technology in artificial intelligence is machine learning, and it is the development of machine learning that promotes the rapid development of artificial intelligence. At the same time, privacy issues in machine learning have also received widespread attention. As privacy issues receive increasing attention, users are becoming less and less willing to share data. Paradoxically, artificial intelligence technology must rely on the collection and fusion of large amounts of data. If complete and rich information cannot be obtained to train models and develop technology, the development of artificial intelligence applications will be severely restricted.

In the context of the increasingly prominent contradiction between the data island phenomenon and the demand for data fusion, federated learning emerged as the times require. Its core idea is to train machine learning models on separate data sets distributed across different devices or parties, which can protect local data privacy to a certain extent. In federated learning, participants only use uploaded model parameters or gradients without exposing potentially sensitive local data. Although federated learning is an effective means to protect private information in machine learning, there is still a risk of privacy leakage. However, some studies have shown that gradients or model parameters uploaded by participants can also leak privacy. Attackers can use some attack methods, such as differential attacks and model inversion attacks, to analyze the difference between the original model information and the model information to obtain Specific private information in the model.

In order to solve the privacy problem in federated learning, scholars have proposed several solutions, such as federated learning based on homomorphic encryption or secure multi-party computation. Since homomorphic encryption technology is expensive and requires a lot of calculations, it is not suitable for iterative training of models involving large-scale data in practice. One challenge of federated learning methods based on secure multi-party computation is to improve computational efficiency, since completing a round of training in a federated learning framework requires a large amount of computing resources. Compared with other methods, federated learning methods based on differential privacy have lower communication and computational overhead, and therefore are widely used to protect the privacy of federated learning. Currently, federated learning work based on differential privacy work mainly includes two types: 1) using local differential privacy to perturb the parameters uploaded by the user before the user uploads the model parameters; 2) using centralized differential privacy to perturb the central aggregation server of the aggregation gradient. However, local differential privacy has a flaw, which is to provide a uniform level of privacy protection for all users.

A uniform level of privacy protection is impractical due to different cultural values, income, age, legal, national or professional backgrounds. In practice, the use of local differential privacy is limited when faced with datasets containing multiple users with different privacy expectations. One possibility is to set the global privacy level high enough, which may introduce an unacceptable amount of noise into the analysis output, resulting in poor utility. On the other hand, setting a lower privacy level may also significantly harm utility. Furthermore, a single privacy level means wasting a large amount of some clients’ privacy budget, often negatively impacting model accuracy. Using ordinary local differential privacy does not take into account the different privacy needs of users, and it is unrealistic to protect privacy with a unified privacy level.

Contents of the invention

In order to solve the problem of privacy leakage of participants due to untrustworthy servers in federated learning scenarios, the present invention proposes a federated learning method that meets the personalized privacy protection needs of participants. The specific solution is:

A federated learning method that meets the personalized privacy protection needs of participants, the method includes:

S1: Two or more participants select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server;

S2: The server receives the encrypted privacy budget and sums it, and jointly decrypts the sum of the privacy budgets with the participants based on the server's summed privacy budget, and sends the sum to the participants;

S3: Participants divide their privacy budget by the sum of privacy budgets to obtain the aggregate weight;

S4: The server sends the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model;

S5: Each participant multiplies the parameters of the local model and the aggregate weight, and then performs gradient clipping;

S6: Add personalized noise to the parameters cropped in step S5 for perturbation, and send it to the server;

S7: The server receives the parameters sent by the participants in step S6 and aggregates them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios.

Further, a preferred way is also provided, and the step S1 is specifically:

S11: There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }. The participants can collect data based on their own privacy. Require and choose your own privacy budget;

S12: Participants use homomorphic encryption according to their own keys to encrypt and send it to the server.

Further, a preferred way is provided, the step S2 includes:

S21: The server collects the model parameters of participants and aggregates them for distributed training;

S22: The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to participants.

Further, a preferred way is provided, the step S4 includes:

The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model.

Based on the same inventive concept, the present invention also provides a federated learning system that meets the personalized privacy protection needs of participants. The system includes:

An encryption module, used by two or more participants to select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server;

A decryption module, configured for the server to receive the encrypted privacy budget and perform summation, and to jointly decrypt the sum of the privacy budgets with the participants based on the summed privacy budget of the server, and to obtain the sum of the privacy budgets, and send the sum to the participants;

The aggregate weight acquisition module is used by participants to divide their own privacy budget and the sum of privacy budgets to obtain the aggregate weight;

The training module is used by the server to send the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model;

A clipping module, used by each participant to multiply the parameters of the local model and the aggregate weight, and then perform gradient clipping;

A parameter update module, used to add personalized noise to the cropped parameters in the cropping module for perturbation, and send it to the server;

The output module is used for the server to receive the parameters sent by the participants in the parameter update module and aggregate them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios.

Furthermore, a preferred method is also provided. The encryption module is specifically:

There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }, and the participants combine the data according to their own privacy needs. Choose your own privacy budget;

Participants use homomorphic encryption according to their own keys to encrypt and send it to the server.

Furthermore, a preferred method is provided, in which the decryption module includes:

The server collects the model parameters of the participants and aggregates them for distributed training;

The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to the participant. .

Further, a preferred way is provided, the training module includes:

The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model.

Based on the same inventive concept, the present invention also provides a computer-readable storage medium. The computer-readable storage medium is used to store a computer program. The computer program executes any of the above-mentioned methods to satisfy the personalization of the participants. Federated learning approach for privacy protection requirements.

Based on the same inventive concept, the present invention also provides a computer device, including a memory and a processor. A computer program is stored in the memory. When the processor runs the computer program stored in the memory, the processor executes according to A federated learning method described in any of the above that meets the personalized privacy protection needs of participants.

The benefits of the present invention are:

The invention solves the problem of privacy leakage of participants caused by untrustworthy servers in federated learning scenarios.

The present invention proposes a federated learning method that meets the personalized privacy protection needs of participants. The method is aimed at the shortcomings of federated learning using local differential privacy protection and introduces personalized learning based on the different privacy needs of participants. privacy protection. In the method described, during the training process of federated learning, participants select their own privacy budget to add random noise to the local model parameters to achieve the purpose of perturbing the parameters according to their own privacy needs, and then the server aggregates the collected parameters. Loop multiple times until the model converges. The model can be used to predict and analyze setting issues in privacy protection scenarios, thereby better protecting user privacy.

The present invention proposes a federated learning method that meets the personalized privacy protection needs of participants. Based on technologies such as local differential privacy and federated learning, a federated learning framework for personalized privacy protection is proposed, which can avoid being accessed by untrusted servers. Privacy Attack. In the invention, participants can freely choose their own privacy budget to achieve the purpose of personalized privacy protection. The server cannot know the specific privacy budget of each participant, thus avoiding privacy attacks by untrustworthy servers on participants with large privacy budgets. . The invention ensures that the server has better aggregation results and generates a better global model.

This invention proposes a federated learning method that meets the personalized privacy protection needs of participants. It also solves the problem of differences in users' attitudes towards privacy and introduces personalized privacy protection so that different users can adjust their privacy according to their own needs. Set up as required. This not only improves data utility but also increases user motivation. When users have control over their privacy, they are more likely to contribute their data to analysis in the first place.

The invention is applied in the field of privacy data protection.

Description of the drawings

Figure 1 is a flow chart of a federated learning method that meets the personalized privacy protection needs of participants according to the first embodiment;

FIG. 2 is a sequence diagram of steps described in Embodiment 11.

Detailed ways

In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments.

Embodiment 1: This embodiment will be described with reference to Figure 1 . This implementation mode describes a federated learning method that meets the personalized privacy protection needs of participants. The method includes:

S1: Two or more participants select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server;

S2: The server receives the encrypted privacy budget and sums it, and jointly decrypts the sum of the privacy budgets with the participants based on the server's summed privacy budget, and sends the sum to the participants;

S3: Participants divide their privacy budget by the sum of privacy budgets to obtain the aggregate weight;

S4: The server sends the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model;

S5: Each participant multiplies the parameters of the local model and the aggregate weight, and then performs gradient clipping;

S6: Add personalized noise to the parameters cropped in step S5 for perturbation, and send it to the server;

S7: The server receives the parameters sent by the participants in step S6 and aggregates them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios.

Aggregation weights in this implementation are assigned by considering factors such as data contribution, computing power, and trust of each participant. Therefore, after the gradient parameters are multiplied by the aggregate weight, the result is a parameter that represents the contribution of the participating parties. The server can aggregate the perturbed parameters of the participants to generate a new global model parameter without knowing the specific parameters of the participants. This method can protect data privacy and security, eliminate differences between participants, and achieve better federated learning results.

The method described in this implementation mode addresses the shortcomings of federated learning using local differential privacy protection, and introduces personalized privacy protection based on the different privacy needs of the participants. In the method described, during the training process of federated learning, participants select their own privacy budget to add random noise to the local model parameters to achieve the purpose of perturbing the parameters according to their own privacy needs, and then the server aggregates the collected parameters. Loop multiple times until the model converges. The model can be used to predict and analyze setting issues in privacy protection scenarios, thereby better protecting user privacy.

Embodiment 2. This implementation is a further limitation of the federated learning method described in Embodiment 1 that meets the personalized privacy protection needs of participants. The step S1 is specifically:

S11: There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }. The participants can collect data based on their own privacy. Require and choose your own privacy budget;

S12: Participants use homomorphic encryption according to their own keys to encrypt and send it to the server.

Steps S11 and S12 of this implementation protect the data privacy and security of the participants, while ensuring that the data of the participants is not disclosed or the risk of being attacked is minimized. Specifically, the benefits of these operations include the following aspects:

Protect data privacy: Participants’ data often contains sensitive personal information or business secrets, and directly exposing data to third parties may lead to privacy leaks. Therefore, participants use homomorphic encryption to encrypt data before sending it to the server, which can protect data privacy and reduce the risk of data leakage.

Protect data security: Participants’ data may also be subject to security threats such as hacker attacks or malicious tampering. Using homomorphic encryption methods can ensure the security of the data encryption and transmission process and avoid being attacked, intercepted or tampered by hackers.

Improve controllability: Participants configure privacy budgets according to their own needs, and can flexibly balance effects and privacy protection according to their own needs, thereby improving participants' controllability over the federated learning process.

Preserving privacy budget: Privacy budget is a criterion used to evaluate the privacy sensitivity of data and is important in federated learning. Using homomorphic encryption methods, participants can perform calculations without exposing the privacy budget, preventing hackers or hostile parties from obtaining the privacy budget.

Maintain responsibility for data management: Participants use homomorphic encryption to encrypt and send data, which can minimize data management and processing on the server, thereby better controlling their own data resources. This can also help participants manage data risks and maintain full control over their own data.

Embodiment 3. This implementation is a further limitation of the federated learning method described in Embodiment 1 that meets the personalized privacy protection needs of participants. The step S2 includes:

S21: The server collects the model parameters of participants and aggregates them for distributed training;

S22: The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to participants.

Step S21 described in this implementation mode aggregates the restricted training information uploaded by participants in a predetermined manner so that the model does not directly possess the data of other participating units while each participating unit learns its own data. Step S22 targets the encryption mechanism in federated learning, decrypts the encryption privacy budgets of all participants, and aggregates them into the total calculation amount. S22 is usually used in the internal operation of S21 and ensures data privacy through encryption mechanisms. Specifically, the aggregator calculates the sum of the ciphertext based on the ciphertext of the restricted training information uploaded by the participants, and the aggregator does not directly decrypt the uploaded encrypted restricted training data. Instead, participants need to calculate and upload a privacy budget before uploading offline encrypted information, use it to break the aggregator's privacy of their uploaded information, and enable participants to obtain a combined sum of the total budget in the aggregator's encryption. Update local model. This ensures data privacy and minimizes the damage that attackers may do to the federated learning system by using computational data and model data leaks.

Embodiment 4. This implementation is a further limitation of the federated learning method described in Embodiment 1 that meets the personalized privacy protection needs of participants. The step S4 includes:

The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model.

In this implementation, by integrating the global model parameters into the local model, participants can optimize the local model through local iteration, improve and enhance the performance and accuracy of the entire shared model; when training locally, participants can perform training based on their own needs. To adjust parameters such as learning rate and regularization to improve the controllability of the model. At the same time, through local training, participants can more effectively understand the characteristics of their local data, optimize the local model, and improve the training effect; through local training, participants You can ensure that your data will not be uploaded, further strengthen data privacy protection, and may reduce the burden on its data transmission and storage.

Embodiment 5. This embodiment describes a federated learning system that meets the personalized privacy protection needs of participants. The system includes:

An encryption module, used by two or more participants to select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server;

A decryption module, configured for the server to receive the encrypted privacy budget and perform summation, and to jointly decrypt the sum of the privacy budgets with the participants based on the summed privacy budget of the server, and to obtain the sum of the privacy budgets, and send the sum to the participants;

The aggregate weight acquisition module is used by participants to divide their own privacy budget and the sum of privacy budgets to obtain the aggregate weight;

The training module is used by the server to send the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model;

A clipping module, used by each participant to multiply the parameters of the local model and the aggregate weight, and then perform gradient clipping;

A parameter update module, used to add personalized noise to the cropped parameters in the cropping module for perturbation, and send it to the server;

The output module is used for the server to receive the parameters sent by the participants in the parameter update module and aggregate them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios.

Embodiment 6. This implementation is a further limitation of the federated learning system described in Embodiment 5 that meets the personalized privacy protection needs of participants. The encryption module is specifically:

There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }, and the participants combine the data according to their own privacy needs. Choose your own privacy budget;

Participants use homomorphic encryption according to their own keys to encrypt and send it to the server.

Embodiment 7. This implementation is a further limitation of the federated learning system described in Embodiment 5 that meets the personalized privacy protection needs of participants. The decryption module includes:

The server collects the model parameters of the participants and aggregates them for distributed training;

The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to the participant. .

Embodiment 8. This implementation is a further limitation of the federated learning system described in Embodiment 5 that meets the personalized privacy protection needs of participants. The training module includes:

The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model.

Embodiment 9. A computer-readable storage medium according to this embodiment. The computer-readable storage medium is used to store a computer program. The computer program executes the method described in any one of Embodiments 1 to 4. A federated learning approach that meets the personalized privacy protection needs of participants.

Embodiment 10. A computer device according to this embodiment includes a memory and a processor. A computer program is stored in the memory. When the processor runs the computer program stored in the memory, the processor executes A federated learning method that meets the personalized privacy protection needs of participants according to any one of Embodiments 1 to 4.

Embodiment 11: This embodiment will be described with reference to Figure 2 . This implementation mode provides a specific example of the federated learning method described in the first implementation mode that meets the personalized privacy protection needs of the participants. It is also used to explain the second to the fourth implementation mode. Specifically:

Step 1: Participants select their own privacy budget based on their own privacy needs, encrypt the privacy budget and send it to the server;

The step 1 includes the following steps:

Step 1.1: Participants choose their own privacy budget. The smaller the privacy budget, the higher the degree of privacy protection, and vice versa. For a given security parameter λ, set the dimension of the lattice problem on R to be n, the ciphertext module q, the key distribution x and the error distribution y. Generate a random vector Return a public parameter (n, q, x, y, a), each participant samples a key s _i ←x and an error vector e _i ←y ^d , and then calculates its public key b _i =-s _i · a+e _i (mod q), all participants collaborate to calculate the aggregate public key:/>

Step 1.2: Participants use their own keys to encrypt the privacy budget. Let ε _i ∈R be the plaintext of the privacy budget, and a=a[0], Sample v ^di ←x,/> Ciphertext for calculating privacy budget and sent to the server.

Step 2: The server sums the ciphertext privacy budgets uploaded by the participants, and then decrypts them together with the participants to obtain the sum of the privacy budgets, and sends the sum to the participants;

The step 2 includes the following steps:

Step 2.1: After the server receives the encrypted privacy budget sent by the participant, it performs homomorphic encryption on it to obtain the sum.

Step 2.2: All participants work together to decrypt the ciphertext, and each participant samples one Calculate decryption share/> And send _Di to the server.

Step 2.3: After the server receives the decrypted shares sent by all participants, it decrypts them to obtain the sum of the plaintext privacy budget ε. And send the privacy budget sum ε to the participating parties.

Step 3: Participants divide their privacy budget by the sum of privacy budgets to obtain the aggregate weight w=ε _i /ε.

Step 4: The server sends the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model;

Said step 4 includes the following steps:

Step 4.1: The server sends the parameters g of the global model to the participants, and the participants perform local training after receiving the parameters. The local data set is used for training in each local iteration, and the local model is generated after training using the stochastic gradient descent method, where the learning rate is eta, and the gradient of the resulting local model is g _i .

Step 5: Each participant multiplies the parameters of the model and the aggregate weight, then performs gradient clipping, then adds personalized noise for perturbation, and then sends it to the server;

Said step 5 includes the following steps:

Step 5.1: Multiply the local gradient g _i by the aggregate weight, g′ _i =gi _· (ε _i /ε), and use the gradient clipping threshold σ to gradient clip the local gradient, g=clip(g′ _i , σ).

Step 5.2: Suppose that random noise, such as Laplacian noise or Gaussian noise, is added according to the participant's own privacy budget ε _i , and then the perturbed local gradient is sent to the server.

Step 6: The server aggregates the model parameters sent by the participants to generate a global model.

Although preferred embodiments of the present disclosure have been described, those skilled in the art will be able to make additional changes and modifications to these embodiments once the basic inventive concepts are apparent. Therefore, it is intended that the appended claims be construed to include the preferred embodiments and all changes and modifications that fall within the scope of this disclosure.

Obviously, those skilled in the art can make various changes and modifications to the present disclosure without departing from the spirit and scope of the disclosure. In this way, if these modifications and variations of the present disclosure fall within the scope of the claims of the present disclosure and equivalent technologies, the present disclosure is also intended to include these modifications and variations.

Those skilled in the art will appreciate that embodiments of the present disclosure may be provided as methods, systems, or computer program products. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram. These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present disclosure and do not limit the scope of protection. Although the present disclosure has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: After reading this disclosure, those skilled in the art can still make various changes, modifications or equivalent substitutions to the specific embodiments of the invention, but these changes, modifications or equivalent substitutions are within the protection scope of the disclosed and pending claims.

Claims (10)

1. A federated learning method that meets the personalized privacy protection needs of participants, characterized in that the method includes: S1: Two or more participants select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server; S2: The server receives the encrypted privacy budget and sums it, and jointly decrypts the sum of the privacy budgets with the participants based on the server's summed privacy budget, and sends the sum to the participants; S3: Participants divide their privacy budget by the sum of privacy budgets to obtain the aggregate weight; S4: The server sends the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model; S5: Each participant multiplies the parameters of the local model and the aggregate weight, and then performs gradient clipping; S6: Add personalized noise to the parameters cropped in step S5 for perturbation, and send it to the server; S7: The server receives the parameters sent by the participants in step S6 and aggregates them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios. 2. A federated learning method that meets the personalized privacy protection needs of participants according to claim 1, characterized in that step S1 is specifically: S11: There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }. The participants can collect data based on their own privacy. Require and choose your own privacy budget; S12: Participants use homomorphic encryption according to their own keys to encrypt and send it to the server. 3. A federated learning method that meets the personalized privacy protection needs of participants according to claim 1, characterized in that the step S2 includes: S21: The server collects the model parameters of participants and aggregates them for distributed training; S22: The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to participants. 4. A federated learning method that meets the personalized privacy protection needs of participants according to claim 1, characterized in that the step S4 includes: The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model. 5. A federated learning system that meets the personalized privacy protection needs of participants, characterized in that the system includes: An encryption module, used by two or more participants to select a privacy budget based on privacy requirements, encrypt the privacy budget, and send the encrypted privacy budget to the server; A decryption module, configured for the server to receive the encrypted privacy budget and perform summation, and to jointly decrypt the sum of the privacy budgets with the participants based on the summed privacy budget of the server, and to obtain the sum of the privacy budgets, and send the sum to the participants; The aggregate weight acquisition module is used by participants to divide their own privacy budget and the sum of privacy budgets to obtain the aggregate weight; The training module is used by the server to send the global model parameters to the participants, and the participants perform local training based on the parameters sent by the server to obtain the local model; A clipping module, used by each participant to multiply the parameters of the local model and the aggregate weight, and then perform gradient clipping; A parameter update module, used to add personalized noise to the cropped parameters in the cropping module for perturbation, and send it to the server; The output module is used for the server to receive the parameters sent by the participants in the parameter update module and aggregate them to generate a global model. The global model is used to predict and analyze setting issues in privacy protection scenarios. 6. A federated learning system that meets the personalized privacy protection needs of participants according to claim 5, characterized in that the encryption module is specifically: There are m participants {c ₁ , c ₂ ,…c _m } participating in the training. Each participant has its own original data set {d ₁ , d ₂ ,…d _m }, and the participants combine the data according to their own privacy needs. Choose your own privacy budget; Participants use homomorphic encryption according to their own keys to encrypt and send it to the server. 7. A federated learning system that meets the personalized privacy protection needs of participants according to claim 5, characterized in that the decryption module includes: The server collects the model parameters of the participants and aggregates them for distributed training; The server receives the encrypted privacy budget and performs the sum. The server jointly decrypts the encrypted privacy budget with the participant without knowing the specific privacy budget of the participant, obtains the plaintext privacy budget sum, and sends it to the participant. . 8. A federated learning system that meets the personalized privacy protection needs of participants according to claim 5, characterized in that the training module includes: The server sends the global model parameters to the participants. After receiving the global model parameters, the participants perform local training and use the local data set and stochastic gradient descent method to perform multiple iterations locally to obtain the local model. 9. A computer-readable storage medium, characterized in that the computer-readable storage medium is used to store a computer program, and the computer program executes the method described in any one of claims 1-4 to satisfy the personality of the participant. A federated learning method to optimize privacy protection requirements. 10. A computer device, characterized in that it includes a memory and a processor, a computer program is stored in the memory, and when the processor runs the computer program stored in the memory, the processor executes the method according to claim 1 A federated learning method described in any of -4 that meets the personalized privacy protection needs of the participants.