通信学报2024,Vol.45Issue(z1) :1-11.DOI:10.11959/j.issn.1000-436x.2024209

抗拜占庭攻击的梯度净化联邦自适应学习算法

Gradient purification federated adaptive learning algorithm for Byzantine attack resistance

杨辉 邱子游 李中美 朱建勇
通信学报2024,Vol.45Issue(z1) :1-11.DOI:10.11959/j.issn.1000-436x.2024209
  • 国家科技期刊平台
  • NETL
  • NSTL
  • 万方数据

抗拜占庭攻击的梯度净化联邦自适应学习算法

Gradient purification federated adaptive learning algorithm for Byzantine attack resistance

杨辉 1邱子游 1李中美 2朱建勇1
扫码查看

作者信息

  • 1. 华东交通大学电气与自动化工程学院,江西 南昌 330013
  • 2. 华东理工大学信息科学与工程学院,上海 200237
  • 折叠

摘要

在工业大数据之下,数据安全和隐私保护是关键挑战之一.传统的数据共享和模型训练方法在应对数据泄露和恶意攻击(尤其是复杂的拜占庭攻击和投毒攻击)时效果有限,因为传统联邦学习通常假定所有参与方都是可信的,这使得模型在遭遇投毒攻击时性能显著下降.为解决这个问题,本文提出一种抗拜占庭攻击的梯度净化联邦自适应学习算法,通过滑动窗口梯度过滤器和符号聚类过滤器识别恶意梯度,滑动窗口方法检测异常梯度,而符号聚类则根据梯度方向一致性筛选出偏离的对抗性梯度,经过过滤后,使用基于权重的自适应聚合规则对剩余的可信梯度进行加权聚合,动态调整参与方梯度的权重,降低恶意梯度的影响,从而增强模型的鲁棒性.实验结果显示,尽管新型投毒攻击的强度更高,但所提算法能有效防御这些攻击且减轻模型性能的损失.相比于传统防御算法,所提算法不仅提高了模型的准确性,还提升了其安全性.

Abstract

In the context of industrial big data,data security and privacy are key challenges.Traditional data-sharing and model-training methods struggle against risks like Byzantine and poisoning attacks,as federated learning typically as-sumes all participants are trustworthy,leading to performance drops under attacks.To address this,a Byzantine-resilient gradient purification federated adaptive learning algorithm was proposed.The malicious gradients were identified through a sliding window gradient filter and a sign-based clustering filter.The sliding window method detected anomalous gradi-ents,while the sign-based clustering filter selected adversarial gradients based on the consistency of gradient directions.After filtering,a weight-based adaptive aggregation rule was applied to perform weighted aggregation on the remaining trustworthy gradients,dynamically adjusting the weights of participant gradients to reduce the impact of malicious gradi-ents,thereby enhancing the model's robustness.Experimental results show that despite the increased intensity of new poi-soning attacks,the proposed algorithm effectively defends against these attacks while minimizing the loss in model perfor-mance.Compared to traditional defense algorithms,it not only improves model accuracy but also enhances its security.

关键词

联邦学习/拜占庭攻击/投毒攻击/模型鲁棒性/工业大数据

Key words

federated learning/Byzantine attack/poisoning attack/model robustness/industrial big data

引用本文复制引用

出版年

2024
通信学报
中国通信学会

通信学报

CSTPCDCSCD北大核心
影响因子:1.265
ISSN:1000-436X
段落导航相关论文