Method, device and storage medium for evaluating trust of federated learning participant based on multi-attribute ranking
By employing a multi-attribute ranking-based trust evaluation method that combines participant behavior and recommendation trust information, the problem of inaccurate trust evaluation results in federated learning is solved. This achieves accurate evaluation of participants and defense against malicious attacks, thereby improving system reliability and model accuracy.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- XIDIAN UNIV
- Filing Date
- 2025-04-28
- Publication Date
- 2026-07-07
Smart Images

Figure CN120415817B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of cyberspace security technology, specifically relating to a method, device, and storage medium for assessing trust among participants in federated learning based on multi-attribute ranking. Background Technology
[0002] Federated learning, as a distributed machine learning framework, differs significantly from traditional centralized data processing models. It trains machine learning models through collaboration within a distributed storage environment where data remains on-premises, effectively protecting data privacy. This approach not only efficiently executes the machine learning training process but also provides robust privacy protection for dispersed raw data, making it widely favored across various fields. However, federated learning also faces numerous security challenges. While it has achieved some success in protecting data privacy, its training process requires collaboration between participating parties and the aggregation server, and this collaboration cannot fully reveal the participants' true information.
[0003] Currently, there are two main methods for trust assessment in federated learning systems. The first is to train a machine learning model based on historical trust information to assess the trust of participants. However, this method requires a large amount of trust data; if the amount of trust data used to train the model is insufficient, the model's performance will be unsatisfactory. The second method involves designing a trust assessment function. However, traditional trust assessment functions typically calculate a comprehensive trust score by directly fusing direct trust and recommended trust, and then assess the credibility of participants through this comprehensive trust score. However, due to differences in federated learning tasks and evaluators' trust preferences, recommended trust can be biased. The traditional method of directly fusing direct trust and recommended trust does not consider the potential bias in recommended trust, directly fusing these two values, leading to a bias in the trust assessment results and thus inaccurate final trust scores.
[0004] Feng Jie et al. published "Reputation-Based Federated Learning for Secure Wireless Networks" (Z. Song, H. Sun, et al. Reputation-Based Federated Learning for Secure Wireless Networks[J]. IEEE Internet of Things Journal, 2022, vol. 9, no. 2, pp. 1212-1226.). In this scheme, the attack detection module first uses the test set and the local updates submitted by the participants to derive the value of the loss function. Then, it calculates the contribution based on the derived value and classifies the participant's behavior into positive and negative behaviors according to the positive or negative contribution. Finally, it updates the reputation value according to the reputation model based on the beta distribution function. Local users with higher reputation values have greater weight in the new global model. At the same time, in order to reduce the negative impact of malicious terminals, the scheme also sets a contribution threshold. Updates below the contribution threshold will be rejected from participating in global aggregation. However, since the interaction results (positive and negative) of the participants are determined only under a single trust factor to calculate the trust degree, this scheme fails to establish a detailed model that fully describes the behavior of the participants, nor does it conduct a detailed analysis of the trust factor.
[0005] Liu Zhiqiang et al. published "A dynamic incentive and reputation mechanism for energy-efficient federated learning in 6G" (Ye Zhu, Zhiqiang Liu, et al. A dynamic incentive and reputation mechanism for energy-efficient federated learning in 6G[J]. Digital Communications and Networks, 2023, Volume 9, Issue 4, Pages 817-826, ISSN 2352-8648.), proposing a dynamic incentive and reputation mechanism based on cooperative game theory and Stackelberg game theory. In this scheme, the trust factor is the contribution level, and the contribution of a participant is measured by the improvement of the accuracy of the global model through its local model update. The comprehensive reputation includes the participant's direct reputation and indirect reputation. The direct reputation reflects the participant's contribution in the current task and its contribution in historical tasks, while the indirect reputation value refers to the reputation value of the participant recommended by other aggregation servers to the aggregation server that issued the task. However, this scheme directly uses the indirect reputation value of other aggregation servers without considering the problem of inaccurate recommendation trust that may occur due to different federated learning scenarios. Summary of the Invention
[0006] To overcome the shortcomings of existing technologies in federated learning trust assessment, such as the large demand for trust data and the inaccuracy of assessment results due to the lack of consideration for recommendation trust bias, the present invention aims to provide a method, device, and storage medium for federated learning participant trust assessment based on multi-attribute ranking. This method collects participant behavior information and recommendation trust information as trust evidence through an aggregation server, calculates the comprehensive value of direct interaction and recommendation trust attributes respectively, and then ranks the trust attributes using multiple attributes to obtain the comprehensive trust ranking of the participants. This approach features more accurate assessment of participant credibility, effective defense against malicious attacks, and improved reliability of the federated learning system.
[0007] To achieve the above objectives, the technical solution adopted by the present invention is as follows:
[0008] A method for trust evaluation of participants in federated learning based on multi-attribute ranking, wherein the federated learning is conducted by an aggregation server S responsible for issuing federated learning tasks and completing model aggregation. j N participating parties u i and M recommended servers rs k The trust assessment method, which is jointly implemented, includes the following steps:
[0009] Step 1, Aggregation Server S j Publish a federated learning task and define an initial global model to distribute to each participating party u i ;
[0010] Step 2, Participating Party u i Receive the federated learning task and the initial global model, train a local model based on local data, and send the local model to Aggregation Server S j ;
[0011] Step 3, Aggregation Server S j Collect the behavioral information during the interaction with Participating Party u i and the recommended trust information sent by Recommendation Server rs k and store the behavioral information and the recommended trust information as trust evidence in the trust evidence database;
[0012] Step 4, After completing one round of learning iteration of Steps 1 to 3, Aggregation Server S j Calculate the comprehensive value of the trust attribute of Participating Party u i according to the trust evidence stored in the trust evidence database;
[0013] Step 5, Aggregation Server S j Update the trust information stored in the trust ranking database based on the comprehensive value of the trust attribute of Participating Party u i obtained in Step 4, and sort according to the comprehensive value to form a new ranking;
[0014] Step 6, Aggregation Server S j Select the top x% of Participating Party u i according to the updated trust ranking in Step 5, where x is a predefined value, 0 < x ≤ 100, and the local models uploaded in Step 2 participate in model aggregation. The aggregation method is federated averaging. After aggregation, the updated aggregated model is sent back to all Participating Party u i ; Repeat Steps 1 to 6 until the global model converges or reaches the predetermined maximum number of iterations.
[0015] A trust evaluation device for federated learning participating parties based on multi-attribute sorting, comprising:
[0016] Memory: Used to store a computer program for implementing a trust evaluation method for federated learning participating parties based on multi-attribute sorting;
[0017] Processor: Used to implement a trust evaluation method for federated learning participating parties based on multi-attribute sorting when executing the computer program.
[0018] A computer-readable storage medium storing a computer program that, when executed by a processor, implements the steps of a federated learning participant trust evaluation method based on multi-attribute ranking.
[0019] Compared with the prior art, the beneficial effects of the present invention are as follows:
[0020] 1. This invention employs a multi-attribute ranking method to calculate participant trust rankings, achieving comprehensive modeling and accurate evaluation of participant behavior, and effectively identifying malicious participants. In simulation experiments, the average trust ranking of honest participants rises rapidly and remains stable, while the trust ranking of malicious participants drops significantly in a short period of time. This provides effective decision support for the selection of participants in the federated learning system and improves the reliability of the federated learning system.
[0021] 2. This invention calculates trust values separately for dynamic and static attributes, using only static attributes to calculate recommendation trust. This reduces the impact of inaccurate recommendation trust caused by differences in federated learning tasks and data distribution, resulting in more accurate trust evaluation results. In experiments under different recommendation trust scenarios, the proposed scheme shows faster convergence speed and higher model accuracy during model aggregation.
[0022] 3. This invention employs a trust evaluation mechanism to rank participants for model aggregation, ensuring the quality of participating models. Compared to traditional random selection methods, this invention effectively avoids the participation of low-quality or malicious models, thereby accelerating the convergence speed of the global model and improving its accuracy. Experimental results show that the scheme using this invention outperforms traditional methods in both model accuracy and convergence speed, especially when facing malicious attacks, where the model's performance remains stable.
[0023] In summary, this invention has the advantages of accurately assessing the trust level of participants in federated learning, effectively resisting malicious attacks, and improving the performance and accuracy of federated learning models, and has important application value in the field of federated learning. Attached Figure Description
[0024] Figure 1 This is a structural diagram of the centralized federated learning system model of the present invention.
[0025] Figure 2 This is a flowchart of the trust assessment process for federated learning participants based on multi-attribute ranking, as described in this invention.
[0026] Figure 3 This is a graph showing the trend of average trust ranking among participants in different behavioral models of the simulation experiment of this invention.
[0027] Figure 4(a) is a comparison of the present invention and the random user selection scheme using the MNIST dataset in the simulation experiment.
[0028] Figure 4(b) is a comparison of the present invention and the random user selection scheme using the FMINST dataset in the simulation experiment.
[0029] Figure 4(c) is a comparison of the present invention and the random user selection scheme using the CIFAR dataset in the simulation experiment.
[0030] Figure 5(a) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 1 case with the MNIST dataset in the simulation experiment.
[0031] Figure 5(b) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 2 case with the MNIST dataset in the simulation experiment.
[0032] Figure 5(c) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 1 case using the FMNIST dataset in the simulation experiment.
[0033] Figure 5(d) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 2 case with the FMNIST dataset in the simulation experiment.
[0034] Figure 5(e) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 1 case with the CIFAR dataset in the simulation experiment.
[0035] Figure 5(f) shows the global model accuracy trend of federated learning using different trust evaluation schemes in the Non-IID type 2 case with the CIFAR dataset in the simulation experiment.
[0036] Figure 6(a) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 scenario 2 with the MNIST dataset in the simulation experiment.
[0037] Figure 6(b) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 2 with the MNIST dataset in the simulation experiment.
[0038] Figure 6(c) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 scenario 2 using the FMNIST dataset in the simulation experiment.
[0039] Figure 6(d) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 2 with the FMNIST dataset in the simulation experiment.
[0040] Figure 6(e) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 scenario 2 with the CIFAR dataset in the simulation experiment.
[0041] Figure 6(f) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 2 with the CIFAR dataset in the simulation experiment.
[0042] Figure 7(a) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 case 3 using the MNIST dataset in the simulation experiment.
[0043] Figure 7(b) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 3 with the MNIST dataset in the simulation experiment.
[0044] Figure 7(c) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 case 3 using the FMNIST dataset in the simulation experiment.
[0045] Figure 7(d) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 3 using the FMNIST dataset in the simulation experiment.
[0046] Figure 7(e) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 1 case 3 using the CIFAR dataset in the simulation experiment.
[0047] Figure 7(f) shows the global model accuracy trend of federated learning using different trust evaluation schemes in Non-IID type 2 scenario 3 with the CIFAR dataset in the simulation experiment. Detailed Implementation
[0048] The present invention will now be described in detail with reference to the accompanying drawings.
[0049] This invention is used in centralized, horizontally federated learning scenarios. In this embodiment, preliminary participant selection has already been completed when federated learning begins. Aggregator Server S j This invention will be used to complete the participant trust assessment in the federated learning process, and to select participant u based on the trust assessment results during global model aggregation. i Participating model aggregation. Each participant u i The data distribution may be different, and therefore the data quality will also be different.
[0050] Figure 1The main tasks of various entities in China are as follows:
[0051] (1) Task publisher: The initiator of the federated learning task, responsible for describing information such as model training budget, training task category, and computing resources. Then, based on specific user selection rules, it selects some users from the candidate set of users interested in the learning task to join the learning process and become participants. In this invention, the task publisher is the aggregation server S. j ;
[0052] (2) Participant u i In a federated learning system, each participant is responsible for training a model locally, calculating the gradients of the model parameters using their local data, and sending these gradients to the central server. After receiving the global model, participants apply it to their local data for training. However, some participants are malicious, aiming to disrupt the federated learning process by launching malicious attacks. In this system, the participants are represented by a set U = {u1, u2, ..., u...}. N}express.
[0053] (3) Aggregation Server S j The aggregation server is responsible for coordinating the entire federated learning process, issuing federated learning tasks, and aggregating models. It also performs trust assessments on the participating parties. It sends the initial global model to each participant and collects model updates from each participant after each iteration, selecting model updates to participate in model aggregation based on the trust assessment results. Then, it sends the aggregated global model back to the participants. In this system, the aggregation server honestly executes the federated learning protocol. The aggregation server in this system uses S... j express.
[0054] (4) Recommended server S j The server that provides recommendation trust information to the aggregation server responsible for this federated learning task is referred to as the recommendation server in this invention. In this system, the recommendation server is represented by the set RS = {rs1, rs2, ..., rs...} M}express.
[0055] To facilitate future explanations, we have included the relevant parameters and meanings of the trust assessment scheme proposed in this chapter in Table 1.
[0056] Table 1. Reference Table of Main Symbols
[0057]
[0058] Due to the distributed and open nature of federated learning systems, participants may execute malicious and unreliable model updates. On one hand, malicious participants may use poisoned data to train the model or maliciously modify model updates. In this scheme, malicious participants will launch poisoning attacks. A poisoning attack refers to a malicious actor intentionally injecting poisoned data points into the training dataset or modifying the training dataset to reduce the accuracy of the training data, thereby increasing the probability of misclassification and manipulation of their local model update results. On the other hand, due to data heterogeneity, participants may unintentionally generate unreliable local updates. Both intentional and unintentional behaviors reduce the quality of local data and local model updates, negatively impacting the accuracy and convergence time of the global model. Therefore, designing a reliable participant selection scheme for federated learning is crucial.
[0059] like Figure 1 As shown, the federated learning participant trust evaluation method based on multi-attribute ranking proposed in this invention consists of an aggregation server S responsible for publishing federated learning tasks and completing model aggregation. j N participating parties u i Together with M recommendation servers, they complete a specific federated learning task. In the aggregation server S... j After the federated learning task is released to the public, all participants engage in the task and collaborate to train the global federated learning model. Additionally, the recommendation server sends data to the aggregation server S. j Provide each participating party u i Recommended trust information. See also Figure 2 The specific steps of this method are as follows:
[0060] Step 1, Aggregation Server S j Issue a federated learning task and define an initial global model to distribute to all participants. i ;
[0061] The federated learning task includes a global model training budget, training task categories, and computing resources.
[0062] The process of defining the initial global model includes the following steps: First, select a basic neural network as the model structure and randomly initialize its parameters; then, select all participants u from the candidate set. i This will be incorporated into this learning process; finally, the initialized global model will be distributed to all participating parties. i .
[0063] Step 2, Participant u i Upon receiving the federated learning task and the initial global model, train a local model based on local data, and then send the local model to the aggregation server S. j ;
[0064] In all participating parties u i Received by aggregation server S j After distributing the initial global model, local data is preprocessed, including data cleaning, data transformation, and data integration, and then each participant... i A local model is obtained by training an initial global model using local data; during the training process, each participant... i Based on the principles and model structure of the selected algorithm, the model parameters are continuously adjusted to minimize the loss function. Finally, the local model is sent to the aggregation server S. j .
[0065] Step 3, Aggregation Server S j Collect participants u i The behavioral information during the interaction with it, as well as the recommendation trust information sent by the recommendation server, are stored as trust evidence in the trust evidence database.
[0066] Aggregator Server S j According to the participating party u i The interaction behavior is monitored, and interaction information is collected after each round of interaction. The current interaction information CI is recorded. i The formal representation is shown in formula (1):
[0067]
[0068] In formula (1), Indicated by participant u i The behavioral information generated during the r-th iteration includes: participant u at the r-th iteration. i Model quality In round r, participant u i abnormality In round r, participant u i stability and the participants in the previous round of r i Average model exchange time Because participants with high-quality local models enable faster convergence of both local and global loss functions, participants with low anomalies and high stability are less likely to be untrustworthy. Furthermore, powerful devices can reduce local model training time, and a high-quality communication environment can reduce model upload time, thereby improving the efficiency of federated learning and increasing the aggregation server's trust in the participant. Therefore, this invention utilizes model quality... Anomaly stability Exchange time with average model These factors serve as evaluation criteria for trust among stakeholders. They are all assessed through the aggregation server S. jIt was detected.
[0069] Among these, due to data heterogeneity and the different objectives of federated learning tasks, the same participants u i The performance of model quality mq and model exchange time met can vary significantly in different federated learning methods. Therefore, model quality mq and model exchange time met are referred to as dynamic attributes sattr. The anomaly degree ab and stability sta are relatively less affected, therefore the anomaly degree ab and stability sta are referred to as static attributes oattr. For ease of representation, attr is used to represent the trust attribute.
[0070] Participant u i Participating aggregation server S j Trust information generated from historically published federated learning tasks is stored in the historical trust information queue HI. i In the historical trust information queue HI i The form is shown in formula (2), where hI l For historical trust information queue HI i The l-th historical interaction information stored in hI l By participating party u i The interaction time t of this historical behavior and the trust attribute information collected from this historical behavior interaction. It consists of three parts, trust attribute information. It stores information about the trust attributes required for trust assessment. The format is shown in formula (3); a maximum of Q historical interaction information entries are stored; the trust attribute value attr collected in the current interaction information and the trust attribute value hI collected in the historical interaction information are combined. l These are collectively referred to as trust attribute values collected through direct interaction.
[0071]
[0072] Aggregator Server S j Recommended server rs k Released regarding participating party u i The recommended trust information is stored in the recommended trust information queue RI i Central, RI i The form is shown in formula (4), where rI i Recommendation Trust Information Queue RI i The i-th recommendation trust interaction information stored in rI i The recommender server identifies rs k Recommended trust attribute information Recommendation information sent at time tri h, the number of interactions between the recommendation server and the evaluated user ik It consists of four parts. Since dynamic attributes in recommendation trust are not considered, the recommendation trust information... It only contains the values of the anomaly degree ab and the stability sta in the static attribute oattr, and its form is shown in formula (5). In this formula, the static attribute oattr is a definition that contains multiple variables such as the anomaly degree ab and the stability sta.
[0073] The above regarding the participating party u i Current interaction information CI i Historical interaction information HI l And recommended trust information RI i Formation of participants u i Trust evidence Its formal representation is shown in formula (6), where h ij Indicates the participation of party u i and aggregation server S j The number of historical interactions, i.e., the number of participants u stored in the trust database. i and aggregation server S j The amount of historical interaction information, h ij ≤Q;
[0074]
[0075] Step 4: After completing one round of learning iterations from Steps 1 to 3, the aggregation server S... j Based on the trust evidence stored in the trust evidence database, calculate the participation of party u. i The overall value of trust attributes;
[0076] The basic framework for trust assessment of federated learning participants based on multi-attribute ranking described in the invention is as follows: Figure 2 As shown, the scheme consists of three parts: calculation of the comprehensive value of trust attributes based on direct interaction, calculation of the comprehensive value of recommended trust attributes, and calculation of the comprehensive trust ranking: (1) Comprehensive value of trust attributes based on direct interaction The calculation of the comprehensive trust attribute value based on direct interaction is based on data from participant u. i On aggregation server S j Behavioral information generated from direct interaction includes current action records and historical action records. The current action record is the participant u stored in the trust evidence database. i The current interaction information CI, and the historical behavior records of the participants u are stored in the trust evidence database. i The historical trust information queue HI, the comprehensive value of trust attributes directly interacting with each trust attribute. his_attr, a comprehensive value of historical trust attributes generated from historical behavior records. i,m Combined value of current trust attributes generated from current behavior records Calculated; (2) Recommended trust attribute comprehensive value re_attr i,m Calculation. For recommendation trust information, only the static attribute oattr is considered. For each static attribute oattr, the comprehensive value of recommendation trust attributes re_attr is calculated. i,m By all recommended servers S j Uploaded recommendation and trust information The value of this attribute is used for weighted calculation. The recommendation trust information is stored in the participant's recommendation trust information queue RI in the trust evidence database, including recommendation attribute information. Recommended trust time and recommended server rs k With participants u i Number of interactions h ik (3) Calculate the trust ranking using the comprehensive value of trust attributes. For the dynamic attribute 'sattr', use the comprehensive value of the corresponding direct interaction trust attributes. As the composite value of this dynamic attribute, for the static attribute oattr, it is obtained by combining the composite value of the trust attribute from direct interaction. And the recommended trust attribute comprehensive value re_attr i,m Obtain the static attribute composite value sy_oattr i,m Finally, the trust attribute composite value sy_oattr is used. i,m For participant u i Trust ranking is calculated by sorting multiple attributes, and local models uploaded by the corresponding participants are selected to participate in model aggregation based on the trust assessment results.
[0077] Step 4.1, calculate the comprehensive value of trust attributes for direct interaction. For the participating party u i Model quality in round r This invention uses the missing one method for judgment, which measures the influence of the local model on the aggregation of the global model. The specific calculation method is shown in formula (7), where Acc(·) is the model accuracy calculation function. In round r, all participants u are aggregated through federal average. i The global model obtained from the local model In round r, the aggregation excludes participant u. i All other participants u i The global model obtained from the uploaded local model;
[0078]
[0079] For the participating party ui Anomaly degree in round r A calculation method combining historical gradient information uploaded by each participant was designed using the concepts of short-term and long-term historical update averages. Aggregation server S j Save participant u i Each round of model updates uploaded is processed by the computational participant u. i When the anomaly level is reached in round t, the aggregation server S... j First, calculate the participant u. i Short-term historical average DSHG i and long-term historical average DLHG i Short-term historical average DSHG i Indicates the participation of party u i The average value of model updates uploaded in the most recent B round, and the long-term historical average DLHG. i Indicates the participation of party u i The average of all uploaded model updates, DSHG i and DLHG i The specific calculation method is shown in formulas (8) and (9); Aggregation server S j By calculating the participant u i Short-term historical average DSHG i Median DSHG of the short-term historical update average of all participants med cosine distance and the participating party u i Long-term historical average DLHG i Median DLHG of the long-term historical update average of all participants med Euclidean distance is used to calculate the distance between the participants u. i The anomaly degree ab is calculated as shown in formulas (10)-(12), where ab_f i It is a participant u i This helps in identifying the anomalies of label-flipping attacks, ab_t i The degree of anomaly helps the participants detect targeted attacks. cos(·) is the cosine distance calculation function, euc(·) is the Euclidean distance calculation function, b represents the last b rounds, and r is the current round. It is a participant u i The model update uploaded in the k-th round;
[0080]
[0081] ab_f i =1-cos(DSHG) med DSHG i (11)
[0082] ab_t i =euc(DLHG med DLHG i )+euc(DSHG med DSHG i (12)
[0083] For the participating party u i Stability in the r-th round The abnormality degree ab in the first r-1 rounds is calculated. The specific calculation method is shown in formula (13). In the formula, avg is the weighted average of the abnormality degree ab in the first r-1 rounds. The calculation method is shown in formula (14). λ is the decay parameter.
[0084]
[0085] In the r-th iteration, the aggregation server S j For participating party u i The m-th trust attribute attr i,m Comprehensive value of trust attributes in direct interaction The calculation method is shown in formula (15), where μ cur The overall trust attribute value of the current interaction. The weight, μ h his_attr is the comprehensive value of trust attributes for historical interactions. i,m The weights are calculated using formulas (16) and (17).
[0086]
[0087] μ cur =1-μ h (17)
[0088]
[0089] θ ij θ represents the familiarity between the evaluator and the evaluated. ij The calculation method is shown in formula (18), θ ij The larger the value, the more familiar the two are, and the greater their reference value; at im This represents the average time interval between the occurrence of historical interactions and the current time. A smaller average time interval indicates that most historical interactions occurred more recently, making it more valuable for reference. im The calculation method is shown in formula (19), where Δt v Let l represent the time interval between historical interactions and the current interaction, l represent the total number of historical interactions, and δ and Used to control θ ij and μh The speed tends to 1;
[0090] After the r-th iteration, participant u i The m-th trust attribute attr i,m The overall trust attribute value of the current interaction The calculation method is shown in formula (20), which is obtained by collecting data from the participants u during the r-th iteration. i The m-th trust attribute attr i,m value and the comprehensive value calculated in round r-1 Calculations show that when r = 1, α represents the newly collected trust attribute. The weights are calculated for each trust attribute individually; this comprehensive value represents the aggregated value after r rounds of interaction by server S. j For the participating party u i Overall performance in terms of this trust attribute;
[0091]
[0092] Participant u i The m-th trust attribute attr i,m His_attr, a comprehensive value of historical trust attributes i,m The calculation method is shown in formula (21). For the trust attribute values generated by historical interactions, a comprehensive value his_attr is calculated for each specific trust attribute. i,m The composite value his_attr i,m This indicates that on aggregation server S j With participating party u i In the historical interactions, the participating party u i Overall performance in terms of this trust attribute; among which, The m-th attribute attr collected during the l-th historical interaction m The combined value; Δt l β is the interval between the time of the l-th interaction and the current time; β is an adjustment factor used to control the rate at which the weight of the trust attribute collected from historical interactions tends to 0 as the time interval increases.
[0093]
[0094] Step 4.2, calculate the comprehensive value of the recommended trust attributes, re_attr i,m As shown in formula (22), based on the recommendation server rs k With participating party u i historical interaction count h ikThe distance p between the recommended trust attribute and the average recommended trust attribute k Based on all recommendations in the recommendation trust information list, a weight is assigned to each recommendation; if the recommendation server rs k A recommendation server with a high number of historical interactions with participants, and whose recommended attributes are closer to the average of the recommended attributes, is considered a good recommendation server. k The provided trust attributes will be given higher weight; where h ik The recommended server is rs k The number of historical interactions with the person being evaluated, p k The recommended server is rs k The distance between the recommended trust attribute and the average value of the trust attributes recommended by all recommenders is calculated as shown in formula (23); where The recommended server is rs k The given recommended attribute values are used to calculate the comprehensive recommended trust attribute value re_attr only for the static attribute oattr. i,m ;
[0095]
[0096] Step 4.3, based on the comprehensive trust attribute value of direct interaction calculated in Step 4.1. And the comprehensive value of recommended trust attributes, re_attr, calculated in step 4.2 i,m Calculate participant u i Trust attribute composite value sy_oattr i,m :
[0097] First, calculate the comprehensive value of stable trust attributes, sy_oattr. i,m The comprehensive value of each stable trust attribute is the weighted sum of the comprehensive value of the direct trust attribute and the comprehensive value of the recommended trust attribute, calculated as shown in formula (24). The weight ε is calculated as shown in formula (25), where H j It is all the recommended aggregation servers and participants u i The more interactions a character has, the greater the proportion of the recommended attribute composite value when calculating the attribute composite value.
[0098]
[0099] Ultimately, the participants u i The combined value of each trust attribute, sy_oattr i,m And combine the combined value of the same trust attribute of all participants, sy_oattr i,mThis is represented by a set; based on this comprehensive value, the participants are sorted by multiple attributes to obtain the trust ranking of the participants, and the participants ranked higher have a higher trust level.
[0100] Step 5, Aggregation Server S j Based on the participant u obtained in step 4 i The comprehensive value of the trust attributes updates the trust information stored in the trust ranking database, and sorts them according to the comprehensive value to form a new ranking;
[0101] Updating the trust information in the trust ranking database specifically involves: before the sorting begins, the aggregation server S... j Assign priorities to trust attributes based on your own trust preferences, and then aggregate the server S. j First, compare the participants u i The overall value sy_oattr for the highest priority trust attribute. i,m The comprehensive value of the trust attribute sy_oattr i,m High-level participants u i The order of the trust attribute's comprehensive value sy_oattr i,m Low-level participants u i Previously, the comprehensive value of the trust attribute was sy_oattr i,m If they are the same, compare the combined value sy_oattr of the next priority trust attribute. i,m This continues until the order of all participants is completely determined;
[0102] If multi-attribute sorting is performed directly, the first attribute compared has a near-decisive impact on the ranking, which contradicts the purpose of calculating a trust ranking. A higher ranking after multi-attribute sorting indicates a better overall profile and thus greater trustworthiness. Therefore, the concept of generalization is introduced here, which sets a range for the overall value of each attribute, called the generalization range. When comparing rankings, if two participants u... i The combined value of the trust attribute of the same attribute, sy_oattr i,m If they are in the same range, then the two participants u i If the two participants behave the same on this attribute, then the comparison continues to the next attribute. i If all attributes are within the same range, then the specific sizes of the attributes are compared sequentially. For different attributes, their generalization range needs to be dynamically calculated, and recalculated before each round of sorting. The generalization range dis of each attribute is generated based on the generalization range generation algorithm of the comprehensive value of the trust attribute. attr Then, the trust ranking of the participants is determined by multi-attribute sorting; the trust attribute comprehensive value generalization range generation algorithm uses the k-means algorithm to divide the trust attribute set into several clusters, and the elements in the set are the participants u. iThe comprehensive value of the trust attribute sy_oattr on this trust attribute i,m The average value of each cluster range is used as the generalization range for each attribute.
[0103] The algorithm for generating the generalization range of the comprehensive value of the trust attribute is referred to in Algorithm 1, and specifically includes the following steps:
[0104] Lines 1-2 of the code perform initialization, randomly selecting K initial centroids {u1,u2,...,u} from the trust attribute set D. k}, and set the maximum number of iterations M, while simultaneously processing all clusters C1 to C K Initialize to an empty set;
[0105] Lines 3 through 13 calculate sample x i To each centroid u j The squared Euclidean distance d ij And according to the squared Euclidean distance d ij For each sample x i Assign to the nearest cluster C j middle;
[0106] Lines 14-18 are based on the re-partitioned cluster C. j Recalculate C for each cluster j center of mass u j Based on the intra-cluster sample x i The centroid position is updated based on the average value of the trust attribute;
[0107] Lines 19-21 calculate cluster C after each updated centroid position. j range r j That is, cluster C j Inner sample x i The difference between the maximum and minimum values is used to measure the distribution range of the cluster;
[0108] Lines 22-23 calculate all clusters C. j range r j The average value is used to obtain the generalization range dis. attr and return the generalized range dis attr This serves as the dynamic generalization scope of the trust attribute.
[0109]
[0110]
[0111] Step 6, Aggregation Server S j Based on the updated trust ranking from step 5, select the top x% of participants. i, where x is a predefined value, 0 < x ≤ 100. In this embodiment, the top 10% are selected. The local models uploaded in step 2 participate in model aggregation, and the aggregation method is federated averaging. After aggregation, the updated aggregated model is sent back to all participating parties u i ; Repeat steps 1 to 6 until the global model converges or reaches the predetermined maximum number of iterations.
[0112] Aggregation server S j According to the updated trust ranking in step 5, screen the participating parties u participating in model aggregation i , and select the top 10% of the participating parties u according to a pre-set ratio i , and the setting of this ratio is obtained through multiple rounds of experiments and theoretical analysis, aiming to balance the diversity and reliability of the models. If the selected ratio is too low, it may lead to too few models participating in the aggregation, unable to fully utilize the diversity of data from all parties and affecting the generalization ability of the model; if the selected ratio is too high, it may introduce too many untrusted participating party models and reduce the quality of the aggregated model.
[0113] Selected participating parties u i After that, the aggregation server S j Collect the local models uploaded by these participating parties u i in step 2. These local models are those of the participating parties u i trained based on their own local data, reflecting the characteristics and distributions of their respective data. After collection, the aggregation server S j Performs model aggregation in the manner of federated averaging. Federated averaging is a commonly used model aggregation method in federated learning. It generates a new global model by performing a weighted average on the parameters of the local models participating in the aggregation (in simple cases, equal-weight averaging can be used).
[0114] A device for evaluating the trust of federated learning participating parties based on multi-attribute ranking, including:
[0115] Memory: Used to store a computer program for implementing a method for evaluating the trust of federated learning participating parties based on multi-attribute ranking;
[0116] Processor: Used to implement a method for evaluating the trust of federated learning participating parties based on multi-attribute ranking when executing the computer program.
[0117] The present invention also provides a computer-readable storage medium. The computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, it implements the steps of a method for evaluating the trust of federated learning participating parties based on multi-attribute ranking.
[0118] Simulation experiment
[0119] Experimental setup
[0120] To verify the effectiveness of the proposed solution, a federated learning simulation environment was built using the PyCharm platform. The proposed trust evaluation scheme was used to analyze the trust ranking trends of participants with different behavioral patterns, verifying that the scheme can effectively identify malicious participants. Then, the proposed trust evaluation scheme was compared with a scheme that aggregates using a random selection model to confirm its ability to resist malicious user attacks. Finally, the impact of recommended trust on the trust evaluation results was examined using examples, and the proposed trust evaluation scheme was compared with existing trust evaluation methods under different recommended trust scenarios. The experimental environment is shown in Table 2. The relevant simulation parameters and values during the experiment are shown in Table 3.
[0121] Table 2 Experimental Environment
[0122] operating system Windows 10 CPU Intel Core i5-10400 Memory 16.00GB (RAM) Programming environment Python 3.8.8, Anaconda 4.10.1
[0123] Table 3 Experimental parameter settings
[0124] parameter Value describe M 10 Number of aggregated servers N 100 Number of participants λ 0.01 Attenuation parameter δ 10 <![CDATA[θ ij Regulatory factors φ 20 <![CDATA[μ h Regulatory factors Q 30 Maximum number of historical interaction information stored α 0.8 Current trust attribute update weight β 0.6 Weighting factor for trust attributes collected through historical interactions
[0125] The system deploys 10 aggregation servers and 100 participants. Aggregation server S1, which publishes the federated learning task, completes model aggregation and participant trust assessment. The remaining 9 aggregation servers act as recommendation servers, providing S1 with recommended trust information about the participants. In each round of aggregation, the aggregation servers select the model participants corresponding to the top 10% of participants in trust ranking for aggregation, using a federated average method. Table 4 summarizes five different behavioral patterns that participants in the federated learning system may exhibit. To track the changing trends in trust rankings of federated learning participants with different behavioral patterns during multiple interactions with the aggregation servers, this invention assumes that all participants participate in each learning process regardless of their malicious intent.
[0126] Table 4. Behavioral Patterns of Participants in the Trust Assessment Scheme Based on Multi-Attribute Ranking
[0127] behavioral patterns describe Mode 1 Honest participants, always maintaining good behavior Mode 2 Malicious participants maintain their malicious behavior throughout. Mode 3 Malicious participants provide a malicious update once every round. Mode 4 Malicious participants will first provide 5 rounds of normal updates, then 2 rounds of malicious updates, alternating between the two. Mode 5 Malicious actors will first provide two rounds of normal updates, then five rounds of malicious updates, alternating between the two.
[0128] The performance of this scheme was evaluated using the MNIST, Fashion-MNIST, and CIFAR-10 datasets.
[0129] MNIST: MNIST is a dataset of handwritten digit images. It is a classic dataset in the field of machine learning, consisting of 60,000 training samples and 10,000 test samples. Each sample is a 28*28 pixel grayscale image of a handwritten digit, and each image represents one of the digits from 0 to 9.
[0130] Fashion-MNIST: Fashion-MNIST is an image dataset that replaces the MNIST handwritten digit set. It contains front-facing images of 70,000 different items from 10 categories. The size, format, and training / test set split of Fashion-MNIST are exactly the same as the original MNIST. It uses a 60,000 / 10,000 training / test data split and 28x28 grayscale images.
[0131] CIFAR-10: This dataset contains 60,000 color images, each 32x32 pixels, divided into 10 classes with 6,000 images per class. 50,000 images are used for training, forming five training batches of 10,000 images each; the remaining 10,000 images are used for testing, forming a separate batch. The test batches consist of 1,000 images randomly selected from each of the 10 classes. The remaining images are then randomly arranged to form the training batches.
[0132] Custom convolutional neural network (CNN) models were used on all three datasets. Custom model architectures are simple, train quickly, and are suitable for small datasets. However, different CNN models were used for different datasets. All CNN model architectures consist of convolutional layers and fully connected layers. Specifically, the convolutional layers of the CNN models trained on MNIST and Fashion-MNIST each consisted of two convolutional operations and two pooling operations, while the convolutional layers of the CNN model trained on CIFAR10 each consisted of six convolutional operations and three pooling operations.
[0133] The experiment used two different non-independent identically distributed (IID) configurations, with the specific Non-IID settings as follows:
[0134] (1) Non-IID type 1: Divide the data into several slices, each slice contains 100 data points, and each participant will randomly have at least 1 slice and at most 30 slices of data, thus realizing the Non-IID setting from the perspective of data volume.
[0135] (2) Non-IID type 2: The data is classified according to the label. Data with the same label belong to the same category. There are a total of m categories of data. Each participant has m / 2 of the categories of data. The amount of data is the same. Non-IID setting is implemented from the data distribution level.
[0136] Experimental Results and Analysis
[0137] First, the experiment tracked the changing trend of the average trust ranking of participants with five different behavioral patterns during 30 iterations of federated learning. In the experiment, the number of participants with behavioral pattern one was 60, and the number of participants with the other behavioral patterns was 10 each. The participant data distribution was Non-IID type 1. The experiment used the trust evaluation results obtained from a complete federated learning process with the same settings as the participants' recommended trust. Figure 3 The experimental results on the MNIST dataset show that honest participants with Pattern 1 can quickly rise to around 30th place in average trust ranking after just a few iterations. This is because honest participants have high comprehensive values for each trust attribute, causing their average trust ranking to increase to a certain level in a short time during trust ranking and then remain unchanged. In contrast, malicious participants with other behaviors (Patterns 2 to 5) all see their trust rankings drop to around 75 in a short period. Therefore, the proposed scheme enables the aggregation server to accurately identify malicious participants. More specifically, malicious participants with Patterns 2 to 5 also exhibit different trends depending on their behavioral patterns. Participants with Pattern 2 have a low trust ranking due to consistently performing malicious behavior and can be identified after one iteration of federated learning. For participants who alternate between good and malicious behavior (Patterns 3, 4, and 5), their trust ranking fluctuates significantly at the beginning but ultimately remains at a low level. In particular, Mode 4 initially exhibits several rounds of positive behavior during the federated learning process, causing its average behavioral ranking to rise. However, subsequent malicious behavior causes its average trust ranking to plummet. Therefore, the trustworthiness of participants with different behavioral patterns can be accurately assessed, providing effective decision support for selecting participants in the federated learning system and thus improving the system's reliability.
[0138] To verify that the participant selection based on the trust evaluation results proposed in this invention can effectively exclude malicious participants and obtain a high-quality global model, the model accuracy and convergence speed of the global model selected based on the trust evaluation results of the proposed scheme were compared with those of the global model using the traditional random participant selection scheme. Figure 4(a) shows the experimental results on the MNIST dataset with 100 participants and the data distribution in the first NON-IID setting. In the absence of malicious users, the proposed scheme outperforms the traditional random selection method in both model accuracy and convergence speed. This means that the proposed scheme can effectively select honest participants, thereby improving the overall performance of the federated learning system. Next, 30% of malicious participants (mal = 0.3, all participants' behavior patterns are pattern two) were introduced into the system to simulate a scenario where the federated learning system faces malicious attacks. Experimental results show that when malicious users exist in the system, the traditional random participant selection method inevitably selects the models of malicious users for aggregation, leading to a decrease in the accuracy of the global model and failure to converge. In contrast, the proposed scheme does not show significant changes in the accuracy and convergence speed of the global model when facing malicious users in the system, indicating that the proposed scheme can effectively identify malicious users, and its ability to identify malicious users and its trust assessment method are effective. Furthermore, the proposed method was applied to the Fashion-MNIST and CIFAR-10 datasets, and the experimental results are shown in Figures 4(b) and 4(c). The experimental results are similar to those on the MNIST dataset.
[0139] Since the trust evaluation result of the proposed trust evaluation scheme is a trust ranking, it is difficult to directly compare the accuracy of trust evaluation with existing trust evaluation schemes. Therefore, to verify that the proposed scheme can avoid the inaccuracy of recommended trust caused by different federated learning tasks and data distributions, and obtain more accurate trust evaluation results, it is necessary to select more trustworthy participants in the model aggregation stage and ultimately obtain a more accurate global model. To make the experimental results more obvious, the trust evaluation result in a federated learning task is used as the recommended trust, and different behavior patterns are set for participants in the current federated learning task and the federated learning task that generates the recommended trust (specifically, participants whose behavior pattern is mode one in the current federated learning task are randomly set to mode two to mode five in the federated learning task that generates the recommended trust, and vice versa). Under the condition that different proportions of participant recommended trust come from different scenarios, the global model accuracy and convergence speed of federated learning using the proposed scheme and existing trust evaluation schemes for participant trust evaluation are compared. The specific settings of different recommended trust generation scenarios are shown in Tables 5 and 6, and the specific settings of different scenarios are shown in Table 7.
[0140] Table 5 Different scenarios for generating trust through recommendations
[0141] Scene describe Scene 1 The dataset and data distribution of the participants used in the recommended trust-based federated learning are the same as those in the current federated learning. Scene 2 The datasets and data distributions of the participants used in the recommended trust-based federated learning differ from those in current federated learning.
[0142] Table 6 Specific settings for Scenario 2
[0143]
[0144]
[0145] Table 7. Setting up Trust Sources for Participants
[0146] situation describe Scenario 1 All recommendations and trust from all participants originate from Scenario 1. Scenario 2 20% of the participants' trust in recommendations came from Scenario 2, while the remaining participants' trust in recommendations came from Scenario 1. Scenario 3 50% of the participants' trust in recommendations came from Scenario 2, while the remaining participants' trust in recommendations came from Scenario 1.
[0147] This experiment compares and analyzes the present invention with the beta-based trust assessment model described in the literature "Reputation-Based Federated Learning for Secure Wireless Network" and the model quality-based trust assessment model (mqt) in the literature "A Dynamic Incentive and Reputation Mechanism for Energy-Efficient Federated Learning in 6G" under three scenarios in Table 7, using three datasets (MNIST, Fashion-MNIST, and CIFAR) and two non-independent and identically distributed settings. The experiment is set with 100 participants, including 60 good participants in behavior mode one and 10 participants in each of the other four behavior modes. In each iteration, the aggregation server selects the local models corresponding to the 10 participants with the highest trust ranking based on the trust assessment results for aggregation, using a federated average method. The experimental results are as follows: Figures 5(a) to 5(f) , Figures 6(a) to 6(f) and Figures 7(a) to 7(f) As shown. Figures 5(a) to 5(f) The experimental results are for scenario one. It can be seen that, in terms of both model accuracy and convergence speed, the proposed scheme is not significantly different from the two comparative schemes.
[0148] Figures 6(a) to 6(f)The figures show the experimental results under different datasets and data distributions for Scenario 2. As we can see from the figures, unlike the case where all recommendation trusts come from Scenario 1, when 20% of the participants' recommendation trusts come from Scenario 2, the two comparative schemes do not show significant changes in final model accuracy, but their convergence speed decreases significantly. The proposed scheme, however, does not show a significant change in convergence speed. This is clearly because the recommendation trusts generated in Scenario 2 are inaccurate, leading to better trust assessment results for some malicious participants in the early rounds of trust evaluation. These malicious participants are then selected for global model aggregation, resulting in a decrease in model convergence speed. Figures 5(a) to 5(f) and Figures 6(a) to 6(f) The experimental results, also on the MNIST dataset with all participants' data distribution types being Non-IID type 1, show that in Figure 5(a), the global model accuracy of both comparative schemes reaches 0.8 (80%) in the 3rd and 4th rounds. However, in Figure 6(a), the global model accuracy of both comparative schemes only reaches 0.8 in approximately the 7th round of training. This indicates that when 20% of the participants' recommendation trust comes from scenario 2, the convergence speed of the comparative schemes decreases significantly. The proposed scheme, however, achieves a global model accuracy of 0.8 in both cases with no significant change in convergence speed. Comparing Figures 5(b) and 6(b), also on the MNIST dataset with all participants' data distribution types being Non-IID type 2, the two comparative schemes show different changes. The MQT scheme shows little change compared to the experimental results on the MNIST dataset with participants' data distribution type being Non-IID type 1, although the model convergence speed decreases slightly. The beta solution differs. As shown in Figure 6(b), its global model accuracy still reaches 0.8 in the first 10 rounds, but the experimental results clearly show a significant decrease in its global model convergence speed. Comparing Figures 5(c) and 6(c), the convergence speeds of both the beta and MQT solutions have decreased. However, similar to the MNIST dataset, the beta solution is more affected in the FMNIST dataset, with a significant decrease in its convergence speed, while the MQT solution, although also declining, remains relatively stable. Figures 5(d) and 6(d) also exhibit this trend. Under the influence of scenario two, the convergence speed of the beta solution has decreased significantly compared to Figure 5(d), while the MQT solution maintains a relatively stable trend, only with a certain degree of slowdown in convergence speed. Similar patterns can be observed in the comparison of Figures 5(e) and 6(e), and Figures 5(f) and 6(f) for the CIFAR dataset. The beta solution... Figures 6(a) to 6(f)In the MNIST dataset, the convergence speed decreases significantly. Although the model accuracy can still be maintained at a certain level in some cases, the slowdown in convergence speed has a significant impact on the overall training efficiency. In contrast, the MQT scheme shows relatively small changes in model convergence speed under different scenarios, similar to its performance on the MNIST dataset, with only a slight decline as the data distribution changes.
[0149] Figures 7(a) to 7(f) The results are as follows: The proposed scheme in Scenario 3 and two comparative schemes were tested on three datasets and two data distributions. First, two sets of experiments were conducted on the MNIST dataset. Comparing Figures 6(a) and 7(a), it can be seen that, due to the use of the entire dataset, the final global model accuracy of the two comparative schemes did not change significantly, but the global model convergence speed further slowed down. In Figure 6(a), although the convergence speed of the two comparative schemes decreased, both converged roughly within the first 10 iterations. However, as shown in Figure 7(a), both converged around the 13th iteration. Comparing Figures 6(b) and 7(b), although the global model accuracy of the MQT scheme no longer fluctuated, its convergence speed showed a significant slowdown compared to before. Next, we examine the experiments conducted on the FMNIST dataset. Figures 7(c) and 7(d) show that, unlike the previous experiments where global model accuracy and convergence speed remained relatively stable, when the number of participants in scenario 2 who generated the recommendation trust increased to 50%, the convergence speed of both comparative schemes on the FMNIST dataset experienced a significant drop in global model accuracy. Compared to the proposed scheme, its convergence speed was approximately 10 rounds slower. Continuing with the experiments on the CIFAR dataset, Figures 6(e) and 7(e) show that the comparative schemes also experienced a decline in convergence speed, and the final model accuracy of the beta scheme also showed a significant decrease, exceeding 10%. Figure 7(f) shows that on the CIFAR dataset, when the participant data distribution is Non-IID type 2, the global model accuracy of both comparative schemes dropped significantly; one scheme failed to converge altogether, while the proposed scheme remained unaffected. This is clearly due to the existence of participants in the system who recommend inaccurate trust, resulting in inaccurate trust assessment results. Consequently, a malicious model uploaded by a malicious participant was selected during the model aggregation stage, ultimately causing the global model to be excessively affected by the malicious model and resulting in global model divergence.
[0150] Simulation experiments demonstrate that the trust evaluation scheme proposed in this invention effectively avoids the inaccuracy of recommended trust caused by differences in federated learning tasks and data distributions, thus obtaining more accurate trust evaluation results. Federated learning based on this evaluation result converges faster and achieves higher model accuracy compared to the comparison scheme.
Claims
1. A method for trust evaluation of participants in federated learning based on multi-attribute ranking, wherein the federated learning is conducted by an aggregation server responsible for issuing federated learning tasks and completing model aggregation. , Each participating party and Recommended servers Completed jointly, characterized by, The trust assessment method includes the following steps: Step 1, Aggregation Server Issue a federated learning task and define an initial global model to distribute to all participants. ; Step 2, Participants Upon receiving the federated learning task and the initial global model, train a local model based on local data and then send the local model to the aggregation server. ; Step 3, Aggregation Server Collect participants Behavioral information during interaction with it, and recommendation server The system receives recommendation trust information and stores the behavioral information and recommendation trust information as trust evidence in a trust evidence database. Step 4: After completing one round of learning iterations in steps 1-3, the aggregation server... Based on the trust evidence stored in the trust evidence database, calculate the participants'... The comprehensive trust attribute value is determined through the following steps: Step 4.1, calculate the comprehensive value of trust attributes for direct interaction. For the participating parties In the Wheel model quality The specific calculation method is shown in formula (7), where, This is a function for calculating model accuracy. For the first The round-robin process aggregates all participants through a federal average. The global model obtained from the local model For the first Round-of-round aggregation excluding participants All other participants The global model obtained from the uploaded local model; For the participating parties In the wheel anomaly Aggregator server Save Participants Each round of model updates uploaded is processed by the computing participants. No. When the round's abnormality is detected, the aggregation server... First, calculate the participants. Short-term historical update average and long-term historical update average Short-term historical update average Indicates the participating parties recent The average of model updates uploaded in each round, and the long-term historical average. Indicates the participating parties The average of all uploaded model updates. and The specific calculation methods are shown in formulas (8) and (9); aggregation server By calculating the participants Short-term historical update average Median of the short-term historical update average of all participants cosine distance and participating parties Long-term historical update average Median of the long-term historical update average of all participants Euclidean distance is used to calculate the participants abnormality The specific calculation method is shown in formulas (10)-(12), where, Participants It helps to detect the anomalies of label-flipping attacks. It is the participation of parties that helps detect anomalies in targeted attacks. It is the cosine distance calculation function. It is the Euclidean distance calculation function. Indicates near wheel, For the current round, Participants In the Model updates uploaded in rounds; For the participating parties In the Wheel stability , through the front Anomaly in the wheel The calculation is performed as shown in formula (13), where, For the front Anomaly in the wheel The weighted average is calculated as shown in formula (14). It is the attenuation parameter; In the During round iteration, the aggregation server For the participating parties The Trust attributes Comprehensive value of trust attributes in direct interaction The calculation method is shown in formula (15), where, The overall trust attribute value of the current interaction. The weight, The comprehensive value of trust attributes based on historical interactions The weights are calculated using formulas (16) and (17). This indicates the familiarity between the evaluator and the evaluated. The calculation method is shown in formula (18). The larger the value, the more familiar the two are, and the greater their reference value. This represents the average time interval between the occurrence of historical interactions and the current time. The smaller the average time interval, the more recent the occurrence of most historical interactions, and thus the more valuable the data. The calculation method is shown in formula (19), where, The time interval between historical interactions and the current interaction. This represents the total number of historical interactions. and Used for control and The speed tends to 1; No. After the round of iterations is completed, the participating parties The m-th trust attribute The overall trust attribute value of the current interaction The calculation method is shown in formula (20), by the first Participants collected during rounds of iteration The m-th trust attribute value And in the The comprehensive value calculated in the round Calculations show that when hour, , For newly collected trust attributes The weights are calculated for each trust attribute; a composite value is calculated separately for each trust attribute, and this value represents the weights after... After round of interaction, the aggregation server For the participating parties Overall performance in terms of this trust attribute; Participants The m-th trust attribute Historical Trust Attribute Composite Value The calculation method is shown in formula (21). For the trust attribute values generated by historical interactions, a comprehensive value is calculated for each specific trust attribute. This comprehensive value Indicates on the aggregation server With participating parties In the historical interactions, the participating parties Overall performance in terms of this trust attribute; among which, For the first The first historical interaction collected Attributes The overall value; For the first The interval between the time of the next interaction and the current time; As a modulating factor, it controls the rate at which the weight of the trust attribute collected from historical interactions tends to 0 as the time interval increases; Step 4.2, calculate the comprehensive value of the recommended trust attributes. As shown in formula (22), according to the recommendation server With participating parties Number of historical interactions The distance between the recommended trust attribute and the average value of the recommended trust attribute Based on all recommendations in the recommendation trust information list, a weight is assigned to each recommendation; if the recommendation server A recommendation server with a high number of historical interactions with participants, and whose recommended attributes are closer to the average of the recommended attributes, is considered a good recommendation server. The provided trust attributes will be given higher weight; where, Indicates the recommendation server The number of historical interactions with the person being evaluated. Indicates the recommendation server The distance between the recommended trust attribute and the average value of the trust attributes recommended by all recommenders is calculated as shown in formula (23); where Indicates the recommendation server The recommended attribute values given are only for static attributes. Calculate the comprehensive value of recommendation trust attributes ; Step 4.3, based on the comprehensive trust attribute value of direct interaction calculated in Step 4.
1. And the comprehensive value of the recommended trust attributes calculated in step 4.2 Calculate the participants Comprehensive value of trust attributes : First, calculate the comprehensive value of stable trust attributes. The comprehensive value of each stable trust attribute is the weighted sum of the comprehensive value of the direct trust attribute and the comprehensive value of the recommended trust attribute, calculated as shown in formula (24), with weights... The calculation method is shown in formula (25), where, It includes all recommendation aggregation servers and participants. The more interactions a character has, the greater the proportion of the recommended attribute composite value when calculating the overall attribute value. Ultimately, the participants The combined value of each trust attribute and the combined value of the same trust attributes of all participants. Represented by a set; Step 5, Aggregation Server Based on the participants obtained in step 4 The comprehensive value of the trust attributes updates the trust information stored in the trust ranking database, and sorts them according to the comprehensive value to form a new ranking; Step 6, Aggregation Server Based on the updated trust ranking from step 5, select the top-ranked... Participants , For predefined values, The local model uploaded in step 2 participates in model aggregation, which uses federated averaging. After aggregation, the aggregated model update is sent back to all participants. Repeat steps 1 to 6 until the global model converges or the predetermined maximum number of iterations is reached.
2. The method according to claim 1, characterized in that, The federated learning task includes a global model training budget, training task categories, and computing resources. The process of defining the initial global model includes the following steps: First, select a basic neural network as the model structure and randomly initialize its parameters; then, select all participants in the candidate set... This will be incorporated into the learning process; finally, the initialized global model will be distributed to all participants. .
3. The method according to claim 1, characterized in that, Step 2 specifically includes: All participating parties A local model is obtained by training an initial global model using local data; during the training process, each participant... Based on the principles and model structure of the selected algorithm, the model parameters are continuously adjusted to minimize the loss function, and finally the local model is sent to the aggregation server. .
4. The method according to claim 1, characterized in that, Step 3 specifically includes: Aggregator server According to the participating parties The interaction behavior collects interaction information after each round of interaction, including the current interaction information. The formal representation is shown in formula (1): In formula (1), Indicates that by the participating parties In the The behavioral information generated during each iteration includes: the first... Participants in the rotation Model quality , No. Participants in the rotation abnormality , No. Participants in the rotation stability , and before Round of participants Average model exchange time ; Among them, model quality Exchange time with model Called dynamic attribute , , anomaly and stability Called static property , ,use Indicates trust attribute, ; Participants Participating in aggregation servers Trust information generated from historically published federated learning tasks is stored in a historical trust information queue. In the middle, historical trust information queue The form is shown in formula (2), where, Historical Trust Information Queue The first stored in the middle 100 historical interaction messages By the participating parties Interaction time of this historical behavior Trust attribute information collected through interaction with this historical behavior It consists of three parts, trust attribute information. It stores information about the trust attributes required for trust assessment. The form is shown in formula (3); historical interaction information is stored at most Item; Collect trust attribute values from the current interaction information. And trust attribute values collected from historical interactions. Collectively referred to as trust attribute values collected through direct interaction; Aggregator server Recommended server Released information about the participating parties The recommended trust information is stored in the recommended trust information queue. middle, The form is shown in formula (4), where, For recommending trust information queues The first stored in the middle Recommended trust interaction information, Identified by the recommendation server Recommended trust attribute information Recommendation information sending time and Recommendation Server Number of interactions with the person being evaluated It consists of four parts, recommending trust information. It contains only static properties Anomaly in and stability The value of is given by formula (5), where the static attribute is . It is a definition that includes anomaly degree. and stability ; The above regarding the participating parties Current interaction information Historical interaction information and recommended trust information Forming Participants Trust evidence Its formal representation is shown in formula (6), where, Indicates the participating parties and aggregation server The number of historical interactions, ; 5. The method according to claim 1, characterized in that, Step 5, which involves updating the trust information in the trust ranking database, specifically involves the aggregation server... Assign priorities to trust attributes based on your own trust preferences, and then aggregate the servers. First, compare the participants Overall value on the highest priority trust attribute The overall value of trust attributes High participation The ranking is based on the comprehensive value of the trust attribute. Low-level participants Previously, the overall value of trust attributes If they are the same, compare the combined value of the trust attribute of the next lower priority. This continues until the order of all participants is completely determined; When performing sorting comparisons, if two parties The combined value of the trust attribute of the same attribute If they are in the same range, then these two participants If the two participants perform the same on this attribute, then the comparison continues to the next attribute. If all attributes are within the same range, then the specific magnitudes of the attributes are compared sequentially. For different attributes, their generalization ranges need to be dynamically calculated, and recalculated before each round of sorting. The generalization range of each attribute is generated based on the generalization range generation algorithm of the comprehensive value of the trust attribute. Then, the trust ranking of the participants is determined by sorting through multiple attributes; The algorithm for generating the generalization range of the comprehensive trust attribute value uses the k-means algorithm to divide the trust attribute set into several clusters, where the elements in the clusters represent the participants. The overall value of the trust attribute on this trust attribute The average value of each cluster range is used as the generalization range for each attribute.
6. The method according to claim 5, characterized in that, The algorithm for generating the generalization range of the comprehensive value of the trust attribute specifically includes the following steps: Perform initialization from the trust attribute set. Random selection An initial centroid And set the maximum number of iterations. At the same time, all clusters arrive Initialize to an empty set; Calculate samples To each centroid square Euclidean distance And according to the square of the Euclidean distance Each sample Assign to the nearest cluster middle; Based on the re-divided clusters Recalculate each cluster center of mass Based on intra-cluster samples The centroid position is updated based on the average value of the trust attribute; Calculate the cluster after each updated centroid position scope cluster Internal Samples The difference between the maximum and minimum values is used to measure the distribution range of the cluster; Calculate all clusters scope The average value is used to obtain the generalization range. and return the generalization range. This serves as the dynamic generalization scope of the trust attribute.
7. The method according to claim 1, characterized in that, Step 6, the model aggregation, specifically includes: Aggregator server Participants in the model aggregation are selected based on the updated trust ranking from step 5. According to a pre-set ratio, the top-ranked... Participants ; Selecting Participants Then, the aggregation server Collect these participants The local models uploaded in step 2 are collected and then aggregated by the server. The model is aggregated using a federated averaging method to generate a new global model.
8. A trust assessment device for federated learning participants based on multi-attribute ranking, characterized in that, include: Memory: for storing a computer program that implements a federated learning participant trust evaluation method based on multi-attribute ranking as described in any one of claims 1 to 7; Processor: Used to implement, when executing the computer program, a method for assessing trust among participants in federated learning based on multi-attribute ranking as described in any one of claims 1 to 7.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the steps of the federated learning participant trust assessment method based on multi-attribute ranking as described in any one of claims 1 to 7.