Safeguard the Original Data in Federated Learning via Data Decomposition
- Publisher:
- IEEE
- Publication Type:
- Conference Proceeding
- Citation:
- 2021 IEEE Global Communications Conference, GLOBECOM 2021 - Proceedings, 2022, 00
- Issue Date:
- 2022-01-01
Closed Access
| Filename | Description | Size | |||
|---|---|---|---|---|---|
| Safeguard_the_Original_Data_in_Federated_Learning_via_Data_Decomposition.pdf | Published version | 2.38 MB |
Copyright Clearance Process
- Recently Added
- In Progress
- Closed Access
This item is closed access and not available.
In federated learning, more and more studies have discovered that attackers can recover the original data from the shared gradients of participants. However, existing defense models struggle to balance the privacy of participants and the effectiveness of federated learning in the face of cutting-edge attack models. Therefore, we propose a powerful defense model to protect the original data while ensuring the effect of classification. First, we get two featured datasets from original data based on Sparse Dictionary Learning (DL) or QR decomposition. In these two featured datasets, we select one dataset to replace the original data for federated training named co-trained data, and the other one is kept on the local client named left data. At this point, the adversary in federated learning can only obtain co-trained data, which cannot recover the original data due to the lack of left data. Following the completion of the federated learning, the participant requests a parameter from the server. Using this parameter, we can combine the aggregated global model over co-trained data with the offline-trained local model of an arbitrary participant to develop the final classification results. Some theories and a lot of experiments demonstrate the classification effectiveness of our model. It also can be a general solution to the original data leakage problems caused by gradient leakage.
Please use this identifier to cite or link to this item: