Federated learning-oriented privacy protection method and federated learning-oriented privacy protection device

Abstract

The embodiment of the invention provides a federated learning-oriented privacy protection method and device. The federated learning-oriented privacy protection method comprises a parameter setting step, a data partitioning step, a first training step, a second training step, a first calculation step, a second calculation step and an adversarial sample generation step. According to the embodiment, the idea of confronting samples is adopted, a certain amount of noise is added in parameter updating to disturb the distribution characteristics of the parameters, the privacy inference result is randomly output according to the probability distribution expected by the user after the noise passes through the privacy attribute inference model, so that the privacy attribute inference attack is resisted, and the problem of privacy attribute leakage of federated learning is relieved.

Description

technical field

[0001] The invention relates to the field of computer technology, in particular to a privacy protection method and device for federated learning. Background technique

[0002] As a distributed deep learning method, Federated Learning (FL) can take into account efficiency, accuracy and privacy to a certain extent, and thus has received extensive attention. The main process of federated learning is: the server randomly assigns values ​​to the global model parameters for initialization, and distributes the model to each user. Each user uses their own data to train the model locally, and then sends the updated parameters of the model back to the server. Update the global model and distribute it to users again, and then perform a new round of iterative update. In this process, since the server only collects the parameters of the user model instead of the original data, it is more conducive to data privacy protection. In addition, different users participate in t...

Images