WO2022110720A1 - Selective gradient updating-based federated modeling method and related device - Google Patents

Selective gradient updating-based federated modeling method and related device Download PDF

Info

Publication number
WO2022110720A1
WO2022110720A1 PCT/CN2021/096651 CN2021096651W WO2022110720A1 WO 2022110720 A1 WO2022110720 A1 WO 2022110720A1 CN 2021096651 W CN2021096651 W CN 2021096651W WO 2022110720 A1 WO2022110720 A1 WO 2022110720A1
Authority
WO
WIPO (PCT)
Prior art keywords
component
gradient
local model
threshold
absolute value
Prior art date
Application number
PCT/CN2021/096651
Other languages
French (fr)
Chinese (zh)
Inventor
李泽远
王健宗
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022110720A1 publication Critical patent/WO2022110720A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Definitions

  • This application relates to the field of artificial intelligence technology and digital medicine, specifically to medical informatization, and in particular to a federal modeling method based on selective gradient update and related equipment.
  • Medical data is different from general industry data because of its sensitivity and importance. The law has also formulated a very strict protection mechanism for the privacy of medical data. Medical data includes medical record information, medical insurance information, health logs, genetics, medical experiments, scientific research data, etc. Among them, personal medical record information, medical insurance information and other medical data are related to personal privacy and security, while medical experimental data, scientific research data, etc. It is related to the development of the medical industry and even national security. Therefore, it is not feasible to share data among various hospitals and then centrally train them to improve the accuracy of various disease prediction models.
  • the purpose of this application is to provide a federated modeling method and related equipment based on selective gradient update, which aims to solve the problem that privacy is easily leaked in the existing federated modeling method based on medical data.
  • an embodiment of the present application provides a selective gradient update-based federated modeling method, including:
  • Each client reads the global model gradient of the machine learning model from the server;
  • Each of the clients initializes the global model gradient
  • Each of the clients performs model training locally in parallel according to their respective sample data, to obtain a local model gradient corresponding to each of the clients;
  • the sample data is medical data;
  • Each of the clients encrypts and uploads the components of their respective local model gradients, or clips their respective local model gradients to within a preset range and then encrypts and uploads them, so that the server side can compare the local model gradients uploaded by each client.
  • the components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
  • an embodiment of the present application provides a selective gradient update-based federated modeling apparatus, including:
  • the reading unit is used to read the global model gradient of the machine learning model from the server;
  • a training unit configured to perform model training locally according to the respective sample data in parallel to obtain the local model gradient corresponding to each of the clients;
  • the sample data is medical data;
  • the encryption uploading unit is used to encrypt and upload the components of the respective local model gradients, or to clip the respective local model gradients to a preset range before encrypting and uploading, so that the server side uploads the local model gradients from each client.
  • the components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
  • an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program When the federated modeling method based on selective gradient update as described in the first aspect is implemented.
  • an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when executed by a processor, the computer program causes the processor to execute the first The selective gradient update-based federated modeling method described in the aspect.
  • the embodiments of the present application provide a federated modeling method and related equipment based on selective gradient update.
  • the method includes: each client reads the global model gradient of the machine learning model from the server; Perform initialization; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients, Or clip the respective local model gradients to a preset range, encrypt and upload them, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average gradient obtained by the aggregation Update the machine learning model.
  • the embodiments of the present application apply the selective gradient update technology to protect medical data, and more effectively protect the data security of patients and hospitals.
  • FIG. 1 is a schematic flowchart of a federated modeling method based on selective gradient update provided by an embodiment of the present application
  • FIG. 2 is a schematic sub-flow diagram of a federated modeling method based on selective gradient update provided by an embodiment of the present application
  • FIG. 3 is a schematic diagram of another sub-flow of the federated modeling method based on selective gradient update provided by an embodiment of the present application;
  • FIG. 4 is a schematic diagram of another sub-flow of the federated modeling method based on selective gradient update provided by an embodiment of the present application;
  • FIG. 5 is a schematic block diagram of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application
  • FIG. 6 is a schematic block diagram of subunits of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application;
  • FIG. 7 is a schematic block diagram of another subunit of the federated modeling apparatus based on selective gradient update provided by an embodiment of the present application.
  • FIG. 8 is a schematic block diagram of another subunit of the federated modeling apparatus based on selective gradient update provided by an embodiment of the present application.
  • FIG. 9 is a schematic block diagram of a computer device according to an embodiment of the present application.
  • FIG. 1 is a schematic flowchart of a federated modeling method based on selective gradient update provided by an embodiment of the present application, which includes steps S101-S104:
  • each client reads the global model gradient of the machine learning model from the server;
  • the client in the embodiment of the present application may refer to the local hospital terminal, and joint modeling is performed between the local hospital terminals under the premise of encryption, so as to improve the overall modeling effect.
  • Each client has a fixed local dataset and suitable computing resources to run mini-batch SGD (stochastic gradient descent) updates.
  • Each client shares the same machine learning model neural network structure and loss function from the server.
  • each client reads the global model gradient W (t) of the machine learning model from the server.
  • each client initializes the global model gradient
  • each client initializes the global model gradient W (t) , that is, initializes it to the local model gradient W (0,t) .
  • each of the clients performs model training locally in parallel according to their respective sample data, to obtain a local model gradient corresponding to each of the clients;
  • the sample data is medical data;
  • each client performs model training locally according to its own sample data, and updates the local model gradient W (0, t) to the local model gradient W (l, t) by running multiple times of stochastic gradient descent (SGD).
  • SGD stochastic gradient descent
  • the sample data in the embodiment of the present application is a local data set, which includes medical record information, medical insurance information, health logs, genetic inheritance, medical experiments, scientific research data, and the like.
  • Each of the clients encrypts and uploads the components of their respective local model gradients, or clips their respective local model gradients to within a preset range and then encrypts and uploads them, so that the server side can perform encryption on the local model uploaded by each client.
  • the components of the gradient or the clipped local model gradients are aggregated, and the machine learning model is updated according to the aggregated average gradient.
  • the embodiment of the present application adopts a selective gradient update method to select and update the gradient, and by limiting the gradient uploaded by the local hospital, it provides strong protection against indirect data leakage during the model training process.
  • the embodiment of the present application can implement selective gradient update in two ways. One is to encrypt and upload the components of the local model gradient, and the other is to clip the local model gradient to a preset range and then encrypt and upload it. . After the server side receives the local model gradient or its components uploaded by each client, aggregation can be performed. polymerization. The machine learning model is then updated based on the aggregated average gradients. The two methods are described in detail below.
  • the steps of encrypting and uploading the components of the respective local model gradients include steps S201 to S203:
  • a component W i is randomly selected from the local model gradient ⁇ W (t) , and then the absolute value abs(W i ) of the randomly selected component Wi is compared with the preset threshold value For comparison, if the absolute value of the component is greater than the preset threshold, it indicates that the component is sufficiently representative, that is, it can represent the gradient of the local training of the corresponding client in this round, so the component can be encrypted and uploaded.
  • step S201 before the step S201, it further includes:
  • the absolute value of the local model gradient is calculated, and the preset threshold is determined according to the percentile of the absolute value of the local model gradient.
  • ⁇ (t) is determined by the percentile of the absolute value of the local model gradient ⁇ W ( t ), so first calculate the absolute value of the local model gradient ⁇ W (t) abs( ⁇ W (t) ), then obtain the percentile of the absolute value abs( ⁇ W (t) ), and then determine the preset threshold according to the percentile.
  • Percentile is used for descriptive analysis of data, it refers to a location metric, a measure used to measure the location of data, giving information on the distribution of data between minimum and maximum values. For a certain group of data, first sort the group of data from small to large, and calculate the corresponding cumulative percentile, then the value of the data corresponding to a certain percentile is called the percentile of this percentile.
  • a set of data with n values is arranged in ascending order of value, and the value at the p% position is called the pth percentile. Therefore, in this embodiment of the present application, the percentile of the absolute value of the local model gradient of each client in the absolute value of the local model gradients of all clients can be obtained, thereby determining the preset threshold of each client.
  • the step S203 includes:
  • the encryption method is to add noise to the absolute value of the component, and then upload it. In this way, gradient information is not easily cracked, thereby further protecting medical data from leakage.
  • adding noise to the absolute value of the component and then uploading it includes steps S301 to S303:
  • the absolute value of the component is first compared with the noise threshold. If the absolute value of the component is smaller than the noise threshold, it means that noise can be added to the component, and then the component after adding the noise is clipped to the component Within the threshold range, upload again.
  • the step S303 includes:
  • the noise-added component Wi is trimmed into the component threshold range as follows, and uploaded:
  • Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ⁇ 2 represents the privacy budget of the noise threshold; clip(x, ⁇ ) represents the clipped gradient domain range of the gradient x is [- ⁇ , ⁇ ] ; s denotes the gradient sensitivity bounded by ⁇ , and q denotes the number of shared gradients computed.
  • the noise threshold can be That is, the gradient is added on the basis of the preset threshold A random variable sampled from the Laplace distribution.
  • the clipping of the respective local model gradients to a preset range before encryption and uploading includes steps S401 to S403:
  • the gradient of the local model is clipped so that it is within a preset range.
  • the part of the gradient of the local model that exceeds the upper threshold and the part that is lower than the lower threshold can be obtained first, and then the part exceeding the upper threshold is replaced with the upper threshold, and the part lower than the lower threshold is replaced with the lower threshold, so as to realize the
  • the local model gradient is mapped to a preset range, and the replaced upper threshold, lower threshold and the unreplaced part are combined into a new local model gradient, and then encrypted and uploaded.
  • the part that is not replaced is the part that is originally within the preset range.
  • the combination refers to the combination according to the structure of the original local model gradient, so that the local model gradient can reflect the real situation.
  • the aforementioned encryption principle can also be used for encryption, that is, adding noise to the gradient of the new local model, and then encrypting and uploading it.
  • FIG. 5 is a schematic block diagram of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application.
  • the federated modeling apparatus 500 based on selective gradient update includes:
  • a reading unit 501 is used to read the global model gradient of the machine learning model from the server;
  • a training unit 503 configured to perform model training locally according to the respective sample data in parallel to obtain the local model gradient corresponding to each of the clients;
  • the sample data is medical data;
  • the encryption uploading unit 504 is used for encrypting and uploading the components of the respective local model gradients, or clipping the respective local model gradients to within a preset range and then encrypting and uploading them, so that the server can upload the local model uploaded by each client.
  • the components of the gradient or the clipped local model gradients are aggregated, and the machine learning model is updated according to the aggregated average gradient.
  • the encryption uploading unit 504 includes:
  • a random selection unit 601 configured to randomly select a component from the local model gradient
  • a component comparison unit 602 configured to compare the absolute value of the randomly selected component with a preset threshold
  • the uploading unit 603 is configured to encrypt and upload the component if the absolute value of the component is greater than the preset threshold.
  • the encryption uploading unit 504 further includes:
  • a preset threshold determination unit configured to calculate the absolute value of the gradient of the local model, and determine the preset threshold according to the percentile of the absolute value of the gradient of the local model.
  • the uploading unit 603 includes:
  • the noise adding unit is used for adding noise to the absolute value of the component, and then uploading.
  • the noise adding unit includes:
  • a noise comparison unit 701 configured to compare the absolute value of the component with a noise threshold
  • a noise setting unit 702 configured to add noise to the component if the absolute value of the component is less than the noise threshold;
  • a component clipping unit 703, configured to clip the noise-added component to be within the component threshold range, and upload the component.
  • the component cropping unit includes:
  • the trimming subunit is used to trim the noise-added component Wi to be within the component threshold range, and upload it as follows:
  • Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ⁇ 2 represents the privacy budget of the noise threshold; clip(x, ⁇ ) represents the clipped gradient domain range of the gradient x is [- ⁇ , ⁇ ] ; s denotes the gradient sensitivity bounded by ⁇ , and q denotes the number of shared gradients computed.
  • the encryption uploading unit 504 further includes:
  • an obtaining unit 801 configured to obtain the part exceeding the upper threshold and the part lower than the lower threshold in the local model gradient
  • a replacement unit 802 configured to replace the part exceeding the upper limit threshold with an upper limit threshold, and replace the part below the lower limit threshold with a lower limit threshold;
  • the combining unit 803 is configured to combine the replaced upper threshold value, the lower threshold value and the unreplaced part into a new local model gradient, encrypt and upload it.
  • the device of the embodiment of the present application applies the selective gradient update technology to protect medical data, and more effectively protects the data security of patients and hospitals.
  • the above-mentioned selective gradient update-based federated modeling apparatus 500 can be implemented in the form of a computer program, and the computer program can be executed on a computer device as shown in FIG. 9 .
  • FIG. 9 is a schematic block diagram of a computer device provided by an embodiment of the present application.
  • the computer device 900 is a server, and the server may be an independent server or a server cluster composed of multiple servers.
  • the computer device 900 includes a processor 902 , a memory and a network interface 905 connected by a system bus 901 , wherein the memory may include a non-volatile storage medium 903 and an internal memory 904 .
  • the nonvolatile storage medium 903 can store an operating system 9031 and a computer program 9032 .
  • the computer program 9032 when executed, can cause the processor 902 to perform a selective gradient update based federated modeling method.
  • the processor 902 is used to provide computing and control capabilities to support the operation of the entire computer device 900 .
  • the internal memory 904 provides an environment for the execution of a computer program 9032 in the non-volatile storage medium 903, the computer program 9032, when executed by the processor 902, can cause the processor 902 to execute the selective gradient update based federated modeling method.
  • the network interface 905 is used for network communication, such as providing transmission of data information.
  • the network interface 905 is used for network communication, such as providing transmission of data information.
  • FIG. 9 is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on the computer device 900 to which the solution of the present application is applied.
  • the specific computer device 900 may include more or fewer components than shown, or combine certain components, or have a different arrangement of components.
  • the processor 902 is configured to run the computer program 9032 stored in the memory, so as to realize the following functions: each client reads the global model gradient of the machine learning model from the server; The gradient is initialized; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients , or clip the respective local model gradients to a preset range before encrypting and uploading, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average obtained by the aggregation Gradients update the machine learning model.
  • the processor 902 when performing the step of encrypting and uploading the components of the respective local model gradients, performs the following operations: randomly select a component from the local model gradients; The absolute value of the component is compared with a preset threshold; if the absolute value of the component is greater than the preset threshold, the component is encrypted and uploaded.
  • the processor 902 before executing the step of randomly selecting a component from the local model gradient, performs the following operations: calculating the absolute value of the local model gradient, and calculating an absolute value of the local model gradient according to the The percentile of absolute values determines the preset threshold.
  • the processor 902 when the processor 902 performs the step of encrypting and uploading the component if the absolute value of the component is greater than the preset threshold, the processor 902 performs the following operations: Add noise to the value and upload it.
  • the processor 902 when performing the step of adding noise to the absolute value of the component and then uploading, performs the following operations: compare the absolute value of the component with a noise threshold; If the absolute value of the component is less than the noise threshold, then add noise to the component; trim the component after adding the noise to the range of the component threshold, and upload it.
  • the processor 902 when the processor 902 performs the step of clipping the noise-added component to the component threshold range and uploading, the processor 902 performs the following operations: the noise-added component W i Crop to within component thresholds and upload: Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ⁇ 2 represents the privacy budget of the noise threshold; clip(x, ⁇ ) represents the clipped gradient domain range of the gradient x is [- ⁇ , ⁇ ] ; s denotes the gradient sensitivity bounded by ⁇ , and q denotes the number of shared gradients computed.
  • the processor 902 when the processor 902 performs the step of clipping the respective local model gradients to a preset range before encrypting and uploading them, the processor 902 performs the following operations: acquiring the part of the local model gradients that exceeds the upper threshold value; and the part lower than the lower threshold; the part that exceeds the upper threshold is replaced with the upper threshold, and the part lower than the lower threshold is replaced with the lower threshold; the replaced upper threshold, lower threshold and the unreplaced part are combined as New local model gradients, encrypted and uploaded.
  • the embodiment of the computer device shown in FIG. 9 does not constitute a limitation on the specific structure of the computer device.
  • the computer device may include more or less components than those shown in the drawings. Either some components are combined, or different component arrangements.
  • the computer device may only include a memory and a processor. In such an embodiment, the structures and functions of the memory and the processor are the same as those of the embodiment shown in FIG. 9 , and details are not repeated here.
  • the processor 902 may be a central processing unit (Central Processing Unit, CPU), and the processor 902 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor can be a microprocessor or the processor can also be any conventional processor or the like.
  • a computer-readable storage medium may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium.
  • the computer-readable storage medium stores a computer program, wherein when the computer program is executed by the processor, the following steps are implemented: each client reads the global model gradient of the machine learning model from the server; Perform initialization; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients, Or clip the respective local model gradients to a preset range, encrypt and upload them, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average gradient obtained by the aggregation Update the machine learning model.
  • the disclosed apparatus, apparatus and method may be implemented in other manners.
  • the device embodiments described above are only illustrative.
  • the division of the units is only logical function division.
  • there may be other division methods, or units with the same function may be grouped into one Units, such as multiple units or components, may be combined or may be integrated into another system, or some features may be omitted, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solutions of the embodiments of the present application.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a storage medium.
  • the technical solutions of the present application are essentially or part of contributions to the prior art, or all or part of the technical solutions can be embodied in the form of software products, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM, Read-Only Memory), a magnetic disk or an optical disk and other media that can store program codes.

Abstract

A selective gradient updating-based federated modeling method and a related device, which relate to the technical field of artificial intelligence, and which can be applied in a smart hospital system. The method comprises: client ends read, from a server end, a global model gradient of a machine learning model (S101); client ends initialize the global model gradient (S102); client ends locally execute model training in parallel according to sample data of each of the client ends, and obtain local model gradients corresponding to each of the client ends, the sample data being medical data (S103); client ends encrypt and upload components of the local model gradients of each of the client ends, or clip the local model gradients of each of the client ends to within a preset range and then performing encryption and uploading, enabling the server end to perform aggregation on the components of the local model gradients uploaded by the client ends or the local model gradients after clipping, and to update the machine learning model according to an aggregated average gradient (S104). The present method implements privacy protection for medical data.

Description

基于选择性梯度更新的联邦建模方法及相关设备Federated Modeling Method and Related Equipment Based on Selective Gradient Update
本申请要求于2020年11月24日提交中国专利局、申请号为202011327560.X,发明名称为“基于选择性梯度更新的联邦建模方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on November 24, 2020 with the application number 202011327560.X and the invention titled "Federal Modeling Method and Related Equipment Based on Selective Gradient Update", all of which The contents are incorporated herein by reference.
技术领域technical field
本申请涉及人工智能技术和数字医疗领域,具体涉及医疗信息化,特别涉及基于选择性梯度更新的联邦建模方法及相关设备。This application relates to the field of artificial intelligence technology and digital medicine, specifically to medical informatization, and in particular to a federal modeling method based on selective gradient update and related equipment.
背景技术Background technique
医疗数据因其敏感性和重要性,而有别于一般行业的数据,法律也对医疗数据的隐私权制定了极为严格的保护机制。医疗数据包括病历信息、医疗保险信息、健康日志、基因遗传、医学实验、科研数据等,其中个人的病历信息、医疗保险信息等医疗数据关系到个人的隐私安全,医疗实验数据、科研数据等则关系到医疗行业发展,甚至关系到国家安全。所以将各个医院之间的数据进行分享,然后集中训练来提高各类疾病预测模型准确性的方式并不可行。Medical data is different from general industry data because of its sensitivity and importance. The law has also formulated a very strict protection mechanism for the privacy of medical data. Medical data includes medical record information, medical insurance information, health logs, genetics, medical experiments, scientific research data, etc. Among them, personal medical record information, medical insurance information and other medical data are related to personal privacy and security, while medical experimental data, scientific research data, etc. It is related to the development of the medical industry and even national security. Therefore, it is not feasible to share data among various hospitals and then centrally train them to improve the accuracy of various disease prediction models.
然而使用深度卷积神经网络训练模型通常需要大量不同的训练样本集,现有技术已实现基于联邦学习来打破医院之间的数据壁垒,数据不出医院,只需要上传加密的本地模型梯度,就可以进行联合模型训练来提升模型性能,虽然联邦学习可以在隐私方面提高了安全性,但发明人意识到它仍然有训练数据泄漏的可能,例如可以通过模型逆推来重建单个训练模型。However, using a deep convolutional neural network to train a model usually requires a large number of different training sample sets. The existing technology has implemented federated learning to break the data barriers between hospitals. The data does not go out of the hospital, and only the encrypted local model gradient needs to be uploaded. Federated model training can be performed to improve model performance. Although federated learning can improve security in terms of privacy, the inventors realized that it still has the potential for training data leakage, such as the ability to reconstruct a single training model through model inversion.
申请内容Application content
本申请的目的是提供基于选择性梯度更新的联邦建模方法及相关设备,旨在解决现有基于医疗数据进行联邦建模的方法仍存在隐私容易泄露的问题。The purpose of this application is to provide a federated modeling method and related equipment based on selective gradient update, which aims to solve the problem that privacy is easily leaked in the existing federated modeling method based on medical data.
第一方面,本申请实施例提供一种基于选择性梯度更新的联邦建模方法,其中,包括:In a first aspect, an embodiment of the present application provides a selective gradient update-based federated modeling method, including:
各客户端从服务器端读取机器学习模型的全局模型梯度;Each client reads the global model gradient of the machine learning model from the server;
各所述客户端对所述全局模型梯度进行初始化;Each of the clients initializes the global model gradient;
各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;Each of the clients performs model training locally in parallel according to their respective sample data, to obtain a local model gradient corresponding to each of the clients; the sample data is medical data;
各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。Each of the clients encrypts and uploads the components of their respective local model gradients, or clips their respective local model gradients to within a preset range and then encrypts and uploads them, so that the server side can compare the local model gradients uploaded by each client. The components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
第二方面,本申请实施例提供一种基于选择性梯度更新的联邦建模装置,其中,包括:In a second aspect, an embodiment of the present application provides a selective gradient update-based federated modeling apparatus, including:
读取单元,用于从服务器端读取机器学习模型的全局模型梯度;The reading unit is used to read the global model gradient of the machine learning model from the server;
初始化单元,用于对所述全局模型梯度进行初始化;an initialization unit for initializing the global model gradient;
训练单元,用于根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;a training unit, configured to perform model training locally according to the respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; the sample data is medical data;
加密上传单元,用于将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。The encryption uploading unit is used to encrypt and upload the components of the respective local model gradients, or to clip the respective local model gradients to a preset range before encrypting and uploading, so that the server side uploads the local model gradients from each client. The components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
第三方面,本申请实施例提供一种计算机设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现如第一方面所述的基于选择性梯度更新的联邦建模方法。In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program When the federated modeling method based on selective gradient update as described in the first aspect is implemented.
第四方面,本申请实施例提供一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序当被处理器执行时使所述处理器执行如第一方面所述的基于选择性梯度更新的联邦建模方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when executed by a processor, the computer program causes the processor to execute the first The selective gradient update-based federated modeling method described in the aspect.
本申请实施例提供了基于选择性梯度更新的联邦建模方法及相关设备,方法包括:各客户端从服务器端读取机器学习模型的全局模型梯度;各所述客户端对所述全局模型梯度进行初始化;各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。本申请实施例应用选择性梯度更新技术来保护医疗数据,更有效的保护患者与医院的数据安全。The embodiments of the present application provide a federated modeling method and related equipment based on selective gradient update. The method includes: each client reads the global model gradient of the machine learning model from the server; Perform initialization; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients, Or clip the respective local model gradients to a preset range, encrypt and upload them, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average gradient obtained by the aggregation Update the machine learning model. The embodiments of the present application apply the selective gradient update technology to protect medical data, and more effectively protect the data security of patients and hospitals.
附图说明Description of drawings
为了更清楚地说明本申请实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present application more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. For those of ordinary skill, other drawings can also be obtained from these drawings without any creative effort.
图1为本申请实施例提供的基于选择性梯度更新的联邦建模方法的流程示意图;1 is a schematic flowchart of a federated modeling method based on selective gradient update provided by an embodiment of the present application;
图2为本申请实施例提供的基于选择性梯度更新的联邦建模方法的子流程示意图;FIG. 2 is a schematic sub-flow diagram of a federated modeling method based on selective gradient update provided by an embodiment of the present application;
图3为本申请实施例提供的基于选择性梯度更新的联邦建模方法的另一子流程示意图;3 is a schematic diagram of another sub-flow of the federated modeling method based on selective gradient update provided by an embodiment of the present application;
图4为本申请实施例提供的基于选择性梯度更新的联邦建模方法的另一子流程示意图;4 is a schematic diagram of another sub-flow of the federated modeling method based on selective gradient update provided by an embodiment of the present application;
图5为本申请实施例提供的基于选择性梯度更新的联邦建模装置的示意性框图;FIG. 5 is a schematic block diagram of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application;
图6为本申请实施例提供的基于选择性梯度更新的联邦建模装置的子单元示意性框图;FIG. 6 is a schematic block diagram of subunits of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application;
图7为本申请实施例提供的基于选择性梯度更新的联邦建模装置的另一子单元示意性框图;FIG. 7 is a schematic block diagram of another subunit of the federated modeling apparatus based on selective gradient update provided by an embodiment of the present application;
图8为本申请实施例提供的基于选择性梯度更新的联邦建模装置的另一子单元示意性框图;FIG. 8 is a schematic block diagram of another subunit of the federated modeling apparatus based on selective gradient update provided by an embodiment of the present application;
图9为本申请实施例提供的计算机设备的示意性框图。FIG. 9 is a schematic block diagram of a computer device according to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的 实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.
应当理解,当在本说明书和所附权利要求书中使用时,术语“包括”和“包含”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It is to be understood that, when used in this specification and the appended claims, the terms "comprising" and "comprising" indicate the presence of the described features, integers, steps, operations, elements and/or components, but do not exclude one or The presence or addition of a number of other features, integers, steps, operations, elements, components, and/or sets thereof.
还应当理解,在此本申请说明书中所使用的术语仅仅是出于描述特定实施例的目的而并不意在限制本申请。如在本申请说明书和所附权利要求书中所使用的那样,除非上下文清楚地指明其它情况,否则单数形式的“一”、“一个”及“该”意在包括复数形式。It should also be understood that the terminology used in the specification of the application herein is for the purpose of describing particular embodiments only and is not intended to limit the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural unless the context clearly dictates otherwise.
还应当进一步理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be further understood that, as used in this specification and the appended claims, the term "and/or" refers to and including any and all possible combinations of one or more of the associated listed items .
请参阅图1,图1为本申请实施例提供的一种基于选择性梯度更新的联邦建模方法的流程示意图,其包括步骤S101~S104:Please refer to FIG. 1. FIG. 1 is a schematic flowchart of a federated modeling method based on selective gradient update provided by an embodiment of the present application, which includes steps S101-S104:
S101、各客户端从服务器端读取机器学习模型的全局模型梯度;S101, each client reads the global model gradient of the machine learning model from the server;
本申请实施例中的客户端可以是指本地医院端,各本地医院端之间在加密前提下进行联合建模,提高整体建模效果。The client in the embodiment of the present application may refer to the local hospital terminal, and joint modeling is performed between the local hospital terminals under the premise of encryption, so as to improve the overall modeling effect.
每一客户端都有一个固定的本地数据集和合适的计算资源来运行小批量SGD(随机梯度下降法)更新。各客户端从服务器端共享得到相同的机器学习模型神经网络结构和损失函数。Each client has a fixed local dataset and suitable computing resources to run mini-batch SGD (stochastic gradient descent) updates. Each client shares the same machine learning model neural network structure and loss function from the server.
在联合训练t轮次迭代过程中,各客户端从服务器端读取机器学习模型的全局模型梯度W (t)During the joint training t rounds of iterations, each client reads the global model gradient W (t) of the machine learning model from the server.
S102、各所述客户端对所述全局模型梯度进行初始化;S102, each client initializes the global model gradient;
此步骤中,各客户端对全局模型梯度W (t)进行初始化,也即初始化为本地模型梯度W (0,t)In this step, each client initializes the global model gradient W (t) , that is, initializes it to the local model gradient W (0,t) .
S103、各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;S103, each of the clients performs model training locally in parallel according to their respective sample data, to obtain a local model gradient corresponding to each of the clients; the sample data is medical data;
此步骤中,各客户端根据各自的样本数据在本地执行模型训练,通过运行多次随机梯度下降法(SGD)将所述本地模型梯度W (0,t)更新为本地模型梯度W (l,t),其中,l指损失函数,后续可将更新后的本地模型梯度表示为ΔW (t)In this step, each client performs model training locally according to its own sample data, and updates the local model gradient W (0, t) to the local model gradient W (l, t) by running multiple times of stochastic gradient descent (SGD). t) , where l refers to the loss function, and the updated local model gradient can be subsequently expressed as ΔW (t) .
本申请实施例中的样本数据即本地数据集,其包含病历信息、医疗保险信息、健康日志、基因遗传、医学实验、科研数据等。The sample data in the embodiment of the present application is a local data set, which includes medical record information, medical insurance information, health logs, genetic inheritance, medical experiments, scientific research data, and the like.
S104、各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。S104: Each of the clients encrypts and uploads the components of their respective local model gradients, or clips their respective local model gradients to within a preset range and then encrypts and uploads them, so that the server side can perform encryption on the local model uploaded by each client. The components of the gradient or the clipped local model gradients are aggregated, and the machine learning model is updated according to the aggregated average gradient.
在此步骤中,每一轮本地模型训练之后,均将本地模型梯度ΔW (t)加密上传。由于在上述本地模型训练过程中,模型逆向攻击可以从更新的本地模型梯度ΔW (t)或者联合训练中的全局模型梯度W (t)中提取出一些病人隐私信息。所以,本申请实施例采用一种选择性梯度更新的方法进行梯度的选择更新,通过限制本地医院端上传的梯度,对模型训练过程中发生的 间接性数据泄漏的情况提供强大保护。 In this step, after each round of local model training, the local model gradient ΔW (t) is encrypted and uploaded. Since in the above local model training process, the model reverse attack can extract some patient privacy information from the updated local model gradient ΔW (t) or the global model gradient W (t) in joint training. Therefore, the embodiment of the present application adopts a selective gradient update method to select and update the gradient, and by limiting the gradient uploaded by the local hospital, it provides strong protection against indirect data leakage during the model training process.
具体的,本申请实施例可以采用两种方式来实现选择性梯度更新,一种是将本地模型梯度的分量进行加密上传,另一种是将本地模型梯度裁剪至预设范围内再进行加密上传。服务器端接收到各客户端上传的本地模型梯度或其分量后,即可进行聚合,本申请实施例中可采用FedAvg算法对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合。然后根据聚合得到的平均梯度来对机器学习模型进行更新。下面分别对这两种方式进行具体说明。Specifically, the embodiment of the present application can implement selective gradient update in two ways. One is to encrypt and upload the components of the local model gradient, and the other is to clip the local model gradient to a preset range and then encrypt and upload it. . After the server side receives the local model gradient or its components uploaded by each client, aggregation can be performed. polymerization. The machine learning model is then updated based on the aggregated average gradients. The two methods are described in detail below.
在一实施例中,如图2所示,所述将各自的本地模型梯度的分量进行加密并上传,包括步骤S201~S203:In one embodiment, as shown in FIG. 2 , the steps of encrypting and uploading the components of the respective local model gradients include steps S201 to S203:
S201、从所述本地模型梯度中随机选择一分量;S201, randomly selecting a component from the local model gradient;
S202、将随机选择的所述分量的绝对值与预设阈值进行比较;S202, comparing the absolute value of the randomly selected component with a preset threshold;
S203、若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。S203. If the absolute value of the component is greater than the preset threshold, encrypt and upload the component.
本实施例中,是先从本地模型梯度ΔW (t)中随机选择一分量W i,然后将随机选择到的该分量W i的绝对值abs(W i)与预设阈值
Figure PCTCN2021096651-appb-000001
进行比较,如果该分量的绝对值大于预设阈值,则表明该分量具有足够的代表性,即可以代表对应客户端在本轮本地训练的梯度,所以可将该分量进行加密上传。 In this embodiment, a component W i is randomly selected from the local model gradient ΔW (t) , and then the absolute value abs(W i ) of the randomly selected component Wi is compared with the preset threshold value
Figure PCTCN2021096651-appb-000001
For comparison, if the absolute value of the component is greater than the preset threshold, it indicates that the component is sufficiently representative, that is, it can represent the gradient of the local training of the corresponding client in this round, so the component can be encrypted and uploaded.
在一实施例中,所述步骤S201之前,还包括:In an embodiment, before the step S201, it further includes:
计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。The absolute value of the local model gradient is calculated, and the preset threshold is determined according to the percentile of the absolute value of the local model gradient.
本实施例中,τ (t)是由本地模型梯度ΔW (t)的绝对值的百分位数确定,所以先计算出所述本地模型梯度ΔW (t)的绝对值abs(ΔW (t)),然后获取该绝对值abs(ΔW (t))的百分位数,再根据所述百分位数来确定所述预设阈值。百分位数是用于数据的描述性分析,其是指一个位置指标,用于衡量数据的位置的量度,给出了数据在最小值和最大值之间的分布信息。对于某组数据,首先将该组数据从小到大排序,并计算相应的累计百分位,则某一百分位所对应数据的值就称为这一百分位的百分位数。简言之,将一组含有n个值的数据,按数值从小到大排列,将处于p%位置的值称第p百分位数。所以本申请实施例可以获取每一客户端的本地模型梯度的绝对值在所有客户端的本地模型梯度的绝对值的百分位数,从而确定每一客户端的预设阈值。 In this embodiment, τ (t) is determined by the percentile of the absolute value of the local model gradient ΔW ( t ), so first calculate the absolute value of the local model gradient ΔW (t) abs(ΔW (t) ), then obtain the percentile of the absolute value abs(ΔW (t) ), and then determine the preset threshold according to the percentile. Percentile is used for descriptive analysis of data, it refers to a location metric, a measure used to measure the location of data, giving information on the distribution of data between minimum and maximum values. For a certain group of data, first sort the group of data from small to large, and calculate the corresponding cumulative percentile, then the value of the data corresponding to a certain percentile is called the percentile of this percentile. In short, a set of data with n values is arranged in ascending order of value, and the value at the p% position is called the pth percentile. Therefore, in this embodiment of the present application, the percentile of the absolute value of the local model gradient of each client in the absolute value of the local model gradients of all clients can be obtained, thereby determining the preset threshold of each client.
在一实施例中,所述步骤S203包括:In one embodiment, the step S203 includes:
在所述分量的绝对值中加入噪声,然后进行上传。Add noise to the absolute values of the components and upload.
本步骤中,加密的方式是在分量的绝对值中加入噪声,然后进行上传。这样,梯度信息不易被破解,从而进一步保护医疗数据,以免外泄。In this step, the encryption method is to add noise to the absolute value of the component, and then upload it. In this way, gradient information is not easily cracked, thereby further protecting medical data from leakage.
在一实施例中,如图3所示,所述在所述分量的绝对值中加入噪声,然后进行上传,包括步骤S301~S303:In an embodiment, as shown in FIG. 3 , adding noise to the absolute value of the component and then uploading it includes steps S301 to S303:
S301、将所述分量的绝对值与噪声阈值进行比较;S301, comparing the absolute value of the component with a noise threshold;
S302、若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;S302. If the absolute value of the component is less than the noise threshold, add noise to the component;
S303、将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。S303 , trim the component after adding the noise to the component threshold range, and upload it.
本实施例中,先将所述分量的绝对值与噪声阈值进行比较,如果该分量的绝对值小于噪声阈值,则代表可以在所述分量中添加噪声,然后将增加噪声后的分量裁剪到分量阈值范围内,再进行上传。In this embodiment, the absolute value of the component is first compared with the noise threshold. If the absolute value of the component is smaller than the noise threshold, it means that noise can be added to the component, and then the component after adding the noise is clipped to the component Within the threshold range, upload again.
在一实施例中,所述步骤S303包括:In one embodiment, the step S303 includes:
按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传: The noise-added component Wi is trimmed into the component threshold range as follows, and uploaded:
Figure PCTCN2021096651-appb-000002
Figure PCTCN2021096651-appb-000002
Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
其中,所述的噪声阈值可以是
Figure PCTCN2021096651-appb-000003
即在预设阈值的基础上加上梯度
Figure PCTCN2021096651-appb-000004
的拉普拉斯分布中采样的随机变量。 Wherein, the noise threshold can be
Figure PCTCN2021096651-appb-000003
That is, the gradient is added on the basis of the preset threshold
Figure PCTCN2021096651-appb-000004
A random variable sampled from the Laplace distribution.
在一实施例中,如图4所示,所述将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,包括步骤S401~S403:In one embodiment, as shown in FIG. 4 , the clipping of the respective local model gradients to a preset range before encryption and uploading includes steps S401 to S403:
S401、获取所述本地模型梯度中超过上限阈值的部分和低于下限阈值的部分;S401, obtaining the part exceeding the upper threshold and the part lower than the lower threshold in the local model gradient;
S402、将所述超过上限阈值的部分替换为上限阈值,以及将低于下限阈值的部分替换为下限阈值;S402, replacing the part exceeding the upper limit threshold with the upper limit threshold, and replacing the part below the lower limit threshold with the lower limit threshold;
S403、将替换后的上限阈值、下限阈值以及未替换的部分组合为新的本地模型梯度,并进行加密并上传。S403. Combine the replaced upper threshold value, lower threshold value and the unreplaced part into a new local model gradient, encrypt and upload it.
本实施例是将本地模型梯度进行裁剪,从而使其处于预设范围内。具体的,可以先获取本地模型梯度中超过上限阈值的部分和低于下限阈值的部分,然后将超过上限阈值的部分替换为上限阈值,将低于下限阈值的部分替换为下限阈值,从而实现将本地模型梯度映射至预设范围内,然后将替换后的上限阈值、下限阈值以及未替换的部分组合为新的本地模型梯度,然后进行加密上传。其中未替换的部分也就是原本就处于预设范围内的部分。其中的组合即指按照原有的本地模型梯度的结构进行组合,从而使本地模型梯度能够反映出真实情况。In this embodiment, the gradient of the local model is clipped so that it is within a preset range. Specifically, the part of the gradient of the local model that exceeds the upper threshold and the part that is lower than the lower threshold can be obtained first, and then the part exceeding the upper threshold is replaced with the upper threshold, and the part lower than the lower threshold is replaced with the lower threshold, so as to realize the The local model gradient is mapped to a preset range, and the replaced upper threshold, lower threshold and the unreplaced part are combined into a new local model gradient, and then encrypted and uploaded. The part that is not replaced is the part that is originally within the preset range. The combination refers to the combination according to the structure of the original local model gradient, so that the local model gradient can reflect the real situation.
对于这种裁剪方式,同样可以采用前述加密的原理进行加密,即在新的本地模型梯度中加入噪声,然后进行加密上传。For this cropping method, the aforementioned encryption principle can also be used for encryption, that is, adding noise to the gradient of the new local model, and then encrypting and uploading it.
请参阅图5,其为本申请实施例提供的一种基于选择性梯度更新的联邦建模装置的示意性框图,该基于选择性梯度更新的联邦建模装置500包括:Please refer to FIG. 5 , which is a schematic block diagram of a federated modeling apparatus based on selective gradient update provided by an embodiment of the present application. The federated modeling apparatus 500 based on selective gradient update includes:
读取单元501,用于从服务器端读取机器学习模型的全局模型梯度;A reading unit 501 is used to read the global model gradient of the machine learning model from the server;
初始化单元502,用于对所述全局模型梯度进行初始化;an initialization unit 502, configured to initialize the global model gradient;
训练单元503,用于根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;A training unit 503, configured to perform model training locally according to the respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; the sample data is medical data;
加密上传单元504,用于将各自的本地模型梯度的分量进行加密并上传,或者将各自的 本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。The encryption uploading unit 504 is used for encrypting and uploading the components of the respective local model gradients, or clipping the respective local model gradients to within a preset range and then encrypting and uploading them, so that the server can upload the local model uploaded by each client. The components of the gradient or the clipped local model gradients are aggregated, and the machine learning model is updated according to the aggregated average gradient.
在一实施例中,如图6所示,所述加密上传单元504包括:In one embodiment, as shown in FIG. 6 , the encryption uploading unit 504 includes:
随机选择单元601,用于从所述本地模型梯度中随机选择一分量;a random selection unit 601, configured to randomly select a component from the local model gradient;
分量比较单元602,用于将随机选择的所述分量的绝对值与预设阈值进行比较;a component comparison unit 602, configured to compare the absolute value of the randomly selected component with a preset threshold;
上传单元603,用于若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。The uploading unit 603 is configured to encrypt and upload the component if the absolute value of the component is greater than the preset threshold.
在一实施例中,所述加密上传单元504还包括:In one embodiment, the encryption uploading unit 504 further includes:
预设阈值确定单元,用于计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。A preset threshold determination unit, configured to calculate the absolute value of the gradient of the local model, and determine the preset threshold according to the percentile of the absolute value of the gradient of the local model.
在一实施例中,所述上传单元603包括:In one embodiment, the uploading unit 603 includes:
噪声添加单元,用于在所述分量的绝对值中加入噪声,然后进行上传。The noise adding unit is used for adding noise to the absolute value of the component, and then uploading.
在一实施例中,如图7所示,所述噪声添加单元包括:In one embodiment, as shown in FIG. 7 , the noise adding unit includes:
噪声比较单元701,用于将所述分量的绝对值与噪声阈值进行比较;a noise comparison unit 701, configured to compare the absolute value of the component with a noise threshold;
噪声设置单元702,用于若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;A noise setting unit 702, configured to add noise to the component if the absolute value of the component is less than the noise threshold;
分量裁剪单元703,用于将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。A component clipping unit 703, configured to clip the noise-added component to be within the component threshold range, and upload the component.
在一实施例中,所述分量裁剪单元包括:In one embodiment, the component cropping unit includes:
裁剪子单元,用于按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传: The trimming subunit is used to trim the noise-added component Wi to be within the component threshold range, and upload it as follows:
Figure PCTCN2021096651-appb-000005
Figure PCTCN2021096651-appb-000005
Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
在一实施例中,如图8所示,所述加密上传单元504还包括:In one embodiment, as shown in FIG. 8 , the encryption uploading unit 504 further includes:
获取单元801,用于获取所述本地模型梯度中超过上限阈值的部分和低于下限阈值的部分;an obtaining unit 801, configured to obtain the part exceeding the upper threshold and the part lower than the lower threshold in the local model gradient;
替换单元802,用于将所述超过上限阈值的部分替换为上限阈值,以及将低于下限阈值的部分替换为下限阈值;a replacement unit 802, configured to replace the part exceeding the upper limit threshold with an upper limit threshold, and replace the part below the lower limit threshold with a lower limit threshold;
组合单元803,用于将替换后的上限阈值、下限阈值以及未替换的部分组合为新的本地模型梯度,并进行加密并上传。The combining unit 803 is configured to combine the replaced upper threshold value, the lower threshold value and the unreplaced part into a new local model gradient, encrypt and upload it.
本申请实施例的装置,应用选择性梯度更新技术来保护医疗数据,更有效的保护患者与医院的数据安全。The device of the embodiment of the present application applies the selective gradient update technology to protect medical data, and more effectively protects the data security of patients and hospitals.
上述基于选择性梯度更新的联邦建模装置500可以实现为计算机程序的形式,该计算机 程序可以在如图9所示的计算机设备上运行。The above-mentioned selective gradient update-based federated modeling apparatus 500 can be implemented in the form of a computer program, and the computer program can be executed on a computer device as shown in FIG. 9 .
请参阅图9,图9是本申请实施例提供的计算机设备的示意性框图。该计算机设备900是服务器,服务器可以是独立的服务器,也可以是多个服务器组成的服务器集群。Please refer to FIG. 9 , which is a schematic block diagram of a computer device provided by an embodiment of the present application. The computer device 900 is a server, and the server may be an independent server or a server cluster composed of multiple servers.
参阅图9,该计算机设备900包括通过系统总线901连接的处理器902、存储器和网络接口905,其中,存储器可以包括非易失性存储介质903和内存储器904。Referring to FIG. 9 , the computer device 900 includes a processor 902 , a memory and a network interface 905 connected by a system bus 901 , wherein the memory may include a non-volatile storage medium 903 and an internal memory 904 .
该非易失性存储介质903可存储操作系统9031和计算机程序9032。该计算机程序9032被执行时,可使得处理器902执行基于选择性梯度更新的联邦建模方法。The nonvolatile storage medium 903 can store an operating system 9031 and a computer program 9032 . The computer program 9032, when executed, can cause the processor 902 to perform a selective gradient update based federated modeling method.
该处理器902用于提供计算和控制能力,支撑整个计算机设备900的运行。The processor 902 is used to provide computing and control capabilities to support the operation of the entire computer device 900 .
该内存储器904为非易失性存储介质903中的计算机程序9032的运行提供环境,该计算机程序9032被处理器902执行时,可使得处理器902执行基于选择性梯度更新的联邦建模方法。The internal memory 904 provides an environment for the execution of a computer program 9032 in the non-volatile storage medium 903, the computer program 9032, when executed by the processor 902, can cause the processor 902 to execute the selective gradient update based federated modeling method.
该网络接口905用于进行网络通信,如提供数据信息的传输等。本领域技术人员可以理解,图9中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备900的限定,具体的计算机设备900可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。The network interface 905 is used for network communication, such as providing transmission of data information. Those skilled in the art can understand that the structure shown in FIG. 9 is only a block diagram of a partial structure related to the solution of the present application, and does not constitute a limitation on the computer device 900 to which the solution of the present application is applied. The specific computer device 900 may include more or fewer components than shown, or combine certain components, or have a different arrangement of components.
其中,所述处理器902用于运行存储在存储器中的计算机程序9032,以实现如下功能:各客户端从服务器端读取机器学习模型的全局模型梯度;各所述客户端对所述全局模型梯度进行初始化;各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。The processor 902 is configured to run the computer program 9032 stored in the memory, so as to realize the following functions: each client reads the global model gradient of the machine learning model from the server; The gradient is initialized; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients , or clip the respective local model gradients to a preset range before encrypting and uploading, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average obtained by the aggregation Gradients update the machine learning model.
在一实施例中,处理器902在执行所述将各自的本地模型梯度的分量进行加密并上传的步骤时,执行如下操作:从所述本地模型梯度中随机选择一分量;将随机选择的所述分量的绝对值与预设阈值进行比较;若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。In one embodiment, when performing the step of encrypting and uploading the components of the respective local model gradients, the processor 902 performs the following operations: randomly select a component from the local model gradients; The absolute value of the component is compared with a preset threshold; if the absolute value of the component is greater than the preset threshold, the component is encrypted and uploaded.
在一实施例中,处理器902在执行所述从所述本地模型梯度中随机选择一分量的步骤之前,执行如下操作:计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。In one embodiment, before executing the step of randomly selecting a component from the local model gradient, the processor 902 performs the following operations: calculating the absolute value of the local model gradient, and calculating an absolute value of the local model gradient according to the The percentile of absolute values determines the preset threshold.
在一实施例中,处理器902在执行所述若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传的步骤时,执行如下操作:在所述分量的绝对值中加入噪声,然后进行上传。In one embodiment, when the processor 902 performs the step of encrypting and uploading the component if the absolute value of the component is greater than the preset threshold, the processor 902 performs the following operations: Add noise to the value and upload it.
在一实施例中,处理器902在执行所述在所述分量的绝对值中加入噪声,然后进行上传的步骤时,执行如下操作:将所述分量的绝对值与噪声阈值进行比较;若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。In one embodiment, when performing the step of adding noise to the absolute value of the component and then uploading, the processor 902 performs the following operations: compare the absolute value of the component with a noise threshold; If the absolute value of the component is less than the noise threshold, then add noise to the component; trim the component after adding the noise to the range of the component threshold, and upload it.
在一实施例中,处理器902在执行所述将增加噪声后的分量裁剪至分量阈值范围内,并进行上传的步骤时,执行如下操作:按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传:
Figure PCTCN2021096651-appb-000006
Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 In one embodiment, when the processor 902 performs the step of clipping the noise-added component to the component threshold range and uploading, the processor 902 performs the following operations: the noise-added component W i Crop to within component thresholds and upload:
Figure PCTCN2021096651-appb-000006
Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
在一实施例中,处理器902在执行所述将各自的本地模型梯度裁剪至预设范围内再进行加密并上传的步骤时,执行如下操作:获取所述本地模型梯度中超过上限阈值的部分和低于下限阈值的部分;将所述超过上限阈值的部分替换为上限阈值,以及将低于下限阈值的部分替换为下限阈值;将替换后的上限阈值、下限阈值以及未替换的部分组合为新的本地模型梯度,并进行加密并上传。In one embodiment, when the processor 902 performs the step of clipping the respective local model gradients to a preset range before encrypting and uploading them, the processor 902 performs the following operations: acquiring the part of the local model gradients that exceeds the upper threshold value; and the part lower than the lower threshold; the part that exceeds the upper threshold is replaced with the upper threshold, and the part lower than the lower threshold is replaced with the lower threshold; the replaced upper threshold, lower threshold and the unreplaced part are combined as New local model gradients, encrypted and uploaded.
本领域技术人员可以理解,图9中示出的计算机设备的实施例并不构成对计算机设备具体构成的限定,在其他实施例中,计算机设备可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。例如,在一些实施例中,计算机设备可以仅包括存储器及处理器,在这样的实施例中,存储器及处理器的结构及功能与图9所示实施例一致,在此不再赘述。Those skilled in the art can understand that the embodiment of the computer device shown in FIG. 9 does not constitute a limitation on the specific structure of the computer device. In other embodiments, the computer device may include more or less components than those shown in the drawings. Either some components are combined, or different component arrangements. For example, in some embodiments, the computer device may only include a memory and a processor. In such an embodiment, the structures and functions of the memory and the processor are the same as those of the embodiment shown in FIG. 9 , and details are not repeated here.
应当理解,在本申请实施例中,处理器902可以是中央处理单元(Central Processing Unit,CPU),该处理器902还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。其中,通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。It should be understood that, in this embodiment of the present application, the processor 902 may be a central processing unit (Central Processing Unit, CPU), and the processor 902 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. Wherein, the general-purpose processor can be a microprocessor or the processor can also be any conventional processor or the like.
在本申请的另一实施例中提供计算机可读存储介质。该计算机可读存储介质可以为非易失性的计算机可读存储介质,也可以为易失性的计算机可读存储介质。该计算机可读存储介质存储有计算机程序,其中计算机程序被处理器执行时实现以下步骤:各客户端从服务器端读取机器学习模型的全局模型梯度;各所述客户端对所述全局模型梯度进行初始化;各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。In another embodiment of the present application, a computer-readable storage medium is provided. The computer-readable storage medium may be a non-volatile computer-readable storage medium or a volatile computer-readable storage medium. The computer-readable storage medium stores a computer program, wherein when the computer program is executed by the processor, the following steps are implemented: each client reads the global model gradient of the machine learning model from the server; Perform initialization; each of the clients performs model training locally according to their respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; each of the clients encrypts and uploads the components of the respective local model gradients, Or clip the respective local model gradients to a preset range, encrypt and upload them, so that the server side aggregates the components of the local model gradients uploaded by each client or the clipped local model gradients, and according to the average gradient obtained by the aggregation Update the machine learning model.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的设备、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定 的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those skilled in the art can clearly understand that, for the convenience and brevity of description, for the specific working process of the above-described devices, devices and units, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here. Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two. Interchangeability, the above description has generally described the components and steps of each example in terms of function. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
在本申请所提供的几个实施例中,应该理解到,所揭露的设备、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为逻辑功能划分,实际实现时可以有另外的划分方式,也可以将具有相同功能的单元集合成一个单元,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided in this application, it should be understood that the disclosed apparatus, apparatus and method may be implemented in other manners. For example, the device embodiments described above are only illustrative. For example, the division of the units is only logical function division. In actual implementation, there may be other division methods, or units with the same function may be grouped into one Units, such as multiple units or components, may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may also be electrical, mechanical or other forms of connection.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本申请实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solutions of the embodiments of the present application.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a storage medium. Based on this understanding, the technical solutions of the present application are essentially or part of contributions to the prior art, or all or part of the technical solutions can be embodied in the form of software products, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM, Read-Only Memory), a magnetic disk or an optical disk and other media that can store program codes.
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以权利要求的保护范围为准。The above are only specific implementations of the present application, but the protection scope of the present application is not limited thereto. Any person skilled in the art can easily think of various equivalents within the technical scope disclosed in the present application. Modifications or substitutions shall be covered by the protection scope of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (20)

  1. 一种基于选择性梯度更新的联邦建模方法,其中,包括:A federated modeling method based on selective gradient update, which includes:
    各客户端从服务器端读取机器学习模型的全局模型梯度;Each client reads the global model gradient of the machine learning model from the server;
    各所述客户端对所述全局模型梯度进行初始化;Each of the clients initializes the global model gradient;
    各所述客户端根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;Each of the clients performs model training locally in parallel according to their respective sample data, to obtain a local model gradient corresponding to each of the clients; the sample data is medical data;
    各所述客户端将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。Each of the clients encrypts and uploads the components of their respective local model gradients, or clips their respective local model gradients to within a preset range and then encrypts and uploads them, so that the server side can compare the local model gradients uploaded by each client. The components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
  2. 根据权利要求1所述的基于选择性梯度更新的联邦建模方法,其中,所述将各自的本地模型梯度的分量进行加密并上传,包括:The federated modeling method based on selective gradient update according to claim 1, wherein said encrypting and uploading the components of respective local model gradients comprises:
    从所述本地模型梯度中随机选择一分量;randomly select a component from the local model gradient;
    将随机选择的所述分量的绝对值与预设阈值进行比较;comparing the randomly selected absolute value of the component with a preset threshold;
    若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。If the absolute value of the component is greater than the preset threshold, the component is encrypted and uploaded.
  3. 根据权利要求2所述的基于选择性梯度更新的联邦建模方法,其中,所述从所述本地模型梯度中随机选择一分量之前,还包括:The federated modeling method based on selective gradient update according to claim 2, wherein before randomly selecting a component from the local model gradient, the method further comprises:
    计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。The absolute value of the local model gradient is calculated, and the preset threshold is determined according to the percentile of the absolute value of the local model gradient.
  4. 根据权利要求2所述的基于选择性梯度更新的联邦建模方法,其中,所述若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传,包括:The federated modeling method based on selective gradient update according to claim 2, wherein, if the absolute value of the component is greater than the preset threshold, encrypting and uploading the component, comprising:
    在所述分量的绝对值中加入噪声,然后进行上传。Add noise to the absolute values of the components and upload.
  5. 根据权利要求4所述的基于选择性梯度更新的联邦建模方法,其中,所述在所述分量的绝对值中加入噪声,然后进行上传,包括:The federated modeling method based on selective gradient update according to claim 4, wherein the adding noise to the absolute value of the component, and then uploading, comprises:
    将所述分量的绝对值与噪声阈值进行比较;comparing the absolute value of the component to a noise threshold;
    若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;if the absolute value of the component is less than the noise threshold, adding noise to the component;
    将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。Trim the component after adding noise to the component threshold range and upload it.
  6. 根据权利要求5所述的基于选择性梯度更新的联邦建模方法,其中,所述将增加噪声后的分量裁剪至分量阈值范围内,并进行上传,包括:The federated modeling method based on selective gradient update according to claim 5, wherein the clipping the components after adding noise to the component threshold range and uploading, comprising:
    按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传: The noise-added component Wi is trimmed into the component threshold range as follows, and uploaded:
    Figure PCTCN2021096651-appb-100001
    Figure PCTCN2021096651-appb-100001
    Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
  7. 根据权利要求1所述的基于选择性梯度更新的联邦建模方法,其中,所述将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,包括:The federated modeling method based on selective gradient update according to claim 1, wherein said clipping the respective local model gradients to a preset range before encrypting and uploading, comprising:
    获取所述本地模型梯度中超过上限阈值的部分和低于下限阈值的部分;Obtain the part exceeding the upper threshold and the part lower than the lower threshold in the gradient of the local model;
    将所述超过上限阈值的部分替换为上限阈值,以及将低于下限阈值的部分替换为下限阈值;The part exceeding the upper threshold is replaced by the upper threshold, and the part below the lower threshold is replaced by the lower threshold;
    将替换后的上限阈值、下限阈值以及未替换的部分组合为新的本地模型梯度,并进行加密并上传。Combine the replaced upper threshold, lower threshold and unreplaced parts into a new local model gradient, encrypt and upload.
  8. 一种基于选择性梯度更新的联邦建模装置,其中,包括:A federated modeling apparatus based on selective gradient update, comprising:
    读取单元,用于从服务器端读取机器学习模型的全局模型梯度;The reading unit is used to read the global model gradient of the machine learning model from the server;
    初始化单元,用于对所述全局模型梯度进行初始化;an initialization unit for initializing the global model gradient;
    训练单元,用于根据各自的样本数据在本地并行执行模型训练,得到各所述客户端对应的本地模型梯度;所述样本数据为医疗数据;a training unit, configured to perform model training locally according to the respective sample data in parallel to obtain the local model gradient corresponding to each of the clients; the sample data is medical data;
    加密上传单元,用于将各自的本地模型梯度的分量进行加密并上传,或者将各自的本地模型梯度裁剪至预设范围内再进行加密并上传,使服务器端对各客户端上传的本地模型梯度的分量或者裁剪后的本地模型梯度进行聚合,并根据聚合得到的平均梯度对所述机器学习模型进行更新。The encryption uploading unit is used to encrypt and upload the components of the respective local model gradients, or to clip the respective local model gradients to a preset range before encrypting and uploading, so that the server side uploads the local model gradients from each client. The components or the clipped local model gradients are aggregated, and the machine learning model is updated according to the average gradient obtained by the aggregation.
  9. 一种计算机设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现如权利要求1所述的基于选择性梯度更新的联邦建模方法。A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the computer program according to claim 1 when executing the computer program Federated Modeling Method Based on Selective Gradient Update.
  10. 根据权利要求9所述的计算机设备,其中,所述将各自的本地模型梯度的分量进行加密并上传,包括:The computer device according to claim 9, wherein said encrypting and uploading the components of the respective local model gradients comprises:
    从所述本地模型梯度中随机选择一分量;randomly select a component from the local model gradient;
    将随机选择的所述分量的绝对值与预设阈值进行比较;comparing the randomly selected absolute value of the component with a preset threshold;
    若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。If the absolute value of the component is greater than the preset threshold, the component is encrypted and uploaded.
  11. 根据权利要求10所述的计算机设备,其中,所述从所述本地模型梯度中随机选择一分量之前,还包括:The computer device of claim 10, wherein before randomly selecting a component from the local model gradient, further comprising:
    计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。The absolute value of the local model gradient is calculated, and the preset threshold is determined according to the percentile of the absolute value of the local model gradient.
  12. 根据权利要求10所述的计算机设备,其中,所述若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传,包括:The computer device according to claim 10, wherein, if the absolute value of the component is greater than the preset threshold, encrypting and uploading the component, comprising:
    在所述分量的绝对值中加入噪声,然后进行上传。Add noise to the absolute values of the components and upload.
  13. 根据权利要求12所述的计算机设备,其中,所述在所述分量的绝对值中加入噪声,然后进行上传,包括:The computer device according to claim 12, wherein the adding noise to the absolute value of the component and then uploading comprises:
    将所述分量的绝对值与噪声阈值进行比较;comparing the absolute value of the component to a noise threshold;
    若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;if the absolute value of the component is less than the noise threshold, adding noise to the component;
    将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。Trim the component after adding noise to the component threshold range and upload it.
  14. 根据权利要求13所述的计算机设备,其中,所述将增加噪声后的分量裁剪至分量阈值范围内,并进行上传,包括:The computer device according to claim 13, wherein the clipping the noise-added component to be within a component threshold range, and uploading, comprises:
    按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传: The noise-added component Wi is trimmed into the component threshold range as follows, and uploaded:
    Figure PCTCN2021096651-appb-100002
    Figure PCTCN2021096651-appb-100002
    Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
  15. 一种计算机可读存储介质,其中,所述计算机可读存储介质存储有计算机程序,所述计算机程序当被处理器执行时使所述处理器执行如权利要求1所述的基于选择性梯度更新的联邦建模方法。A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program that, when executed by a processor, causes the processor to perform the selective gradient-based update of claim 1 federated modeling approach.
  16. 根据权利要求15所述的计算机可读存储介质,其中,所述将各自的本地模型梯度的分量进行加密并上传,包括:The computer-readable storage medium of claim 15, wherein said encrypting and uploading components of respective local model gradients comprises:
    从所述本地模型梯度中随机选择一分量;randomly select a component from the local model gradient;
    将随机选择的所述分量的绝对值与预设阈值进行比较;comparing the randomly selected absolute value of the component with a preset threshold;
    若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传。If the absolute value of the component is greater than the preset threshold, the component is encrypted and uploaded.
  17. 根据权利要求16所述的计算机可读存储介质,其中,所述从所述本地模型梯度中随机选择一分量之前,还包括:The computer-readable storage medium of claim 16, wherein before randomly selecting a component from the local model gradient, further comprising:
    计算所述本地模型梯度的绝对值,并根据所述本地模型梯度的绝对值的百分位数确定所述预设阈值。The absolute value of the local model gradient is calculated, and the preset threshold is determined according to the percentile of the absolute value of the local model gradient.
  18. 根据权利要求16所述的计算机可读存储介质,其中,所述若所述分量的绝对值大于所述预设阈值,则将所述分量进行加密并上传,包括:The computer-readable storage medium according to claim 16, wherein, if the absolute value of the component is greater than the preset threshold, encrypting and uploading the component comprises:
    在所述分量的绝对值中加入噪声,然后进行上传。Add noise to the absolute values of the components and upload.
  19. 根据权利要求18所述的计算机可读存储介质,其中,所述在所述分量的绝对值中加入噪声,然后进行上传,包括:The computer-readable storage medium of claim 18, wherein the adding noise to the absolute value of the component and then uploading comprises:
    将所述分量的绝对值与噪声阈值进行比较;comparing the absolute value of the component to a noise threshold;
    若所述分量的绝对值小于所述噪声阈值,则在所述分量中增加噪声;if the absolute value of the component is less than the noise threshold, adding noise to the component;
    将增加噪声后的分量裁剪至分量阈值范围内,并进行上传。Trim the component after adding noise to the component threshold range and upload it.
  20. 根据权利要求19所述的计算机可读存储介质,其中,所述将增加噪声后的分量裁剪至分量阈值范围内,并进行上传,包括:The computer-readable storage medium according to claim 19, wherein the clipping the noise-added component to be within a component threshold range and uploading, comprising:
    按下式将所述增加噪声后的分量W i裁剪至分量阈值范围内,并进行上传: The noise-added component Wi is trimmed into the component threshold range as follows, and uploaded:
    Figure PCTCN2021096651-appb-100003
    Figure PCTCN2021096651-appb-100003
    Lap(x)表示从梯度x的拉普拉斯分布中采样的随机变量;ε 2表示噪声阈值的隐私预算;clip(x,γ)表示梯度x的剪裁梯度域范围是[-γ,γ];s表示由γ界定的梯度敏感度,q表示计算出的分享梯度数量。 Lap(x) represents a random variable sampled from the Laplacian distribution of the gradient x; ε 2 represents the privacy budget of the noise threshold; clip(x, γ) represents the clipped gradient domain range of the gradient x is [-γ, γ] ; s denotes the gradient sensitivity bounded by γ, and q denotes the number of shared gradients computed.
PCT/CN2021/096651 2020-11-24 2021-05-28 Selective gradient updating-based federated modeling method and related device WO2022110720A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011327560.X 2020-11-24
CN202011327560.XA CN112446040A (en) 2020-11-24 2020-11-24 Federal modeling method based on selective gradient update and related equipment

Publications (1)

Publication Number Publication Date
WO2022110720A1 true WO2022110720A1 (en) 2022-06-02

Family

ID=74737861

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/096651 WO2022110720A1 (en) 2020-11-24 2021-05-28 Selective gradient updating-based federated modeling method and related device

Country Status (2)

Country Link
CN (1) CN112446040A (en)
WO (1) WO2022110720A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115018019A (en) * 2022-08-05 2022-09-06 深圳前海环融联易信息科技服务有限公司 Model training method and system based on federal learning and storage medium
CN115439026A (en) * 2022-11-08 2022-12-06 山东大学 Multi-agent self-organizing demand response method and system based on nested federated learning
CN116090017A (en) * 2023-04-12 2023-05-09 东南大学 Paillier-based federal learning data privacy protection method
CN116451275A (en) * 2023-06-15 2023-07-18 北京电子科技学院 Privacy protection method based on federal learning and computing equipment
CN116578674A (en) * 2023-07-07 2023-08-11 北京邮电大学 Federal variation self-coding theme model training method, theme prediction method and device
CN117094410A (en) * 2023-07-10 2023-11-21 西安电子科技大学 Model repairing method for poisoning damage federal learning

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112446040A (en) * 2020-11-24 2021-03-05 平安科技(深圳)有限公司 Federal modeling method based on selective gradient update and related equipment
CN113095510B (en) * 2021-04-14 2024-03-01 深圳前海微众银行股份有限公司 Federal learning method and device based on block chain
CN113762526B (en) * 2021-09-07 2024-02-09 京东科技信息技术有限公司 Federal learning method, hierarchical network system, storage medium and electronic device
CN114282692A (en) * 2022-03-08 2022-04-05 富算科技(上海)有限公司 Model training method and system for longitudinal federal learning
CN115081024B (en) * 2022-08-16 2023-01-24 杭州金智塔科技有限公司 Decentralized business model training method and device based on privacy protection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180219842A1 (en) * 2017-01-31 2018-08-02 Hewlett Packard Enterprise Development Lp Performing Privacy-Preserving Multi-Party Analytics on Vertically Partitioned Local Data
CN111180061A (en) * 2019-12-09 2020-05-19 广东工业大学 Intelligent auxiliary diagnosis system fusing block chain and federal learning shared medical data
CN111652863A (en) * 2020-05-27 2020-09-11 刘君茹 Medical image detection method, device, equipment and storage medium
CN112446040A (en) * 2020-11-24 2021-03-05 平安科技(深圳)有限公司 Federal modeling method based on selective gradient update and related equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795477A (en) * 2019-09-20 2020-02-14 平安科技(深圳)有限公司 Data training method, device and system
CN111539769A (en) * 2020-04-27 2020-08-14 支付宝(杭州)信息技术有限公司 Training method and device of anomaly detection model based on differential privacy
CN111932646B (en) * 2020-07-16 2022-06-21 电子科技大学 Image processing method for resisting attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180219842A1 (en) * 2017-01-31 2018-08-02 Hewlett Packard Enterprise Development Lp Performing Privacy-Preserving Multi-Party Analytics on Vertically Partitioned Local Data
CN111180061A (en) * 2019-12-09 2020-05-19 广东工业大学 Intelligent auxiliary diagnosis system fusing block chain and federal learning shared medical data
CN111652863A (en) * 2020-05-27 2020-09-11 刘君茹 Medical image detection method, device, equipment and storage medium
CN112446040A (en) * 2020-11-24 2021-03-05 平安科技(深圳)有限公司 Federal modeling method based on selective gradient update and related equipment

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115018019A (en) * 2022-08-05 2022-09-06 深圳前海环融联易信息科技服务有限公司 Model training method and system based on federal learning and storage medium
CN115439026A (en) * 2022-11-08 2022-12-06 山东大学 Multi-agent self-organizing demand response method and system based on nested federated learning
JP7382045B1 (en) 2022-11-08 2023-11-16 中国電力科学研究院有限公司 Multi-agent self-organizing demand response method and system using nested federated learning
CN116090017A (en) * 2023-04-12 2023-05-09 东南大学 Paillier-based federal learning data privacy protection method
CN116451275A (en) * 2023-06-15 2023-07-18 北京电子科技学院 Privacy protection method based on federal learning and computing equipment
CN116451275B (en) * 2023-06-15 2023-08-22 北京电子科技学院 Privacy protection method based on federal learning and computing equipment
CN116578674A (en) * 2023-07-07 2023-08-11 北京邮电大学 Federal variation self-coding theme model training method, theme prediction method and device
CN116578674B (en) * 2023-07-07 2023-10-31 北京邮电大学 Federal variation self-coding theme model training method, theme prediction method and device
CN117094410A (en) * 2023-07-10 2023-11-21 西安电子科技大学 Model repairing method for poisoning damage federal learning
CN117094410B (en) * 2023-07-10 2024-02-13 西安电子科技大学 Model repairing method for poisoning damage federal learning

Also Published As

Publication number Publication date
CN112446040A (en) 2021-03-05

Similar Documents

Publication Publication Date Title
WO2022110720A1 (en) Selective gradient updating-based federated modeling method and related device
US10673828B2 (en) Developing an accurate dispersed storage network memory performance model through training
AU2018361246B2 (en) Data protection via aggregation-based obfuscation
TWI637280B (en) Monitoring method based on internet of things, fog computing terminal and internet of things system
US20180205707A1 (en) Computing a global sum that preserves privacy of parties in a multi-party environment
US11341281B2 (en) Providing differential privacy in an untrusted environment
CN110582987B (en) Method and system for exchanging sensitive information between multiple entity systems
CN112464278A (en) Federal modeling method based on non-uniform distribution data and related equipment
BR112016018070B1 (en) METHODS AND SYSTEMS FOR DELETING REQUESTED INFORMATION
WO2022116429A1 (en) Healthcare resource forecast model training method, device, apparatus, and storage medium
CN111652863A (en) Medical image detection method, device, equipment and storage medium
US20150278547A1 (en) Information processing apparatus, information processing method, and recording medium
CN110874571A (en) Training method and device of face recognition model
US20170052733A1 (en) Storing and retrieving mutable objects
US10635360B1 (en) Adjusting data ingest based on compaction rate in a dispersed storage network
EP3327702B1 (en) Secure computation device, method therefor, and program
CN112582070A (en) Providing and receiving medical data records
Zhou et al. An expectation maximization algorithm for fitting the generalized odds‐rate model to interval censored data
US11563654B2 (en) Detection device and detection method
JP6711519B2 (en) Evaluation device, evaluation method and program
CN112529767B (en) Image data processing method, device, computer equipment and storage medium
Yu et al. Semiparametric regression with time-dependent coefficients for failure time data analysis
JP2019028656A (en) Information processing apparatus, system and information processing method
US20180018228A1 (en) Tracking data access in a dispersed storage network
US20180018226A1 (en) Determining storage requirements based on licensing right in a dispersed storage network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21896230

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21896230

Country of ref document: EP

Kind code of ref document: A1