Research On The Key Technologies Of Security Protection For Federated Learning

Over the past two decades,machine learning has rapidly developed and profoundly changed human society’s production and lifestyle.At the same time,privacy-preserving computation,represented by federated learning,has rapidly developed and evolved iteratively as countries continue to strengthen data regulation and user’s awareness of privacy protection.However,recent researches on the security of federated learning have shown that it still faces various security threats in traditional machine learning.Due to the distributed architecture of federated learning,malicious attackers can launch attacks and achieve malicious targets with smaller cost and larger scope,which seriously affects the development of federated learning technology and its implementation in practical application scenarios.The security threats in federated learning can be divided into two major categories according to their malicious targets: 1.Security-type attacks that undermine the integrity and availability of the model;2.Privacy-type attacks that undermine the confidentiality of the model.This thesis conducts an in-depth study of three main security threats in federated learning: backdoor attacks,data poisoning attacks,and gradient inference attacks,and proposes corresponding protection schemes for the characteristics of each type of threat.The main work of this thesis is as follows:(1)Proposed a federated learning backdoor defense framework based on cluster analysis and neuron pruning.First,construct a federated learning backdoor attack threat model in a white-box scenario.Analyze the principle of the attack,and the characteristics of malicious model updates.Propose a federated learning backdoor defense framework that combines the characteristics of federated learning.This framework utilizes cluster analysis algorithm and neuron pruning technique to defend from the direction and size of malicious client update,respectively.It comprehensively solves the problem of high detection difficulty and strong concealment of backdoor attacks in federated learning from two dimensions.(2)Propose a federated learning data poisoning malicious detection scheme based on solving the maximum clique problem.First,construct the threat model of federated learning data poisoning attack based on label flipping.Then,study the protection ideas and drawbacks of two existing security aggregation algorithms from the perspective of Byzantine robustness of distributed systems.Analyze the attack nature and data characteristics of the poisoning attack.Design a malicious detection scheme based on solving the maximum clique problem to detect malicious clients adaptively and improve the robustness of the federated learning system.(3)Propose a federated learning privacy protection method based on homomorphic encryption algorithm.First,construct the threat model of federated learning gradient inference attack.Analyze the attack path and propose a federated learning privacy protection method based on homomorphic encryption algorithm.The method prevents attackers from obtaining gradient information,so that attackers could only obtain the encrypted gradient and global model,and cannot infer user data successfully.This method enhances the user privacy protection capability of the federated learning system.