Privacy-Preserving and Byzantine-Robust Federated Learning

Dong, C; Weng, J; Li, M; Liu, JN; Liu, Z; Cheng, Y; Yu, S

Privacy-Preserving and Byzantine-Robust Federated Learning

Dong, C Weng, J Li, M Liu, JN Liu, Z Cheng, Y Yu, S

Permalink

Publisher:: IEEE COMPUTER SOC
Publication Type:: Journal Article
Citation:: IEEE Transactions on Dependable and Secure Computing, 2024, 21, (2), pp. 889-904
Issue Date:: 2024

Closed Access

	Filename	Description	Size
	1636429.pdf	Published version	4.74 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Dong, C
dc.contributor.author	Weng, J
dc.contributor.author	Li, M
dc.contributor.author	Liu, JN
dc.contributor.author	Liu, Z
dc.contributor.author	Cheng, Y
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date.accessioned	2024-08-21T05:22:16Z
dc.date.available	2024-08-21T05:22:16Z
dc.date.issued	2024
dc.identifier.citation	IEEE Transactions on Dependable and Secure Computing, 2024, 21, (2), pp. 889-904
dc.identifier.issn	1545-5971
dc.identifier.issn	1941-0018
dc.identifier.uri	http://hdl.handle.net/10453/180464
dc.description.abstract	Federated learning (FL) trains a model over multiple datasets by collecting the local models rather than raw data, which can help facilitate distributed data analysis in many real-world applications. Since the model parameters can leak information about the training datasets, it is necessary to preserve the privacy of the FL participants' local models. Furthermore, FL is vulnerable to poisoning attacks which can significantly decrease the model utility. To settle the above issues, we propose a privacy-preserving and Byzantine-robust FL scheme <inline-formula><tex-math notation="LaTeX">$\Pi _{\rm{P2Brofl}}$</tex-math></inline-formula> that maintains robustness in the presence of poisoning attacks and preserves the privacy of local models simultaneously. Specifically, <inline-formula><tex-math notation="LaTeX">$\Pi _{\rm{P2Brofl}}$</tex-math></inline-formula> leverages three-party computation (3PC) to securely achieve a Byzantine-robust aggregation method. To improve the efficiency of privacy-preserving local model selection and aggregation, we propose a maliciously secure top-<inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> protocol <inline-formula><tex-math notation="LaTeX">$\Pi _{\rm{top}-k}$</tex-math></inline-formula> that has low communication overhead. Moreover, we present an efficient maliciously secure shuffling protocol <inline-formula><tex-math notation="LaTeX">$\Pi _{\rm{shuffle}}$</tex-math></inline-formula> since secure shuffling is necessary for our secure top-<inline-formula><tex-math notation="LaTeX">$k$</tex-math></inline-formula> protocol. The security proof of the scheme is given and experiments on real-world datasets are conducted in this paper. When the proportion of Byzantine participants is 50%, the error rate of the model only increases by 1.05% while it increases by 23.78% without using our protection.
dc.language	English
dc.publisher	IEEE COMPUTER SOC
dc.relation.ispartof	IEEE Transactions on Dependable and Secure Computing
dc.relation.isbasedon	10.1109/TDSC.2023.3264697
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0803 Computer Software, 0804 Data Format, 0805 Distributed Computing
dc.subject.classification	Strategic, Defence & Security Studies
dc.subject.classification	4604 Cybersecurity and privacy
dc.subject.classification	4606 Distributed computing and systems software
dc.title	Privacy-Preserving and Byzantine-Robust Federated Learning
dc.type	Journal Article
utslib.citation.volume	21
utslib.for	0803 Computer Software
utslib.for	0804 Data Format
utslib.for	0805 Distributed Computing
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
pubs.organisational-group	University of Technology Sydney/All Manual Groups
pubs.organisational-group	University of Technology Sydney/All Manual Groups/Centre for Cyber Security and Privacy (CCSP)
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2024-08-21T05:22:12Z
pubs.issue	2
pubs.publication-status	Published
pubs.volume	21
utslib.citation.issue	2

Abstract:

Federated learning (FL) trains a model over multiple datasets by collecting the local models rather than raw data, which can help facilitate distributed data analysis in many real-world applications. Since the model parameters can leak information about the training datasets, it is necessary to preserve the privacy of the FL participants' local models. Furthermore, FL is vulnerable to poisoning attacks which can significantly decrease the model utility. To settle the above issues, we propose a privacy-preserving and Byzantine-robust FL scheme

$\Pi _{\rm{P2Brofl}}$

that maintains robustness in the presence of poisoning attacks and preserves the privacy of local models simultaneously. Specifically,

$\Pi _{\rm{P2Brofl}}$

leverages three-party computation (3PC) to securely achieve a Byzantine-robust aggregation method. To improve the efficiency of privacy-preserving local model selection and aggregation, we propose a maliciously secure top-

$k$

protocol

$\Pi _{\rm{top}-k}$

that has low communication overhead. Moreover, we present an efficient maliciously secure shuffling protocol

$\Pi _{\rm{shuffle}}$

since secure shuffling is necessary for our secure top-

$k$

protocol. The security proof of the scheme is given and experiments on real-world datasets are conducted in this paper. When the proportion of Byzantine participants is 50%, the error rate of the model only increases by 1.05% while it increases by 23.78% without using our protection.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/180464