摘要
随着机器学习技术的广泛应用,数据安全问题时有发生,人们对数据隐私保护的需求日渐显现,这无疑降低了不同实体间共享数据的可能性,导致数据难以共享,形成“数据孤岛”。联邦学习可以有效解决“数据孤岛”问题。联邦学习本质上是一种分布式的机器学习,其最大的特点是将用户数据保存在用户本地,模型联合训练过程中不会泄露各参与方的原始数据。尽管如此,联邦学习在实际应用中仍然存在许多安全隐患,需要深入研究。对联邦学习可能受到的攻击及相应的防御措施进行系统性的梳理。首先根据联邦学习的训练环节对其可能受到的攻击和威胁进行分类,列举各个类别的攻击方法,并介绍相应攻击的攻击原理;然后针对这些攻击和威胁总结具体的防御措施,并进行原理分析,以期为初次接触这一领域的研究人员提供详实的参考;最后对该研究领域的未来工作进行展望,指出几个需要重点关注的方向,帮助提高联邦学习的安全性。
With the comprehensive application of machine learning technology,data security problems occur from time to time,and people’s demand for privacy protection is emerging,which undoubtedly reduces the possibility of data sharing between different entities,making it difficult to make full use of data and giving rise to data islands.Federated learning(FL),as an effective method to solve the problem of data islands,is essentially distributed machine learning.Its biggest characteristic is to save user data locally so that the models’joint training process won’t leak sensitive data of partners.Nevertheless,there are still many security risks in federated learning in reality,which need to be further studied.The possible attack means and corresponding defense measures were investigated in federal learning comprehensively and systematically.Firstly,the possible attacks and threats were classified according to the training stages of federal learning,common attack methods of each category were enumerated,and the attack principle of corresponding attacks was introduced.Then the specific defense measures against these attacks and threats were summarized along with the principle analysis,to provide a detailed reference for the researchers who first contact this field.Finally,the future work in this research area was highlighted,and several areas that need to be focused on were pointed out to help improve the security of federal learning.
作者
吴建汉
司世景
王健宗
肖京
WU Jianhan;SI Shijing;WANG Jianzong;XIAO Jing(Ping An Technology(Shenzhen)Co.,Ltd.,Shenzhen 518063,China;University of Science and Technology of China,Hefei 230026,China)
出处
《大数据》
2022年第5期12-32,共21页
Big Data Research
基金
广东省重点领域研发计划“新一代人工智能”重大专项(No.2021B0101400003)。
关键词
联邦学习
攻击
防御
隐私保护
机器学习
federated learning
attack
defense
privacy protection
machine learning
