CN117874829A - Federal learning method based on self-adaptive differential privacy - Google Patents
Federal learning method based on self-adaptive differential privacy Download PDFInfo
- Publication number
- CN117874829A CN117874829A CN202410281608.XA CN202410281608A CN117874829A CN 117874829 A CN117874829 A CN 117874829A CN 202410281608 A CN202410281608 A CN 202410281608A CN 117874829 A CN117874829 A CN 117874829A
- Authority
- CN
- China
- Prior art keywords
- model
- initial
- scoring
- local model
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012549 training Methods 0.000 claims abstract description 101
- 230000006870 function Effects 0.000 claims abstract description 58
- 230000002776 aggregation Effects 0.000 claims abstract description 11
- 238000004220 aggregation Methods 0.000 claims abstract description 11
- 230000003044 adaptive effect Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 description 7
- 230000008859 change Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000004931 aggregating effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012935 Averaging Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000011478 gradient descent method Methods 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/098—Distributed learning, e.g. federated learning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Data Mining & Analysis (AREA)
- Molecular Biology (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Biomedical Technology (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Complex Calculations (AREA)
- Image Analysis (AREA)
Abstract
The invention provides a federal learning method based on self-adaptive differential privacy, which relates to the technical field of federal learning and comprises the following steps: the server acquires an initial global model and sends the initial global model to each client; each client acquires a corresponding local data set, and performs model training on an initial global model through the local data set to obtain the initial local model; the client obtains a target privacy budget according to the adjustment coefficient and the scoring function result, obtains an updated noise-added local model through the scaling factor, the target privacy budget and the initial local model, and sends the updated noise-added local model to the server; and the server performs federal average aggregation operation on all the updated noisy local models, updates the initial global model according to the federal average aggregation operation result to obtain a target global model, and iteratively updates the target global model until the target global model converges. The invention realizes that the accuracy of the model is ensured while the safety is met.
Description
Technical Field
The invention relates to the technical field of federal learning, in particular to a federal learning method based on self-adaptive differential privacy.
Background
Federal learning is an artificial intelligence technology which is being widely studied and used, and aims to develop efficient machine learning among multiple parties or multiple computing nodes on the premise of guaranteeing information security during large data exchange and protecting terminal data and personal data privacy. However, the conventional federal learning framework still has a problem of privacy disclosure. At present, many researches use differential privacy technology to disturb gradient data and the like in the exchange process so as to achieve the aim of protecting the data privacy, but the problem of privacy budget adjustment is not considered, and later generation of larger noise is caused, so that the model accuracy is reduced.
Disclosure of Invention
The invention solves the problem of ensuring the accuracy of the model while meeting the safety requirement.
In order to solve the above problems, the present invention provides a federal learning method based on adaptive differential privacy, including:
the method comprises the steps that a server obtains an initial global model and sends the initial global model to each client;
each client acquires a corresponding local data set, and model training is carried out on the initial global model through the local data set to obtain an initial local model;
the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, obtains a target privacy budget according to the adjustment coefficient and the scoring function result, obtains an updated noise adding local model through the scaling factor, the target privacy budget and the initial local model, and sends the updated noise adding local model to the server;
and the server performs federal average aggregation operation on all the updated noisy local models, updates the initial global model according to the federal average aggregation operation result to obtain a target global model, sends the target global model to each client, and iteratively updates the target global model until the target global model converges.
Optionally, the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, including:
determining cosine similarity of the initial local model and the initial global model, and taking the cosine similarity as the scaling factor;
wherein the scaling factor is:
,
wherein,and for the scaling factor, A is the initial global model, and B is the initial local model.
Optionally, the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, including:
when the cosine similarity is smaller than zero, the adjustment coefficient is one;
when the cosine similarity is greater than or equal to zero, obtaining the adjustment coefficient according to the cosine similarity and an adjustment coefficient function;
wherein the adjustment coefficient function is:
,
wherein Y is the adjustment coefficient function, M is the number of all clients in the training, N is the number of selected clients in the training,d is the total number of datasets for the client.
Optionally, the obtaining the target privacy budget according to the adjustment coefficient and the scoring function result includes:
acquiring an initial privacy budget;
adjusting the initial privacy budget according to the adjustment coefficient and the scoring function result to obtain the target privacy budget;
wherein the target privacy budget is:
,
wherein,for the target privacy budget, < >>For the initial privacy budget, p is the adjustment factor, +.>And (5) the scoring function result.
Optionally, the updated noise-added local model obtained by the scaling factor, the target privacy budget and the initial local model includes:
obtaining data noise according to the target privacy budget;
wherein the data noise is:
,
wherein noise is the data noise,for sensitivity->For the data noise compliant with the Laplace distribution, and the position parameter of the Laplace distribution is 0, the scale parameter is +.>,/>Budgeting for the target privacy;
and obtaining the updated noise-added local model through the scaling factor, the data noise and the initial local model.
Optionally, the obtaining the updated noise-added local model through the scaling factor, the data noise and the initial local model includes:
updating the initial local model through the scaling factor and the data noise to obtain the updated noise-added local model;
the updated noise adding local model is as follows:
,
wherein,adding noise to the updated local model, wherein G is the updated initial local model, and noise is data noise,>is the scaling factor.
Optionally, the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, including:
obtaining a loss value scoring result, an accuracy scoring result and a training round scoring result according to the initial local model and the initial global model;
obtaining the scoring function result through the loss value scoring result, the accuracy scoring result and the training round scoring result;
wherein the scoring function results are:
,
wherein,for the scoring function result, < >>Scoring the loss value for a result,/>Scoring the result for said accuracy, +.>Scoring the training round.
Optionally, the obtaining a loss value scoring result, an accuracy scoring result and a training round scoring result according to the initial local model and the initial global model includes:
obtaining average accuracy through the initial local model and the initial global model;
obtaining the accuracy scoring result according to the average accuracy;
wherein, the accuracy rate scoring result is:
,
wherein,scoring the result for said accuracy, +.>For the accuracy of the jth round, i is the round of the previous round, ++>And N is the number of the clients selected in the training for the accuracy of the ith round.
Optionally, the obtaining a loss value scoring result, an accuracy scoring result and a training round scoring result according to the initial local model and the initial global model includes:
obtaining training round data through the initial local model and the initial global model, wherein the training round data comprises a current training round and a total training round;
obtaining a scoring result of the training round according to the current training round and the total training round;
wherein, the training round scoring result is:
,
wherein,and scoring the training round, wherein T is the current training round, and T is the total training round.
Optionally, the model training by the local data set obtains an initial local model, including:
and carrying out model training through the local data set based on a random gradient descent SGD algorithm to obtain the initial local model.
According to the federal learning method based on the self-adaptive differential privacy, after the client receives the initial global model from the server, the initial local model is obtained through local data set training. And obtaining an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, adjusting the privacy budget through the adjustment coefficient and the scoring function result to obtain a target privacy budget, and considering the influence of the privacy budget on a final training result. And updating and scaling the initial local model according to the scaling factor, adding the adjusted target privacy budget to obtain the updated noise-added local model, eliminating the influence of the privacy budget on the final training result, reducing the influence of noise on the model accuracy, and disturbing the data to achieve the aim of protecting the data privacy. And sending the updated noise-added local model to the server, and finally, aggregating the updated noise-added local model by the server to obtain a target global model. Not only realizing the safety of training, but also ensuring the accuracy of the model.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
Fig. 1 is a schematic flow chart of a federal learning method based on adaptive differential privacy according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a federal learning method based on adaptive differential privacy in an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, this embodiment provides a federal learning method based on adaptive differential privacy, including:
step 110, the server acquires an initial global model, and sends the initial global model to each client.
Specifically, the system comprises a server and at least two clients, wherein the server is in bidirectional connection with each client, the server selects a first-round training-participating client and transmits an initial global model to the training-participating client, and the structure of the initial global model is determined by the server.
And 120, each client acquires a corresponding local data set, and model training is carried out on the initial global model through the local data set to obtain an initial local model.
Specifically, the client participating in the present round of training trains the initial global model based on a local data set, and obtains the initial local model through a gradient descent training model. Gradient descent is a commonly used optimization algorithm for solving the minimization loss function. The method continuously adjusts the values of the model parameters in an iterative mode, and finally, the loss function reaches the minimum value.
And 130, the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, obtains a target privacy budget according to the adjustment coefficient and the scoring function result, obtains an updated noise adding local model through the scaling factor, the target privacy budget and the initial local model, and sends the updated noise adding local model to the server.
Specifically, the client adjusts the privacy budget by adjusting the coefficient and the scoring function result to obtain the target privacy budget. And then, the local model is updated by integrating the scaling factor and the obtained target privacy budget, the updated noise-added local model is obtained, and finally, the updated noise-added local model is uploaded to a server.
And 140, the server performs federal average aggregation operation on all the updated noisy local models, updates the initial global model according to the federal average aggregation operation result to obtain a target global model, sends the target global model to each client, and iteratively updates the target global model until the target global model converges.
Specifically, the server aggregates the updated noise adding local model according to the federal average algorithm to obtain a noise adding target global model, and then selects the next round of training clients and transmits the noise adding target global model to the clients participating in the next round of training. The federal averaging algorithm is a method for model aggregation in federal learning where multiple participants train models in a distributed manner and locally updated model parameters are sent to a server for aggregation.
According to the federal learning method based on the self-adaptive differential privacy, after the client receives the initial global model from the server, the initial local model is obtained through local data set training. And obtaining an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, adjusting the privacy budget through the adjustment coefficient and the scoring function result to obtain a target privacy budget, and considering the influence of the privacy budget on a final training result. And updating and scaling the initial local model according to the scaling factor, adding the adjusted target privacy budget to obtain the updated noise-added local model, eliminating the influence of the privacy budget on the final training result, reducing the influence of noise on the model accuracy, and disturbing the data to achieve the aim of protecting the data privacy. And sending the updated noise-added local model to the server, and finally, aggregating the updated noise-added local model by the server to obtain a target global model. Not only realizing the safety of training, but also ensuring the accuracy of the model.
In the embodiment of the present invention, the obtaining, by the client, an adjustment coefficient, a scoring function result, and a scaling factor according to the initial local model and the initial global model includes:
determining cosine similarity of the initial local model and the initial global model, and taking the cosine similarity as the scaling factor;
wherein the scaling factor is:
,
wherein,and for the scaling factor, A is the initial global model, and B is the initial local model.
In the embodiment of the present invention, the obtaining, by the client, an adjustment coefficient, a scoring function result, and a scaling factor according to the initial local model and the initial global model includes:
when the cosine similarity is smaller than zero, the adjustment coefficient is one;
when the cosine similarity is greater than or equal to zero, obtaining the adjustment coefficient according to the cosine similarity and an adjustment coefficient function;
wherein the adjustment coefficient function is:
,
wherein Y is the adjustment coefficient function, M is the number of all clients in the training, N is the number of selected clients in the training,d is the total number of datasets for the client.
Specifically, when the cosine values of the local model of the current round and the global model of the previous round are non-negative numbers, the similarity of the two is higher, wherein the more similar the two are, the more noise is needed to be added for protection, and the smaller the adjustment coefficient is needed. If the cosine values of the local model of the round and the global model of the previous round are negative values, the similarity of the two is lower, and more noise can make the availability of data lower, so that the adjustment coefficient set to 1 does not change the initial privacy budget so as to maintain the addition of the original noise.
In the embodiment of the present invention, the obtaining the target privacy budget according to the adjustment coefficient and the scoring function result includes:
acquiring an initial privacy budget;
adjusting the initial privacy budget according to the adjustment coefficient and the scoring function result to obtain the target privacy budget;
wherein the target privacy budget is:
,
wherein,for the target privacy budget, < >>For the initial privacy budget, p is the adjustment factor, +.>And (5) the scoring function result.
Specifically, when the scoring result is 50 or less, the change of the local model update is large with fewer training rounds, which is not easy to infer that the original data or the accuracy or loss value is a negative change. Therefore, the availability of the data can be ensured by adding less noise, model convergence is promoted, and the probability of occurrence of p >1 is high because the number of the selected clients is too small compared with the total number of the clients, and the model accuracy trained by the fewer clients is easier to be low, so that the privacy budget is unchanged. When the grading result is larger than 50, the change of the local model update with more training rounds is smaller, the original data is easier to infer, or the accuracy and the loss value are positive changes, more noise can be added to protect the data, the original data is protected, and therefore the product of the adjustment coefficient and the privacy budget is obtained.
According to the federal learning method based on the self-adaptive differential privacy, the target adjustment coefficient is calculated according to the cosine similarity of the global model and the local model, the number of data sets of the clients, the total number of data sets, the number of selected clients and the total number of clients, the influence of the number proportion of the data sets of each client and the number proportion of the selected clients in federal learning is comprehensively considered, and the model accuracy is improved.
In the embodiment of the present invention, the obtaining the updated noise-added local model through the scaling factor, the target privacy budget and the initial local model includes:
obtaining data noise according to the target privacy budget;
wherein the data noise is:
,
wherein noise is the data noise,for sensitivity->For the data noise compliant with the Laplace distribution, and the position parameter of the Laplace distribution is 0, the scale parameter is +.>,/>Budgeting for the target privacy;
and obtaining the updated noise-added local model through the scaling factor, the data noise and the initial local model.
In the embodiment of the present invention, the obtaining the updated noise-added local model through the scaling factor, the data noise and the initial local model includes:
updating the initial local model through the scaling factor and the data noise to obtain the updated noise-added local model;
the updated noise adding local model is as follows:
,
wherein,adding noise to the updated local model, wherein G is the updated initial local model, and noise is data noise,>is the scaling factor.
Specifically, the updated initial local model is calculated as the difference between the new local model and the local model of the previous round.
In the embodiment of the present invention, the obtaining, by the client, an adjustment coefficient, a scoring function result, and a scaling factor according to the initial local model and the initial global model includes:
obtaining a loss value scoring result, an accuracy scoring result and a training round scoring result according to the initial local model and the initial global model;
obtaining the scoring function result through the loss value scoring result, the accuracy scoring result and the training round scoring result;
wherein the scoring function results are:
,
wherein,for the scoring function result, < >>Scoring the loss value for a result,/>Scoring the result for said accuracy, +.>Scoring the training round.
Specifically, the loss value is the error between the output value and the actual value, and should gradually become smaller and eventually remain floating within a smaller range during training. Wherein, the loss value scoring result is:
,
wherein,scoring the loss value for a result,/>For the loss value of the ith round, +.>The loss value of the i-1 th round.
In the embodiment of the present invention, obtaining a loss value scoring result, an accuracy scoring result, and a training round scoring result according to the initial local model and the initial global model includes:
obtaining average accuracy through the initial local model and the initial global model;
obtaining the accuracy scoring result according to the average accuracy;
wherein, the accuracy rate scoring result is:
,
wherein,scoring the result for said accuracy, +.>For the accuracy of the jth round, i is the round of the previous round, ++>And N is the number of the clients selected in the training for the accuracy of the ith round.
Specifically, the accuracy should be in an upward trend during the training process and finally maintain a relatively stable state. Because the fluctuation of the accuracy rate is obvious compared with the fluctuation of the loss value in the general case and the condition that the accuracy rate of two adjacent rounds is large in difference exists, the federal learning method based on the self-adaptive differential privacy of the embodiment averages the accuracy rates and then carries out comparison judgment, so that the error is reduced.
In the embodiment of the present invention, obtaining a loss value scoring result, an accuracy scoring result, and a training round scoring result according to the initial local model and the initial global model includes:
obtaining training round data through the initial local model and the initial global model, wherein the training round data comprises a current training round and a total training round;
obtaining a scoring result of the training round according to the current training round and the total training round;
wherein, the training round scoring result is:
,
wherein,and scoring the training round, wherein T is the current training round, and T is the total training round.
Specifically, the scoring result of the training round increases with the increase of the round until the scoring result of the training round remains unchanged after more than half of the total training round. As the training rounds increase, the result of the scoring function gradually increases.
According to the federal learning method based on the self-adaptive differential privacy, the scoring function result is obtained through the loss value scoring result, the accuracy scoring result and the training round scoring result, so that the influence of noise is reduced to the greatest extent, and the problem that larger noise causes the reduction of model accuracy is avoided.
In the embodiment of the present invention, the performing model training through the local data set to obtain an initial local model includes:
and carrying out model training through the local data set based on a random gradient descent SGD algorithm to obtain the initial local model.
Specifically, the random gradient descent SGD algorithm (Stochastic Gradient Descent, simply referred to as random gradient descent method) is a variation of the gradient descent algorithm. It differs from batch gradient descent in that the SGD uses only one sample gradient for calculation at each parameter update. Randomly selecting a sample, calculating the gradient of the sample to the parameter, updating the value of the parameter according to the direction and the size of the gradient, and repeating the steps until the specified stopping condition is reached.
According to the federal learning method based on the self-adaptive differential privacy, the sample is randomly selected through the random gradient descent SGD algorithm, the gradient of the sample is obtained, and the parameter is updated by utilizing the gradient, so that the algorithm has lower calculation complexity, and a large-scale data set can be processed more efficiently.
In some more specific embodiments, as shown in connection with fig. 2, an initialization phase, a local training phase, a noisy upload phase, and an aggregate download phase are included. In the initialization stage, the server establishes connection with the client, selects the first round of clients participating in training, and sends the initial global model. In the local training stage, the client participating in the present round of training is trained to obtain a new local model through a random gradient descent SGD algorithm based on a local data set. And calculating the difference between the new local model and the local model of the previous round to obtain an updated local model of the current round. In the noise adding uploading stage, the client side firstly adjusts privacy budget, then processes the updated local model to obtain the updated noise adding local model, and finally uploads the updated noise adding local model to the server. In adjusting privacy budget, an adjustment coefficient is calculated according to cosine similarity of a global model and a local model, the number of client data sets, the total number of data sets, the number of selected clients and the total number of clients. And then calculating a scoring function result according to the loss value, the accuracy and the training turns. And finally, adjusting the privacy budget according to the adjustment coefficient and the scoring function result to obtain a new privacy budget. When the local model update is processed, a scaling factor is obtained according to cosine similarity of the global model and the local model, noise is generated according to the new privacy budget, and finally the local model update is scaled according to the scaling factor, the generated noise is added to obtain the updated noise-added local model. And in the aggregation issuing stage, the server aggregates the noisy local model according to the federal average algorithm to update to obtain a noisy global model, and then selects the client side of the next round of participation training, and transmits the noisy global model to the client side of the next round of participation training.
In some more specific embodiments, in combination with the MNIST dataset and logic model shown in Table 1, 3 terminals are selected in each round of training, the batch size is selected 128, and 350 rounds of iterations are performed, in contrast to federal learning using the Laplace mechanism. The MNIST dataset is a classical handwriting recognition dataset, commonly used for entry and benchmarking for machine learning and deep learning. It contains 0 to 9 gray scale images from various human handwriting, each image being 28x28 pixels in size. The Logistic model is a Logistic regression model, and the basic idea is to use an S-shaped function (Logistic function) to add the input features and the corresponding weights, and then map the result to a probability value between 0 and 1, so as to implement a task of two classification or multiple classification. The cosAFed is abbreviated as the method, the LAPFed is abbreviated as federal learning using the laplace mechanism, and best acc (best accuracy), which is also called best accuracy, generally refers to the best accuracy obtained in the training process.
Table 1 comparative experimental data table
According to the federal learning method based on the self-adaptive differential privacy, after the client receives the initial global model from the server, the initial local model is obtained through local data set training. And obtaining an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, adjusting the privacy budget through the adjustment coefficient and the scoring function result to obtain a target privacy budget, and considering the influence of the privacy budget on a final training result. And updating and scaling the initial local model according to the scaling factor, adding the adjusted target privacy budget to obtain the updated noise-added local model, eliminating the influence of the privacy budget on the final training result, reducing the influence of noise on the model accuracy, and disturbing the data to achieve the aim of protecting the data privacy. And sending the updated noise-added local model to the server, and finally, aggregating the updated noise-added local model by the server to obtain a target global model. Not only realizing the safety of training, but also ensuring the accuracy of the model.
It should be noted that in the present invention, relational terms such as "first" and "second" and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features of the invention.
Claims (10)
1. A federal learning method based on adaptive differential privacy, comprising:
the method comprises the steps that a server obtains an initial global model and sends the initial global model to each client;
each client acquires a corresponding local data set, and model training is carried out on the initial global model through the local data set to obtain an initial local model;
the client obtains an adjustment coefficient, a scoring function result and a scaling factor according to the initial local model and the initial global model, obtains a target privacy budget according to the adjustment coefficient and the scoring function result, obtains an updated noise adding local model through the scaling factor, the target privacy budget and the initial local model, and sends the updated noise adding local model to the server;
and the server performs federal average aggregation operation on all the updated noisy local models, updates the initial global model according to the federal average aggregation operation result to obtain a target global model, sends the target global model to each client, and iteratively updates the target global model until the target global model converges.
2. The adaptive differential privacy-based federal learning method of claim 1, wherein the client obtains adjustment coefficients, scoring function results, and scaling factors from the initial local model and the initial global model, comprising:
determining cosine similarity of the initial local model and the initial global model, and taking the cosine similarity as the scaling factor;
wherein the scaling factor is:
,
wherein,and for the scaling factor, A is the initial global model, and B is the initial local model.
3. The adaptive differential privacy-based federal learning method of claim 2, wherein the client obtains adjustment coefficients, scoring function results, and scaling factors from the initial local model and the initial global model, comprising:
when the cosine similarity is smaller than zero, the adjustment coefficient is one;
when the cosine similarity is greater than or equal to zero, obtaining the adjustment coefficient according to the cosine similarity and an adjustment coefficient function;
wherein the adjustment coefficient function is:
,
wherein Y is the adjustment coefficient function, M is the number of all clients in the training, N is the number of selected clients in the training,d is the total number of datasets for the client.
4. The adaptive differential privacy-based federal learning method of claim 1, wherein the deriving a target privacy budget from the adjustment coefficients and the scoring function results comprises:
acquiring an initial privacy budget;
adjusting the initial privacy budget according to the adjustment coefficient and the scoring function result to obtain the target privacy budget;
wherein the target privacy budget is:
,
wherein,for the target privacy budget, < >>For the initial privacy budget, p is the adjustment factor, +.>And (5) the scoring function result.
5. The adaptive differential privacy-based federal learning method of claim 1, wherein the updated noisy local model by the scaling factor, the target privacy budget, and the initial local model comprises:
obtaining data noise according to the target privacy budget;
wherein the data noise is:
,
wherein noise is the data noise,for sensitivity->For the data noise compliant with the Laplace distribution, and the position parameter of the Laplace distribution is 0, the scale parameter is +.>,/>Budgeting for the target privacy;
and obtaining the updated noise-added local model through the scaling factor, the data noise and the initial local model.
6. The adaptive differential privacy-based federal learning method according to claim 5, wherein the deriving the updated noisy local model from the scaling factor, the data noise, and the initial local model comprises:
updating the initial local model through the scaling factor and the data noise to obtain the updated noise-added local model;
the updated noise adding local model is as follows:
,
wherein,adding noise to the updated local model, wherein G is the updated initial local model, and noise is data noise,>is the scaling factor.
7. The adaptive differential privacy-based federal learning method of claim 1, wherein the client obtains adjustment coefficients, scoring function results, and scaling factors from the initial local model and the initial global model, comprising:
obtaining a loss value scoring result, an accuracy scoring result and a training round scoring result according to the initial local model and the initial global model;
obtaining the scoring function result through the loss value scoring result, the accuracy scoring result and the training round scoring result;
wherein the scoring function results are:
,
wherein,for the scoring function result, < >>Scoring the loss value for a result,/>Scoring the result for said accuracy, +.>Scoring the training round.
8. The adaptive differential privacy-based federal learning method of claim 7, wherein the obtaining a loss value score, an accuracy score, and a training round score from the initial local model and the initial global model comprises:
obtaining average accuracy through the initial local model and the initial global model;
obtaining the accuracy scoring result according to the average accuracy;
wherein, the accuracy rate scoring result is:
,
wherein,scoring the result for said accuracy, +.>For the accuracy of the jth round, i is the round of the previous round,and N is the number of the clients selected in the training for the accuracy of the ith round.
9. The adaptive differential privacy-based federal learning method of claim 8, wherein the obtaining a loss value score, an accuracy score, and a training round score from the initial local model and the initial global model comprises:
obtaining training round data through the initial local model and the initial global model, wherein the training round data comprises a current training round and a total training round;
obtaining a scoring result of the training round according to the current training round and the total training round;
wherein, the training round scoring result is:
,
wherein,and scoring the training round, wherein T is the current training round, and T is the total training round.
10. The adaptive differential privacy-based federal learning method of claim 1, wherein the model training by the local data set to obtain an initial local model comprises:
and carrying out model training through the local data set based on a random gradient descent SGD algorithm to obtain the initial local model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410281608.XA CN117874829B (en) | 2024-03-13 | 2024-03-13 | Federal learning method based on self-adaptive differential privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410281608.XA CN117874829B (en) | 2024-03-13 | 2024-03-13 | Federal learning method based on self-adaptive differential privacy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117874829A true CN117874829A (en) | 2024-04-12 |
| CN117874829B CN117874829B (en) | 2024-05-17 |
Family
ID=90581625
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410281608.XA Active CN117874829B (en) | 2024-03-13 | 2024-03-13 | Federal learning method based on self-adaptive differential privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117874829B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118396085A (en) * | 2024-06-26 | 2024-07-26 | 中山大学 | Online character recognition model training method, online character recognition method and online character recognition device |
| CN118569359A (en) * | 2024-07-22 | 2024-08-30 | 湖北工业大学 | Multi-layer asynchronous federation learning method and system based on block chain |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115455471A (en) * | 2022-09-05 | 2022-12-09 | 深圳大学 | Federal recommendation method, device, equipment and storage medium for improving privacy and robustness |
| US20230047092A1 (en) * | 2021-07-30 | 2023-02-16 | Oracle International Corporation | User-level Privacy Preservation for Federated Machine Learning |
| CN117349672A (en) * | 2023-10-31 | 2024-01-05 | 深圳大学 | Model training method, device and equipment based on differential privacy federal learning |
| CN117574429A (en) * | 2023-11-16 | 2024-02-20 | 福建师范大学 | Federal deep learning method for privacy enhancement in edge computing network |
| CN117634594A (en) * | 2024-01-11 | 2024-03-01 | 齐鲁工业大学(山东省科学院) | Self-adaptive clustering federal learning method with differential privacy |
-
2024
- 2024-03-13 CN CN202410281608.XA patent/CN117874829B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230047092A1 (en) * | 2021-07-30 | 2023-02-16 | Oracle International Corporation | User-level Privacy Preservation for Federated Machine Learning |
| CN115455471A (en) * | 2022-09-05 | 2022-12-09 | 深圳大学 | Federal recommendation method, device, equipment and storage medium for improving privacy and robustness |
| CN117349672A (en) * | 2023-10-31 | 2024-01-05 | 深圳大学 | Model training method, device and equipment based on differential privacy federal learning |
| CN117574429A (en) * | 2023-11-16 | 2024-02-20 | 福建师范大学 | Federal deep learning method for privacy enhancement in edge computing network |
| CN117634594A (en) * | 2024-01-11 | 2024-03-01 | 齐鲁工业大学(山东省科学院) | Self-adaptive clustering federal learning method with differential privacy |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118396085A (en) * | 2024-06-26 | 2024-07-26 | 中山大学 | Online character recognition model training method, online character recognition method and online character recognition device |
| CN118569359A (en) * | 2024-07-22 | 2024-08-30 | 湖北工业大学 | Multi-layer asynchronous federation learning method and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117874829B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN117874829B (en) | Federal learning method based on self-adaptive differential privacy | |
| US11941527B2 (en) | Population based training of neural networks | |
| US11586904B2 (en) | Adaptive optimization with improved convergence | |
| CN114510652B (en) | Social collaborative filtering recommendation method based on federal learning | |
| US10671922B2 (en) | Batch renormalization layers | |
| US20120294540A1 (en) | Rank order-based image clustering | |
| US20210065011A1 (en) | Training and application method apparatus system and stroage medium of neural network model | |
| CN111523686B (en) | Method and system for model joint training | |
| US20200257983A1 (en) | Information processing apparatus and method | |
| US9189455B2 (en) | Adaptive weighted stochastic gradient descent | |
| US20200401893A1 (en) | Controlled Adaptive Optimization | |
| CN112292696B (en) | Method and device for determining action selection policy of execution device | |
| CN115331069A (en) | Personalized image classification model training method based on federal learning | |
| CN114065863A (en) | Method, device and system for federal learning, electronic equipment and storage medium | |
| CN117253072A (en) | Image classification method based on personalized federal learning | |
| CN117994635B (en) | Federal element learning image recognition method and system with enhanced noise robustness | |
| CN115270001A (en) | Privacy protection recommendation method and system based on cloud collaborative learning | |
| US20220108220A1 (en) | Systems And Methods For Performing Automatic Label Smoothing Of Augmented Training Data | |
| CN114677535A (en) | Training method of domain-adaptive image classification network, image classification method and device | |
| CN106355191A (en) | Deep generating network random training algorithm and device | |
| CN112836629B (en) | Image classification method | |
| TWI732467B (en) | Method of training sparse connected neural network | |
| CN111630530A (en) | Data processing system and data processing method | |
| CN117217328A (en) | Constraint factor-based federal learning client selection method | |
| CN115146313A (en) | Federal learning differential privacy protection method based on model difference sparsification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |