Efficient communication privacy-enhanced federated edge learning method based on device probability access
By employing a device probabilistic access mechanism and differential privacy optimization, the contradiction between privacy and training efficiency in federated learning is resolved, thereby improving the communication and training efficiency of federated edge learning while protecting user privacy.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SHANGHAI TECH UNIV
- Filing Date
- 2023-05-25
- Publication Date
- 2026-07-07
AI Technical Summary
Existing federated learning methods struggle to improve training performance while protecting user data privacy and security, especially when facing model inversion attacks and member inference attacks. Improving communication and training efficiency while ensuring privacy and security has become an urgent problem to be solved.
A device probabilistic access mechanism is introduced. By optimizing the device access probability and differential privacy noise, the system's dependence on differential privacy noise is reduced. Normalized scaling and differential privacy perturbation are adopted, combined with the expected mean aggregation of edge servers, to achieve privacy-enhanced federated edge learning.
While ensuring user privacy and security, the system training time was reduced, communication and training efficiency were improved, and the negative impact of differential privacy noise on system training was reduced.
Smart Images

Figure CN116866339B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to an efficient communication privacy-enhancing federated edge learning method, belonging to the field of wireless communication. Background Technology
[0002] With the global proliferation of 5G mobile communication networks, various artificial intelligence applications have emerged and are widely used across industries, such as autonomous driving, haptic technology, and smart healthcare. Traditional machine learning methods typically involve centralized data collection and direct training of machine models on this data. However, when data is subject to privacy and security concerns or is distributed across a vast number of edge devices, this centralized model training approach becomes difficult to implement.
[0003] Federated learning offers a solution for training models on decentralized data. This distributed machine learning technique can fully utilize data scattered across edge devices such as mobile phones, computers, and sensors for model training. Edge devices only need to send local update information to edge servers for global model aggregation, without directly exposing the original dataset. However, related research shows that even the exchange of original update information may leak sensitive user information. Therefore, how to improve the training performance of federated learning models while protecting user data privacy and security has become a crucial issue that urgently needs to be addressed in the field of machine learning. Summary of the Invention
[0004] The purpose of this invention is to mitigate the negative impact of differential privacy protection mechanisms on the federated training process in a privacy-fed edge learning system, while simultaneously improving the system's communication and training efficiency through optimization methods.
[0005] To achieve the above objectives, the technical solution of this invention provides an efficient communication privacy-enhancing federated edge learning method based on device probabilistic access, comprising an edge server and M edge devices. The method is characterized in that the edge server determines the access probability of each edge device based on the current system state; each edge device generates a random number based on its assigned access probability to determine whether it participates in the training process in the current round; for edge devices determined to participate, their local gradient information is normalized, scaled, and perturbed with differential privacy noise before being uploaded to the edge server to obtain processed update information; the edge server collects all uploaded update information, aggregates it to obtain aggregated update information, and uses the aggregated update information to update the global model.
[0006] Preferably, when the edge server determines the access probability of each edge device based on the current system state, it obtains the access probability of edge device m in round t by solving the optimization problem shown in the following equation.
[0007]
[0008]
[0009] Among them, A t This represents a constant term related to the expected transmission time in future rounds. This indicates that edge device m receives global model parameters broadcast from the edge server. And based on its own local training dataset The obtained local gradient estimate, Δs, represents the gradient estimation function. - Sensitivity upper limit, δ represents the differential privacy threshold, and δ represents the differential privacy relaxation term. This represents the transmission time of the edge device m in this round of update information upload, and d represents the dimension size of the global model parameters.
[0010] Preferably, the processed update information obtained by edge device m in round t is represented as follows: Then we have:
[0011]
[0012] in, Represents the normalization factor. This represents artificial Gaussian noise.
[0013] Preferably, the aggregated update information is represented as follows: Then we have:
[0014]
[0015] in, Let represent the set of edge devices that actually participated in the t-th round of training.
[0016] Preferably, the edge server updates the global model using the following formula:
[0017]
[0018] Where, η t This indicates the learning rate of federal learning.
[0019] This invention proposes a privacy-enhanced federated edge learning framework based on device probabilistic access, which reduces the system's dependence on differential privacy noise by using device probabilistic sampling.
[0020] This invention provides a theoretical analysis of the system, including the combined effect of device access probability and differential privacy noise on the convergence of federated edge learning, and the privacy enhancement effect of device access probability on the federated edge learning system. Another aspect of this invention provides an optimal design method for device access probability and differential privacy noise to minimize the system's training time while ensuring user privacy. The innovation of this invention lies in:
[0021] (i) Introduce a random device access mechanism and utilize the "sampling-based privacy enhancement" principle to reduce the system's dependence on differential privacy noise;
[0022] (ii) Based on the normalized scaling and differential privacy perturbation at the edge device end, and the expected mean aggregation at the edge server end, the privacy and unbiasedness of the transmitted information are guaranteed.
[0023] (iii) Based on optimization methods, the differential privacy noise and device access probability in the federated edge learning system are jointly optimized to minimize the overall training time of the system while ensuring the differential privacy constraints of the system.
[0024] Compared with the prior art, the present invention has the following beneficial effects:
[0025] Based on the probabilistic access characteristics of devices, the proposed scheme reduces the dependence of the federated edge learning system on differential privacy noise, thereby mitigating the negative impact of differential privacy noise on system training. By jointly optimizing device access probability and differential privacy noise, the scheme maximizes the use of the system's limited resources and reduces the overall training time while ensuring user privacy. Attached Figure Description
[0026] Figure 1 This is a model diagram of the efficient communication privacy-enhancing federated edge learning system proposed in this invention;
[0027] Figure 2 This is a flowchart of the efficient communication privacy-enhancing federated edge learning method proposed in this invention;
[0028] Figure 3 is a schematic diagram comparing the simulation performance of the proposed joint device access probability and differential privacy noise design scheme with mainstream schemes. Detailed Implementation
[0029] The present invention will be further illustrated below with reference to specific embodiments. It should be understood that these embodiments are for illustrative purposes only and are not intended to limit the scope of the invention. Furthermore, it should be understood that after reading the teachings of this invention, those skilled in the art can make various alterations or modifications to the invention, and these equivalent forms also fall within the scope defined by the appended claims.
[0030] With the rapid global adoption of 5G mobile communication technology, more and more artificial intelligence applications are being promoted, such as autonomous driving, smart cities, e-health, and the Internet of Things. Traditional machine learning methods typically require centralized nodes to collect and process data, leading to the leakage of raw data from edge devices and jeopardizing the local data privacy and security of participating parties. To address this issue, Federated Learning (FL) has been proposed to achieve a decentralized model training paradigm. This distributed machine learning paradigm is suitable for scenarios where data is widely distributed across a massive number of edge devices, where edge devices do not need to directly transmit raw data externally, but only transmit relevant updated data to improve the generalization performance of the global model. It is worth noting that federated learning technology not only protects the local data privacy of edge devices and encourages more users to participate in the model training process, but also reduces the computational and storage pressure on central nodes, improving the scalability of the system.
[0031] First, we introduce the composition and objectives of the federated edge learning system. This system comprises one edge server and M edge devices, where the set of all edge devices is denoted as . Each edge device Having your own local raw dataset Edge servers do not store any raw training sample data; they coordinate the entire federated learning process solely through information exchange with edge devices. It's important to note that the local dataset of a current edge device cannot be directly accessed by other edge devices or edge servers—that is, "data does not leave the local machine." To obtain a global model with sufficient generalization performance, the training process of a federated edge learning system is typically formulated as the following optimization problem:
[0032]
[0033] in: Let ξ represent the global model parameters, d represent the dimensionality of the global model parameters, and ξ represent the training sample data. The global loss function F(·) is a weighted average of the local loss functions f(·). Without loss of generality, we assume that the amount of data on each edge device is consistent, i.e.
[0034] As a novel distributed machine learning paradigm, federated learning possesses the data isolation characteristic of "data not leaving the local machine," thus naturally possessing data privacy protection capabilities. However, recent research indicates that even if other edge devices and edge servers cannot directly access the dataset, user privacy can still be compromised. Attackers can recover the original training dataset by querying the trained learning model; this type of attack is called model inversion attack. Furthermore, there is another type of attack called membership inference attack, where the attacker's goal is to distinguish whether a particular edge device is part of the training dataset. To further protect the data privacy of participating edge devices, researchers have proposed a differential privacy mechanism. This mechanism actively adds noise to obfuscate the data to prevent attackers from stealing data through inference. Typically, federated edge learning systems employ local differential privacy technology, which adds artificial noise to the update information of each edge device to protect local data privacy. The mathematical definition of local differential privacy is as follows:
[0035] Definition 1. ((,δ)-Local Differential Privacy) Given constants ∈>0 and constants 0≤δ≤1 and arbitrary mapping mechanisms For any two datasets For any subset Λ, (,δ)-local differential privacy requires that it satisfy:
[0036]
[0037] In the formula, Pr(·) represents the probability of the event occurring. It should be noted that when δ=0, (,δ)-local differential privacy degenerates into pure ∈-local differential privacy.
[0038] This invention proposes an efficient communication privacy-enhancing federated edge learning method based on device probabilistic access. By leveraging the device probabilistic access characteristic, the system's dependence on differential privacy noise is reduced, thereby improving communication and training efficiency. Simultaneously, this system requires the collaborative cooperation of edge servers and edge devices, a process further explained below.
[0039] Step S101: The edge server uses digital communication technology to broadcast the current global model parameters for round t to all edge devices without errors.
[0040] In step S102, each edge device receives global model parameters broadcast from the edge server. And based on its own local training dataset A local gradient estimate is obtained using the mini-batch stochastic gradient descent algorithm.
[0041] Step S103: The edge server determines the access probability of each edge device based on the current system state. This invention controls the access behavior of edge devices by adjusting the participation probability. By jointly optimizing device access probability and differential privacy noise, it minimizes the overall system training time while ensuring user differential privacy requirements. The mathematical form is as follows:
[0042]
[0043]
[0044] Among them, A t The constant term related to the expected transmission time in future rounds is represented by Δs, which represents the gradient estimation function. - Sensitivity upper limit, δ represents the differential privacy threshold, and δ represents the differential privacy relaxation term. This represents the transmission time taken for edge device m to upload updated information in this round. The specific derivation process and theoretical explanation will be elaborated in detail below.
[0045] Step S104, each edge device according to the assigned access probability Random numbers are generated to determine whether an edge device participates in the training process in this round. Simultaneously, the participating edge devices upload their local gradient information to the edge server after normalization, scaling, and differential privacy noise perturbation. The processed update information can be represented as follows: Then we have:
[0046]
[0047] Among them, the normalization factor Artificial Gaussian noise is used to ensure that the updated information received by the edge server is an unbiased estimate. This is to protect device privacy and security. I represents the differential privacy variance variable. d This represents an identity matrix of size d×d.
[0048] In step S105, the edge server collects all uploaded update information and aggregates it using the expected mean to obtain the aggregated update information. Then we have:
[0049]
[0050] in, This represents the set of edge devices that actually participated in the t-th round of training. Based on the aggregated update information, the edge server updates the global model:
[0051]
[0052] Where, ηt This indicates the learning rate of federal learning.
[0053] After steps S101 to S105 of this invention, a single round of training of the federated edge learning system is completed. Since federated learning technology requires iterative iteration to improve the generalization performance of the model, the above steps need to be repeated until a global model with good performance is obtained.
[0054] The derivation of the optimization problem in step S103 of this invention is an important contribution, which will be explained in detail below from the aspects of communication model, theoretical analysis, system modeling and problem solving.
[0055] First, to determine the overall training time of the system, we need to clarify the expected transmission time for the current round and the expected transmission time for future rounds. It is worth noting that in this invention, we employ a mature digital communication technology—Time Division Multiple Access (TDMA)—and focus on addressing the system's communication bottleneck—the uplink communication process from the device to the server. Due to the power limitations of edge devices and the large amount of uplink data transmission, uplink communication time typically accounts for the majority of the system's total time.
[0056] Considering the randomness introduced by device probabilistic access, we can obtain the expected transmission time for the current round. satisfy:
[0057]
[0058] in, The current round transmission time of edge device m satisfies:
[0059]
[0060] Where b represents the number of digits of precision in the updated parameter, and d represents the dimensionality of the updated information. This represents the signal-to-noise ratio (SNR) of the transmitted signal, where B represents the uplink communication bandwidth. Specifically, the uplink signal's SNR... It can be represented as:
[0061]
[0062] Where P represents the transmission power of the edge device, and N0 represents the power spectral density of the channel's white Gaussian noise. This represents the channel coefficient between the edge device and the edge server.
[0063] Considering the uncertainties of channel states and device scheduling strategies in future rounds, we assume that device access behavior in future rounds is determined solely by channel signal strength. That is, high channel signal strength (|h m | 2 ≥gthr Edge devices participated in this round of training, among which, g thr This represents the signal strength threshold. Thus, the transmission time T for future rounds is... U satisfy:
[0064]
[0065] in, This represents the indicator function. We further adopt the commonly used channel Rayleigh fading model, assuming that the channel coefficients satisfy... β m This represents the channel strength parameter. Thus, |h m | 2 The rate parameter is satisfied as λ = 1 / β m The exponential distribution. The expected transmission time for future rounds can ultimately be written as:
[0066]
[0067] Where z represents the differential variable.
[0068] To better represent the overall training time, we also need to specify the estimated number of training rounds still required. Therefore, this invention derives the following theorem through theoretical analysis:
[0069] Theorem 1. (Convergence Analysis) If the objective function F(·) satisfies the L-smoothness and μ-strong convexity properties, and the federated edge learning system uses a reciprocal decay learning rate η... t = / (t+v), where χ>0 and v>0 represent non-negative constant terms and t represents the number of training epochs. Therefore, the federated edge learning model is expected to reach the convergence threshold ε after a certain number of training epochs.
[0070]
[0071] Among them, the constant term C, which is independent of the device access probability, t+1 satisfy
[0072]
[0073] At the same time, G t+1 This represents the maximum value of the sum of squared gradient norms for future rounds, i.e.
[0074]
[0075] To protect user data privacy, we need to quantify the combined effect of differential privacy noise and device access probability on differential privacy. Through theoretical analysis, we derive the following theorem:
[0076] Theorem 2. (Differential Privacy Enhancement) Defines a given dataset The gradient estimation function of the objective function f(w; ξ) is: And for any two datasets and The upper bound of the l2-sensitivity of the gradient estimation function satisfies:
[0077]
[0078] Therefore, in the proposed federated edge learning method based on device probability access, the access probability is p. m Edge devices can achieve (∈ m ,δ)-Local differential privacy, where the differential privacy threshold satisfies:
[0079]
[0080] Based on Theorems 1 and 2 above, this invention constructs a problem for minimizing the overall training time under the constraint of ensuring device privacy and security:
[0081]
[0082]
[0083]
[0084] Wherein, objective function That is, the total training time, ∈ thr,m This indicates a differential privacy threshold constraint.
[0085] Because the constraints of different devices are not coupled, and the overall objective function is the sum of minimizing the objective functions of the different devices, and by removing values in the objective function that are irrelevant to the optimization variables, we can equivalently simplify and obtain the following optimization problem.
[0086]
[0087]
[0088]
[0089] Among them, A t Represents a constant term that is independent of the optimization variable, satisfying:
[0090]
[0091] However, due to the non-convex differential privacy constraints The existence of makes the above problem difficult to solve directly. Therefore, this invention introduces a convex approximation method to reasonably relax the original problem. Specifically, for infinitesimals x approaching 0, we have the following equal-order infinitesimal relations:
[0092] x~(e x -1)~ln(x+1)
[0093] Therefore, the differential privacy threshold can be approximated as:
[0094]
[0095] Based on the above approximation relationship, the original problem can be transformed into...
[0096]
[0097]
[0098]
[0099] Meanwhile, since differential privacy constraints can always be expressed as equations, we ultimately replace the differential privacy variance variable with...
[0100]
[0101] And thus the final convex optimization problem is obtained.
[0102]
[0103]
[0104] Standard convex optimization tools can be used for efficient solutions.
[0105] This invention quantitatively analyzes the convergence of a privacy-enhanced federated edge learning system based on device access probability, thereby quantifying the specific impact of differential privacy noise and device access probability on the system's convergence rate. Simultaneously, this invention quantitatively analyzes the enhancement effect of device access probability on differential privacy, thereby quantifying the combined effect of artificial Gaussian noise and device access probability on differential privacy. Based on the aforementioned convergence and privacy enhancement analysis conclusions, this invention constructs a problem to minimize the overall training time under the constraint of differential privacy, and uses a convex approximation method for reasonable scaling and rapid solution.
Claims
1. An efficient communication privacy-enhancing federated edge learning method based on device probabilistic access, comprising an edge server and An edge device, characterized in that... The edge server determines the access probability of each edge device based on the current system state; Each edge device generates a random number based on its assigned access probability to determine whether it participates in the training process in this round. For edge devices that are determined to participate, the local gradient information is normalized, scaled, and perturbed by differential privacy noise before being uploaded to the edge server to obtain the processed update information. The edge server collects all uploaded update information, aggregates it to obtain aggregated update information, and uses this aggregated update information to update the global model, where: When the edge server determines the access probability of each edge device based on the current system state, it obtains the edge device by solving the optimization problem shown in the following equation. In the Wheel access probability : in, This represents a constant term related to the expected transmission time in future rounds. Indicates edge device Receive global model parameters broadcast from the edge server. And based on its own local training dataset A local gradient estimate is obtained. Represents the gradient estimation function - Sensitivity upper limit, This represents the differential privacy threshold. This represents the differential privacy relaxation term. Indicates edge device The transmission time for uploading the updated information in this round, This indicates the dimensionality of the global model parameters.
2. The efficient communication privacy-enhancing federated edge learning method based on device probabilistic access as described in claim 1, characterized in that, For edge devices In the The updated information obtained after normalization scaling and differential privacy noise perturbation is represented as follows: Then we have: in, Represents the normalization factor. This represents artificial Gaussian noise.