李荣昌 刘涛 郑海斌 陈晋音 刘振广 纪守领

doi: 10.16383/j.aas.c211233
基金项目: 浙江省自然科学基金青年原创计划(LDQ23F020001), 国家自然科学基金 (62072406), 国家重点研发计划基金(2018AAA0100801), 浙江省自然科学基金 (LGF21F020006, LGF20F020016)资助

    李荣昌:浙江工业大学信息工程学院硕士研究生. 主要研究方向为联邦学习, 图神经网络和人工智能安全. E-mail: lrcgnn@163.com

    刘涛:浙江工业大学信息工程学院硕士研究生. 主要研究方向为联邦学习, 人工智能安全. E-mail: leonliu022@163.com

    郑海斌:浙江工业大学网络空间安全研究院助理研究员. 分别于2017年和2022年获得浙江工业大学学士和博士学位. 主要研究方向为深度学习, 人工智能安全和公平性算法. 本文通信作者. E-mail: haibinzheng320@gmail.com

    陈晋音:浙江工业大学信息工程学院教授. 分别于2004年和2009年获得浙江工业大学学士和博士学位. 主要研究方向为人工智能安全, 图数据挖掘和进化计算. E-mail: chenjinyin@zjut.edu.cn

    刘振广:浙江大学网络空间安全学院研究员. 主要研究方向为数据挖掘, 区块链安全. E-mail: liuzhenguang2008@gmail.com

    纪守领:浙江大学计算机科学与技术学院研究员. 分别于2013年获得佐治亚州立大学博士学位, 2015年获得佐治亚理工学院博士学位. 主要研究方向为数据驱动的安全性和隐私性, 人工智能安全性和大数据分析. E-mail: sji@zju.edu.cn

  • 中图分类号: Y

Privacy Preservation Method for Vertical Federated Learning Based on Max-min Strategy

Funds: Supported by Zhejiang Natural Science Foundation Youth Original Project (LDQ23F020001), National Natural Science Foundation of China (62072406), National Key Research anf Development Projects of China (2018AAA0100801), and Natural Science Foundation of Zhejiang Province (LGF21F020006, LGF20F020016)
More Information
    Author Bio:

    LI Rong-Chang Master student at the College of Information Engineering, Zhejiang University of Technology. His research interest covers federated learning, graph neural network, and artificial intelligence security

    LIU Tao Master student at the College of Information Engineering, Zhejiang University of Technology. His research interest covers federated learning and artificial intelligence security

    ZHENG Hai-Bin Associate professor at the Institute of Cyberspace Security, Zhejiang University of Technology. He received his bachelor and Ph.D. degrees from Zhejiang University of Technology in 2017 and 2022, respectively. His research interest covers deep learning, artificial intelligence security, and fairness algorithm. Corresponding author of this paper

    CHEN Jin-Yin Professor at the College of Information Engineering, Zhejiang University of Technology. She received her bachelor and Ph.D. degrees from Zhejiang University of Technology in 2004 and 2009, respectively. Her research interest covers artificial intelligence security, graph data mining, and evolutionary computing

    LIU Zhen-Guang Professor at the School of Cyber Science and Technology, Zhejiang University. His research interest covers data mining and blockchain security

    JI Shou-Ling Professor at the College of Computer Science and Technology, Zhejiang University. He received his Ph.D. degrees from Georgia Institute of Technology in 2013, and from Georgia State University in 2015, respectively. His research interest covers data-driven security and privacy, artificial intelligence security, and big data analysis

  • 摘要: 纵向联邦学习(Vertical federated learning, VFL)是一种新兴的分布式机器学习技术, 在保障隐私性的前提下, 利用分散在各个机构的数据实现机器学习模型的联合训练. 纵向联邦学习被广泛应用于工业互联网、金融借贷和医疗诊断等诸多领域中, 因此保证其隐私安全性具有重要意义. 首先, 针对纵向联邦学习协议中由于参与方交换的嵌入表示造成的隐私泄漏风险, 研究由协作者发起的通用的属性推断攻击. 攻击者利用辅助数据和嵌入表示训练一个攻击模型, 然后利用训练完成的攻击模型窃取参与方的隐私属性. 实验结果表明, 纵向联邦学习在训练推理阶段产生的嵌入表示容易泄漏数据隐私. 为了应对上述隐私泄漏风险, 提出一种基于最大−最小策略的纵向联邦学习隐私保护方法(Privacy preservation method for vertical federated learning based on max-min strategy, PPVFL), 其引入梯度正则组件保证训练过程主任务的预测性能, 同时引入重构组件掩藏参与方嵌入表示中包含的隐私属性信息. 最后, 在钢板缺陷诊断工业场景的实验结果表明, 相比于没有任何防御方法的VFL, 隐私保护方法将攻击推断准确度从95%下降到55%以下, 接近于随机猜测的水平, 同时主任务预测准确率仅下降2%.
