摘要
联邦学习在分布式隐私保护场景中面临数据异质性与隐私泄露双重挑战。个性化联邦学习通过约束局部模型更新方向缓解数据分布差异,而差分隐私则提供严格的隐私保障。然而,现有方法在同时解决这两个问题时,未能充分考量噪声对数据非独立同分布场景下联邦学习训练过程的耦合影响,导致隐私-效用权衡不足。实验表明,差分隐私噪声会显著加剧数据异质性引发的维度坍塌问题。该问题导致特征空间的有效自由度衰减,并削弱了特征的判别性表达能力,成为模型性能下降的关键原因。为此,提出一种融合特征去相关与特征残差约束的差分隐私个性化联邦学习框架(DP-FedDRC)。该框架通过抑制特征冗余相关性并保留关键判别信息,缓解噪声和数据异质性共同导致的维度坍塌问题。在隐私保护方面,DPFedDRC在本地训练中采用DP-SGD机制实现梯度裁剪与高斯噪声注入,并基于Rényi差分隐私框架严格核算全局隐私预算。在MNIST、Fashion-MNIST和CIFAR-10数据集上的实验表明,在同等严格的隐私约束下,DP-FedDRC相比基线算法实现了更高的模型准确率,且计算开销仅增加8.3%~9.9%。
Federated learning faces dual challenges of data heterogeneity and privacy leakage in distributed privacypreserving scenarios.Personalized federated learning mitigates data distribution discrepancies by constraining local model update directions,while differential privacy provides rigorous privacy guarantees.However,when solving these two problems at the same time,the existing methods fail to fully consider the coupling effect of noise on the federated learning and training process in the data Non-IID scenario,resulting in insufficient privacy-utility tradeoffs.Experiments show that differential privacy noise significantly exacerbates the dimension collapse problem induced by data heterogeneity.This problem leads to the decay of effective degrees of freedom in the feature space and impairs discriminative feature representation,which is a key factor in model performance degradation.To ad‐dress this,a differential privacy personalized federated learning framework incorporating feature decorrelation and residual constraints(DP-FedDRC)was proposed.This framework alleviates the dimension collapse problem caused by both noise and data heterogeneity by suppressing redundant feature correlations and preserving critical discriminative information.In terms of privacy protection,DP-FedDRC implements gradient clipping and Gaussian noise injection using the DP-SGD mechanism during local training,and rigorously accounts for the global privacy budget based on the Rényi differential privacy framework.Experiments on the MNIST,Fashion-MNIST,and CIFAR-10 datasets demonstrated that under equally strict privacy constraints,DP-FedDRC achieved higher model accuracy compared to baseline algorithms,with only an 8.3%~9.9%increase in computational overhead.
作者
王民利
张宇浩
胡昌慧
Wang Minli;Zhang Yuhao;Hu Changhui(School of Cyberspace Security(School of Cryptography),Hainan University,Haikou 570228,China)
出处
《网络与信息安全学报》
2026年第1期104-116,共13页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(No.62262012)
中国国家留学基金委资助项目(No.202407560059)
海南省自然科学基金(No.124QN176)
海南省研究生创新科研课题(No.Qhyb2024-02)
海南大学科研启动基金(No.KYQD22094)。
关键词
联邦学习
差分隐私
维度坍塌
非独立同分布数据
特征去相关
federated learning
differential privacy
dimension collapse
non-IID data
feature decorrelation
