A malicious update detection method and system based on variational autoencoder

Abstract

The invention discloses a malicious update detection method and system based on a variational autoencoder. The method includes the steps of: collecting local update data, and preprocessing the local update data to obtain a proxy vector; inputting the proxy vector to a plurality of variables Divided autoencoder, pre-training the variational autoencoder, input multiple rounds of proxy vectors to the pre-trained variational autoencoder to obtain multiple rounds of reconstruction vectors, according to the multiple rounds of proxy vectors and multiple rounds of reconstruction vectors to obtain multiple rounds of reconstruction errors; clustering is performed based on multiple rounds of proxy vectors to determine whether the local update is a malicious update; the system includes a feature extraction module and a reconstruction error calculation module and clustering module; compared with the prior art, the present invention obtains the reconstruction error through multiple variational autoencoders, and clusters the proxy vectors through a clustering method, and then judges whether the local update is a malicious update, which can deal with Malicious updates predominate.

Description

technical field [0001] The invention belongs to the technical field of federated learning malicious update detection, and in particular relates to a method and system for detecting malicious update based on a variational autoencoder. Background technique [0002] In the existing technology, the number of malicious clients needs to be known in advance for the detection of malicious updates in federated learning; using the majority principle to exclude updates cannot cope with the minority of malicious updates, nor can it defend against targeted backdoor attacks. For models from different clients Updates are calculated using Euclidean distance, which cannot cope with the situation that the client data is not independent and identically distributed, and the candidate set needs to be obtained after calculating the pairwise distance between the nearest neighbor updates, so it cannot be expanded, and a general statistical machine learning method is used Build a model, the effect i...

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to overcome the shortcomings of using simple statistical machine learning methods to build models in the above-mentioned prior art, not building a detection model based on the characteristics of malicious updates, relying on hidden expressions of training data, high overhead, and low flexibility, and providing A method based on multiple variational autoencoders to construct a detection model based on the characteristics of malicious updates, and then detect malicious updates in federated learning, specifically a malicious update detection method based on variational autoencoders

Images