Federal learning data privacy protection method and system based on gradient disturbance

Abstract

The invention discloses a federated learning data privacy protection method and system based on gradient perturbation, and belongs to the field of data privacy protection, and the method comprises the steps: carrying out the class prediction of a sample in a data participant through a local model after federated learning training, and obtaining an original prediction probability vector; disturbing the original prediction probability vector to obtain a disturbance prediction probability vector, wherein the prediction label of the disturbance prediction probability vector is the same as the prediction label of the original prediction probability vector, and the angular deviation of the gradient of the prediction loss function relative to the gradient of the prediction loss function of the original prediction probability vector is maximum; retraining each local model by taking the minimum difference between the original prediction probability vector and the disturbance prediction probability vector of each local model as a target; and aggregating the retrained local models to obtain a global model. The protected federal learning global model can effectively reduce the risk that the model prediction output and the model gradient leak the privacy of the user participants on the premise of maintaining the availability of the model.

Description

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to view more

AI Technical Summary

Benefits of technology

This patented technology describes two methods for protecting an ensemble (model) trained under different models from being exposed during federial machine learning: 1) Using input/output predictions or gradients over time to update the entire dataset's belief state, 2) By updating only specific parts of the dataset without changing any others, it prevents attackers who may have access to sensitive personal details about their own datasets. Additionally, this technique helps prevent adversarial attacks against deep neural networks while maintaining good security measures such as confidentiality guarantees. Overall, both techniques aimed at enhancing the overall quality of collaborative filtering systems.

Problems solved by technology

This technical problem addressed in this patents relates to improving the safety and reliance (FCA) of collaborative learning systems used in machine learning applications like Federated Learning. Specifically, there are two main threats: Fake Data Leaks (FDLC), where hackers may compromve sensitive personal data without permission but also expose their private details about them's own dataset. Another concern involves Model Loss Protocol Unreliable Hot Spurts (MHSP). These issues lead to significant leaked data privity exposure when accessing shared models trained with different datasets.

Images